New RaaS, Cryptolocker Service, Announced

A new Ransomware as a Service, or RaaS, called the Cryptolocker Service is getting ready to launch that would allow any would-be criminal to enter the ransomware game.  This new RaaS, first seen by Steve Ragan, is being created by a development group called the Fakben Team and allows an affiliate to buy into the program for $50 USD.  Once an affiliate pays the signup fee, they will supposedly be given access to the ransomware executable, which is then their responsibility to distribute as they see fit.  An affiliate also has the ability to configure a custom ransom amount.  The Fakben Team will then take 10% of the total ransom as a commission for the affiliate using their service and send the rest to the affiliate’s configured bitcoin address.

When a visitor goes to the Cryptolocker Service site they will be presented with an about page that contains information about the RaaS offering and how users can signup to use it. The content of this page explains how the service works, what the affiliate’s responsibilities will be, and how much it costs to be part of the program. An interesting portion of text highlights how these malware developers look at what they are doing.about-screen

We will keep on working in the settings of the cryptolocker, improving methods for undetection to AV. We will give all the support that costumers need through Jabber service. Is not our interest who will be infected or which kind of methods you will do, is important for you to use brain and intelligence in order to spread it. Thanks for your attention.

― FAKBEN Team

One of the common questions we receive from victims is how could someone do something like this to them. The reality is that these developers look at it as a business, do not care that they are breaking the law, and for the most part have absolutely no regard for the problems they are causing their victim.

The full text of the about page can be seen in the screenshot below, which can be clicked on to see the full size.

(Source: http://www.bleepingcomputer.com/news/security/cryptowall-4-0-released-with-new-features-such-as-encrypted-file-names/)