The researchers from the Anomali Threat Research have come up with the brand new details of the cybercriminals who are behind the Smaug Ransomware-as-a-Service or commonly known as the Smaug RaaS. The researchers have revealed that the threat actors have been promoting their RaaS platform on a darknet forum based on the Russian linguistics.
The ransomware game has turned into a more significant business since the last decade, as stated by the researchers. The ransomware threat space is an ample space to make money that has seen a sudden spike during the start of the decade. Considering the various ransomware, the Smaug ransomware is specifically an attractive option for the newbie cybercriminals or the aspiring ones who do not possess enough skills or capabilities to create sophisticated ransomware for the cyber campaigns.
The post put up by Corinda had also included the screenshots of the Smaug user interface along with the details of the procedure with which the users can avail the ransomware service. As per the researchers, Smaug RaaS platform has been designed, keeping in mind the ease of the platform usage. The dashboard of Smaug RaaS also appears to be clear, depicting an easy-to-use online panel.
As soon as the users complete and submit a registration form, they are directed to clear a payment (one-time fee) of 0.2 BTC, which is approximate $1,900 to a specific Bitcoin wallet as directed to them. Subsequently, 20 per cent amount is also charged as service fee for each of the ransom payment that has been received from the victims.
In the bid to launch a ransomware attack, the threat actors are required to create a campaign and submit specific details such as custom ransom messages and expiration dates. Following this, they can download relevant payload for the system that they possess intentions to attack, OS – Mac, Linux or Windows and commence distributing the malware. The dashboard takes adequate care of the decryption key that is purchasing and tracking for the victims. The users also have the liberty to follow the profits they have collected via their campaigns. A campaign expires as soon as the user set expiration date gets over, after which the victims get no opportunity to recover their files.
After a ransom has been cleared, the user can withdraw the amount via the Withdrawal page. The page displays the user’s current balance following a 20 per cent service fee withhold. After this, the page allows the users to submit a withdrawal request to a specific Bitcoin Wallet.
It is interesting to note that the Smaug RaaS operators do not permit the users to target companies or people based in the CIS countries that include Armenia, Azerbaijan, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan and Uzbekistan.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.