Much has been talked about Ransomware As a Service in our previous blog-posts and today we look into SATAN, a new Ransomware as a service which is hosted on the DarkWeb.
The site provides wannabe criminals an interface to create the ransomware. According to creators of SATAN, for every ransom paid by the victim, 30% will be deducted by the creators of SATAN and 70% will be given back. They even offer to lower their commission when the rate of infection and payments is higher.
Once you login after creating the account you will be provided with the various options to create the Ransomware, ie. The Ransom, Multiplier Amount and Days, which effectively means after the specified days have elapsed the ransom would increase.
The Dashboard also shows the number of infections, how many victims have paid, the address of the BTC wallet where the 70% would be transferred et al.
Moreover, it also provides a notification about not uploading the created Ransomware to Virustotal or to various other online scanners. However, this was not what the creators had expected. At the time of writing, almost all of the Antiviruses have created the signatures and have started detecting the binaries as malicious.
eScan’s scan engine detects this as Gen:Trojan.Heur.FU.lqZ@a8i5xyi, however, since the inception of PBAE(Proactive Behavioural Analysis Engine), we have always verified the success of our detection algorithm and this time too, we have defeated SATAN.
SATAN, when it infects the computer system, will encrypt the files and will add “STN” as the extension. The list of file extensions attacked by SATAN hasn’t changed from the other Ransomware and is actively targeting, MS Office Files, Images, PDFs etc.
eScan’s PBAE has protected its users from yet another Ransomware.