Skip to main content

Satan ransomware-as-a-service makes it easy to hold data hostage

ransomware wannacry exploit attacking pc security padlock
Maksim Kabakou/
Malware is bad enough when it’s the result of individuals or even groups that are engaging one-off attacks. Ransomware, for example, can be particularly devastating, going beyond merely taking over systems to use as botnets and simply stealing personal information to encrypting your vital data and holding it hostage for exorbitant ransoms.

What’s even worse, however, is the growing problem of ransomware-as-a-service (RaaS) platforms, which basically let anyone subscribe to the ability to engage in cyberattacks without needing to come up with their own code. Now, researchers have discovered that the Satan ransomware “solution” is now included in its own RaaS offering, as ZDNet reports.

Satan is ransomware that encrypts a victim’s files using RSA-2048 and AES-246 cryptography, which is virtually impossible to decrypt. Therefore, victims are forced to pay the ransom to gain access to the keys needed to recover their data, by going to a Dark Web payment page using a Tor browser and handing over the required amount in Bitcoin currency.

Security research Xylitol first identified Satan as available via RaaS, and anyone who wants to use it for their own cyberattacks can create an account with the Satan domain located in the Dark Web and submit their bitcoin payment. They connect their bitcoin wallet to that account, set a decryption price, and download the malware executables.

It’s all very business as usual, apparently, with the Satan RaaS system going as far as to offer record-keeping functionality like fee payment records and transaction tracking. Satan RaaS customers even have access to customer-relationship management (CRM) features like the ability to attach notes to victim records, and technical support in the way training and instructions.

Satan RaaS customers agree to pay its developers up to 30 percent of the “revenues” generated from ransom payments. According to the Satan sign-up page, “Now, the most important part: the bitcoin paid by the victim will be credited to your account. We will keep a 30 percent fee of the income, so, if you specified a 1 BTC ransom, you will get 0.7 BTC and we will get 0.3 BTC. The fee will become lower depending on the number of infections and payments you have.”

Ransomware currently cost victims an estimated $1 billion in damages in 2016. With RaaS systems like this making it as easy to engage in ransomware campaigns as it is to send mass email messages, we imagine that those damages will be significantly higher in the years to come.

Editors' Recommendations