Ransomware is bad, but now its even worse…

Some ransomware today have added a secondary part in the Malware, a botnet connected Trojan with DDoS capabilities. This is done by the attackers to make the most of their attacks. The victimized botnet machines can also then be used to distributed denial of service (DDoS) attacks at the same time that they’re encrypted and held hostage.

This additional punch is a profit-minded additional part to the attack and one which security experts say will be a standard for most ransomware kits in the near future. Some known ransomware has already added this botnet capabilities to its payloads.
While the typical ransomware binary that encrypts file system and files and hold the computer ransom, the second part of the ransomware is a DDoS capable malware.

The DDoS Part is just another way to make more money of the infected and ransom held computers all over the world. This is done by renting out the DDoS part if the Malware to make the computer to DDoS attacks by anyone who want to buy it. This meaning the malware senders take money from the end user (ransom bit coins) and also can be paid by people that want to do DDoS attacks.

You can expect this type of behavior in all type of ransomware becoming common very soon. The Ransomware model is a perfect example of the ”nature of cyber crime”, proving yet again that the criminal are focused on a high return of investment.

The Ransomware market is expected to add about $1 billion Us to the Bad Guys 2016…
With that kind of funding, what will they do next?

Best Regards
Magnus Näriäinen
IT Security Consultant
Consultant Manager
@NSEC