RaaS (Ransomware as a Service) Alert!!
MAJOR TECHNOLOGY SECURITY NEWS…
Take a few minutes to read the information below… The Hacker community continues to grow and threaten businesses and personal data. The takeaway from this is NEVER EVER click a link in an email you are not 100% certain it is legit… NEVER EVER open an attachment that you are not 100% certain is safe and you need to be very cautious browsing the web. Ransomware is real and already has caused a lot of issues for businesses around the country… It is a very costly problem that can cause significant downtime and loss of revenue.
The following is an article written by Garrett Gross (Sr. Manager, Solutions Architecture) featured on the AlienVault Blog and pushed out via their OTX (Full article here: https://www.alienvault.com/blogs/security-essentials/orx-locker-a-web-platform-to-create-ransomware
“The only thing more dangerous than cryptolocker-type ransomware in the hands of a highly skilled hacker is the same ransomware offered as a service and made available to the general public. Similar to the private TOX RaaS (Ransomware as a Service) platform discovered in
August, ORX-Locker is a free-to-use web platform where anyone can create and download malware that will encrypt a victim’s file system and demand payment for recovery. This is one of the first public RaaS sites we’ve seen, with the majority of them discovered in the past private and/or requiring approval of new members.
The sign up process for ORX-Locker is completely anonymous (no email required) and the site will generate a custom malware executable for anyone, at no charge. Like TOX, they collect a percentage on the backend when victims remit payment and allow you to set your own ransom amount. This puts malware development, traditionally requiring the specialized skill of writing code, in the hands of anyone with the motivation to do wrong. While the delivery of the payloads is still something the attacker is responsible for, that requires a much lower technical prowess that the authoring of ransomware. Even in the event that the attacker has absolutely no experience whatsoever with computing other than web browsing, there are plenty of sites that facilitate or even perform the payload delivery for them.
Impact on you
Ransomware, in itself, presents a great threat to anyone, especially organizations that store payment and other sensitive information. Once a machine is infected, unless you have a recent backup, its data is essentially irrecoverable.
If you end up having to pay the ransom, there is no guarantee the data will actually be decrypted. Even if the data is successfully recovered, the downtime you experience as a result of the infection could result in a significant loss of revenue.
ORX-Locker (and other RaaS platforms) makes ransomware development, once a highly specialized skill, available to anyone with ill intent. This could increase the occurrence of these attacks exponentially.”
AJ Computers, LLC