According to a recent article on Naked Security, not at all hard. While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.
Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400. And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system automatically. The package includes:
- A command and control server (CNC or C2) to communicate with victims and manage operations, including statistical analysis and payments from victims.
- Samples of ransomware phishing emails, and the ability to create and customize these emails.
- This kit comes with a number of additional features and capabilities.
- Mapping victims’ locations on Google Maps
- A “give mercy” feature in case you need to undo an attack for some reason
- The ability to customize the extortion notice
- A feature called Russian roulette, that deletes some files after a certain time frame to motivate victims into making quicker payment.
If you want all the details, click over to Naked Security for the full story.
To protect yourself from this and similar exploits, we recommend:
- Don’t open unexpected attachment without confirming the attachment with the sender, or forwarding the email and attachment to VirusTotal for analysis.
- Don’t enable macros for document attachments or document links in emails. Macros are disable by default for security purposes, and enabling macros can open the door to malicious software installation.
- Backup your documents and store a copy off-site, so if your documents are encrypted by ransomware, you can restore from your backup.
- Install Microsoft and other software updates to close security holes as they are discovered. Both the recent WannaCry and Petya/Non-Petya exploits can be prevented by a Windows update released last March.
- Use Sophos Intercept X, a security applications specifically designed to recognize and neutralize ransomware attacks. This is a product we recommend to our clients.