By Dancho Danchev
Over the past several quarters, we’ve witnessed the rise of the so called Police Ransomware also known as Reveton.
From fully working host lock down tactics, to localization in multiple languages and impersonation of multiple international law enforcement agencies, its authors proved that they have the means and the motivation to continue developing the practice, while earning tens of thousands of fraudulently obtained funds.
What’s driving the growth of Police Ransomware? What’s the current state of this market segment? Just how easy is it to start distributing Police Ransomware and earn fraudulently obtained funds in between?
In this post, I’ll profile a recently advertised DIY (do-it-yourself) managed voucher-based Police Ransomware service exclusively targeting European users, and for the first time ever, offer an inside peek into its command and control interface in order to showcase the degree of automation applied by the cybercriminals behind it.
Sample underground forum advertisement of the managed DIY Police Ransomware service:
According to the advertisement, the actual malicious executable is both x32 and x64 compatible, successfully blocking system keys and other attempts to kill the malicious application. The cybercriminals behind the managed service have already managed to localize their templates in the languages of 13 prospective European countries such as Switzerland, Greece, France, Sweden, Netherlands, Italy, Poland, Belgium, Portugal, Finland, Spain, Germany, and Austria.
The price for the service? $1,000 on a monthly basis for a managed, bulletproof command and control infrastructure.
Just how sophisticated is the command and control interface? Let’s take a closer look into a sample command and control screenshots released by the cybercriminals behind the service in order to demonstrate its usefulness.
Sample screenshot of the DIY managed Ransomware-as-a-service command and control interface:
As you can see in the attached screenshot, thousands of users are being successfully infected with the ransomware variants, with the command and control service capable of displaying statistics for the affected countries, and the operating system in use by the affected parties.
Second sample screenshot of the DIY managed Ransomware-as-a-service command and control interface:
The managed service relies primarily on the Ukash voucher-based payment system, and the command and control interface conveniently displays the voucher codes and their monetary value, allowing the users of the service an easy way to claim the money from the vouchers.
We’ll continue monitoring the development of the DIY managed ransomware service.