RaaS is an extension of cryptovirological activity. It actually enables more than one party to reap the lucrative outcome of cryptovirological shenanigans in the form of collected extortion amount generated by providing ransomware removal solutions. Experts have recently discovered a new RaaS strain on the web that goes with the name FileLocker. According to what has been found till now, this RaaS product is primarily designed to target English and Chinese users. It has also been found out that the mass-scale distribution of the strain hasn’t started yet.
Upon knowing that this cryptovirological strain is actually designed as a RaaS, security researcher expanded their investigation. This detailed analysis reveals that it is being marketed on the dark web through Chinese cybercriminal forums. The developers of FileLocker are offering people to become their affiliates for 65 percent of the all the collected extortion revenue.
Affiliates actually help in creating more chances for successful ransomware exploits by expanding its distribution. From phishing to compromised remote desktop services and malicious web pages, all these methods are used to streamline the distribution of ransomware.
Analysis of FileLocker
Experts have also analyzed the FileLocker RaaS for its conventional ransomware features. The strain is capable of targeting all Windows operating systems starting from XP. Furthermore, the dual language interface has been used to target both Chinese and English audience. Similarly, the ransom note is also delivered in both languages.
Like many of its contemporaries, FileLocker also deletes shadow volume copies from the Windows registry to make it difficult for the affected user to retrieve any of the locked down data. In addition, the double encryption algorithm is used by the strain to neutralize professional ransomware removal measures.
For end users, RaaS works like any other ransomware. So, make sure your device has been configured as per recommended measures if you really want to avoid data lockdown and subsequent ransomware removal.
