Spreading ransomware has become a point-and-click exercise following the release of a file-scrambling malware interface for unskilled wannabe cybercrooks.
The malware generator enables attackers to customise the wares using a user-friendly interface. Strains of the resulting WYSIWYE (What You See Is What You Encrypt) nasties have been detected by Panda Security in companies across Europe, including Germany, Belgium, Sweden, and Spain.
The resulting malware is pushed on to corporate networks through exploitation of the Remote Desktop Protocol technology, as explained in a blog post by Panda Security here.
Once credentials are obtained through a brute-force attack on RDP, hackers are in a position to unleash their wares.
What You See Is What You Encrypt ransomware GUI [source: Panda Labs blog]
The GUI makes it easier to run bespoke attacks. "With this customised attack, it's possible to hand-pick the network computers whose information the attacker would like to encrypt, choose files, self-delete upon completing the encryption, enter stealth mode, etc.," Panda Security explains.
The Spanish security firm views the development as part of a broader Ransomware-as-a-Service trend, which involves hosting affiliate programs and more.
Luis Corrons, PandaLabs technical director, said crooks are demanding a minimum of €500 after each successful infection.
"The tool is targeting criminals with no qualms," Corrons explained. "Expertise is no required, you don't need an army of ransomware writers, just a bunch of them feeding the cybercriminal ecosystem.
"There are hundreds of thousands of computers waiting to be compromised, listening to the RDP port in the open internet," he added. ®