New Ransomware Variant Spread Through Free RaaS Offering
As if things couldn’t get worse, hackers have now acquired a free ransomware variant to distribute however they may like. The latest variant deemed Saturn, is being offered as a Ransomware as a Service (Raas), free of charge. This means, hackers are provided the malicious code. From there hackers generate a file for the malicious code, and find a way to distribute it. They could insert the coding in any file they so choose, meaning it could be a .pdf, .jpeg, .doc, or any other file type. The exact methods of distribution are unknown; however, it would not be surprising if the Saturn buyers chose to utilize phishing attacks to spread the ransomware.
Once the victim executes the malicious file, the variant determines if the file was opened on a virtual machine. If so, it exists the process. If not, an executable is triggered to begin the encryption of data. Once a file is encrypted, it is renamed to include the term “Saturn”. The current ransom demand is $300 which doubles after seven days. For each ransom paid, the attacker gets 70% and the Saturn creator gets 30%.
Saturn ransomware is already public, and is being offered freely on the dark web.
PC Matic customers, as long as you’re running SuperShield, PC Matic’s whitelist technology, you will not become infected by this ransomware variant. The executable that triggers the encryption will be blocked, as it is not a trusted file.