How Hard Is It To Become A Cyber-Criminal?

According to a recent article on Naked Security, not at all hard.  While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.

Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400.  And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system automatically.  The package includes:

  • A command and control server (CNC or C2) to communicate with victims and manage operations, including statistical analysis and payments from victims.
  • Samples of ransomware phishing emails, and the ability to create and customize these emails.
  • This kit comes with a number of additional features and capabilities.
    • Mapping victims’ locations on Google Maps
    • A “give mercy” feature in case you need to undo an attack for some reason
    • The ability to customize the extortion notice
    • A feature called Russian roulette, that deletes some files after a certain time frame to motivate victims into making quicker payment.

If you want all the details, click over to Naked Security for the full story.

To protect yourself from this and similar exploits, we recommend:

  • Don’t open unexpected attachment without confirming the attachment with the sender, or forwarding the email and attachment to VirusTotal for analysis.
  • Don’t enable macros for document attachments or document links in emails. Macros are disable by default for security purposes, and enabling macros can open the door to malicious software installation.
  • Backup your documents and store a copy off-site, so if your documents are encrypted by ransomware, you can restore from your backup.
  • Install Microsoft and other software updates to close security holes as they are discovered.  Both the recent WannaCry and Petya/Non-Petya exploits can be prevented by a Windows update released last March.
  • Use Sophos Intercept X, a security applications specifically designed to recognize and neutralize ransomware attacks.  This is a product we recommend to our clients.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.