The dark web has become the go-to place for wannabe cybercriminals, especially those with little-to-no skills, to find exploits and malicious codes that allow them to launch attacks at specific targets. There are now numerous MaaS (malware-as-a-service), RaaS (ransomware-as-a-service) and DDoS-as-a-service options available in various underground marketplaces, which allow budding cybercriminals to purchase malware, ransomware and DDoS codes. Researchers have uncovered a new dark web deal offered by a new RaaS, which allows would-be hackers to get ransomware for free.
The new RaaS, known as Dot ransomware, operates on a commission-based strategy, offering cybercriminals ransomware for free, by splitting the profits 50/50 from all successful attacks. According to security researchers, the dark web-based RaaS' new scheme is believed to have kicked off on 19 February and its website operated via Tor.
Commenting on Dot ransomware's commission-based deal, Fortinet researchers said: "This is an easy, no pressure gateway for aspiring affiliates since nothing is invested in obtaining the ransomware." They added: "Recent updates to the site show that this RaaS variant has continued to receive support and refinements from the author in order to improve the product."
The Fortinet researchers noted that RaaS requires interested parties to first register using a Bitcoin address, after which the service allows users to log in and download the malware builder and the core component. Dot ransomware has also created a statistics page "for affiliates to track the number and status of infections". The service also offers a setup guide which includes recommendations on prices for specific countries and a list of 380 suggested file target extensions.
Most notably, however, Dot ransomware has been designed to ensure that any payments made by infected victims go straight to the author and not to the user.
The researchers said: "The simplistic and straight-forward design of Dot ransomware enables just about anyone to conduct cybercrime. With all the support for bug fixes and developments, it's astonishing to think that these malware services have evolved using traditional business models. Moreover, it allows cyber criminals to easily start a RaaS business with the free additional safety of an online anonymity framework from Tor service and Bitcoin.
"Although we haven't seen this ransomware in the wild, with the advertisements being made accessible on hacking forums it's only a matter of time until people start taking the bait."