The Channel logo


By | Darren Pauli 24th August 2016 01:58

Intel douses Wildfire ransomware as-a-service Euro menace

Group scored $79k a month with infect-o-tronic rent-a-bot

An alliance of cops and anti-malware experts have doused the Wildfire ransomware that plagued users in Belgium and the Netherlands.

Wildfire is carried in spam messages and demands up to 1.5 Bitcoins of ransom for files to be decrypted.

Security researchers have uploaded 1,600 decryption keys with more to come to the No More Ransom joint ransomware-busting effort between McAfee and parent company Intel, Kasperksy Labs, Europol's EC3 cybercrime division, and dutch police.

The group earned US$79,481 (£60,240, A$104,399) over the last month by infecting 5,309 systems, Intel Security chief technology officer Raj Samani and advanced threat researcher Christiaan Beek found.

"The victims were misled with a notice of a missed delivery and instructions for scheduling a new delivery by filling in a special form attached with the mail," the pair say.

"This form was in fact an obfuscated dropper that infects the victims with the ransomware.

"The actors behind Wildfire have clearly put a lot of effort into making their spam mails look credible and very specific."

Countries including Russia; Moldova; Estonia; Latvia; Lithuania, and Belarus are excluded from being targeted by the ransomware in a tactic typically designed to avoid drawing local law enforcement heat.

Samani and Beek say the actors are likely a Dutch-speaking group due to language and iconography used in the Wildfire spam, but did not suggest the attribution was certain.

It also appeared Wildfire was operated under a service model in which criminals can rent ransomware and the necessary infrastructure to launch attacks against users, typically with some commissions in the range of 20 to 30 per cent going to malware writers.

Facilitators link new buyers to ransomware writers, and other necessary service offerings such as traffic pushers and encrypting services.

Criminals can net a conservative US$84,000 a month in the ransomware game for an investment of $6000, a whopping 1,425 per cent profit margin, Trustwave found last year. ®

comment icon Read 4 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe