The ransomware epidemic continues to rage on, encrypting files of private and enterprise users alike. Ransomware has become a global problem. According to the FBI, the accumulated revenue in the first three months of 2016 was over $209 million.

One  ransomware strain in particular has been making a pretty penny by opening its doors to unskilled hackers. Researchers from Check Point claim to have found the largest ransomware-as-a-service (RaaS) ring to date. The operation generates an estimated $2.5 million annually and targets computer users with a new variant of the notorious Cerber ransomware.

The ransomware-as-a-service business model is a relatively new phenomenon in the cyber underground. The model allows individuals with very little technical know-how to buy readymade ransomware kits for use against targets of their choice.

Ransomware authors, according to researchers, keep 40 percent of the profits paying out 60 percent to affiliates who find them fresh new targets.
The ransomware service model has significantly lowered the barriers to entry for aspiring cybercriminals

In total, only about 0.3 percent of victims agree to pay for the return of their files. But that’s enough for the ransomware author to take in nearly one million dollars on an annual basis from the affiliate scheme alone, making Cerber one of the most profitable RaaS services around.

According to Check Point, The overall profit made by these Cerber RaaS campaigns in July 2016 was over $195,000. The developer of the malware received approximately $78,000 and the remainder was split between the affiliates, based on the amount of successful infections and ransom payments each campaign achieved.

The report also notes that Cerber is likely a Russia-based service, given the fact that most of the RaaS advertisements that researchers found were written in Russian. They noted that Infections commonly come through email attachments or by visiting a malicious website.

For instance, Check Point found that one cyber criminal was spreading Cerber by sending legitimate-looking job applications through email. To protect themselves, users should be careful when opening suspicious emails or internet links.

For more information on how to protect your organisation against ransomware please contact our security experts today.