The Channel logo

News

By | Darren Pauli 24th August 2016 01:58

Intel douses Wildfire ransomware as-a-service Euro menace

Group scored $79k a month with infect-o-tronic rent-a-bot

An alliance of cops and anti-malware experts have doused the Wildfire ransomware that plagued users in Belgium and the Netherlands.

Wildfire is carried in spam messages and demands up to 1.5 Bitcoins of ransom for files to be decrypted.

Security researchers have uploaded 1,600 decryption keys with more to come to the No More Ransom joint ransomware-busting effort between McAfee and parent company Intel, Kasperksy Labs, Europol's EC3 cybercrime division, and dutch police.

The group earned US$79,481 (£60,240, A$104,399) over the last month by infecting 5,309 systems, Intel Security chief technology officer Raj Samani and advanced threat researcher Christiaan Beek found.

"The victims were misled with a notice of a missed delivery and instructions for scheduling a new delivery by filling in a special form attached with the mail," the pair say.

"This form was in fact an obfuscated dropper that infects the victims with the ransomware.

"The actors behind Wildfire have clearly put a lot of effort into making their spam mails look credible and very specific."

Countries including Russia; Moldova; Estonia; Latvia; Lithuania, and Belarus are excluded from being targeted by the ransomware in a tactic typically designed to avoid drawing local law enforcement heat.

Samani and Beek say the actors are likely a Dutch-speaking group due to language and iconography used in the Wildfire spam, but did not suggest the attribution was certain.

It also appeared Wildfire was operated under a service model in which criminals can rent ransomware and the necessary infrastructure to launch attacks against users, typically with some commissions in the range of 20 to 30 per cent going to malware writers.

Facilitators link new buyers to ransomware writers, and other necessary service offerings such as traffic pushers and encrypting services.

Criminals can net a conservative US$84,000 a month in the ransomware game for an investment of $6000, a whopping 1,425 per cent profit margin, Trustwave found last year. ®

comment icon Read 4 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'