Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Shifr RaaS lets create a simple ransomware with just 3 steps

Over the weekend, security experts discovered a new Ransomware-as-a-Service dubbed Shifr RaaS that allows creating a ransomware compiling 3 form fields. Ransomware represents a profitable business for crooks, it is normal that the offer of Ransomware-as-a-Service (RaaS) will continue its success in the cyber criminal ecosystem. Over the weekend, several security experts discovered a new Ransomware-as-a-Service website […]

Shifr RaaS

Over the weekend, security experts discovered a new Ransomware-as-a-Service dubbed Shifr RaaS that allows creating a ransomware compiling 3 form fields.

Ransomware represents a profitable business for crooks, it is normal that the offer of Ransomware-as-a-Service (RaaS) will continue its success in the cyber criminal ecosystem.

Over the weekend, several security experts discovered a new Ransomware-as-a-Service website that allows wannabe cyber criminals to create their own ransomware just by filling in three form fields.

The website was hosted on the Dark Web and customers can pay their ransomware in Bitcoin.

Shifr RaaS

This is probably one of the easiest-to-use RaaS websites, the ransomware was dubbed Shifr due to the extension it appends to the encrypted files and is written in Go.

“We’ve called it Shifr based on the extension it adds to encrypted files, but G Data security researcher Karsten Hahn has told Bleeping Computer that an initial analysis of this new threat reveals clues that Shifr might be related to Trojan.Encoder.6491, the first ever ransomware written in Go, discovered last year by Dr.Web security researchers.” states a blog post published by BleepingComputer.

The process for the creation of the Shifr ransomware is simple, wannabe criminals have to provide the size of the ransom demanded by the malware, a Bitcoin address to handle victims’ payments and then they have to solve a CAPTCHA challenge and press a button.

“While other RaaS portals will ask for an entry fee or verify their clients to ensure only skilled crooks (and not security researchers) get their hands on ransomware samples, this service offers a fully weaponized sample in a few easy steps.” states Catalin Cimpanu from BleepingComputer.

After the deployment of the service, users started submitting Shifr samples to VirusTotal and many antivirus makers are currently detecting them as a threat.

Differently, from other RaaS services, operators behind Shifr maintain for them just 10% of the fee, it nothing is we consider that operators behind the Cerber RaaS keep for them 60% share.

We cannot exclude in this phase that the Shifr RaaS is a scam and that operators will not pay distributors their cuts.

The unique certainly is that the ransomware is not sophisticated and lack of many features, a circumstance that suggests it could be a work in progress project.

The researchers, for example, noticed that the crooks used the same servers to host the payment portal and the RaaS service, it isn’t a good practice.

It is quite easy to predict the rapid diffusion of RaaS services in the next month.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Shifr RaaS, ransomware)

[adrotate banner=”13″]