Satan: A new Ransomware as a Service
If you’ve been hit by ransomware that has scrambled the names of your encrypted files and has appended the .stn extension to them, you’ve been targeted by Satan – not the “Prince of Darkness”, but by the eponymous new Ransomware as a Service.
Satan was flagged on Wednesday by security researcher Xylitol and, as it turns out, the RaaS is being actively marketed on underground forums.
Anyone can use Satan for free, the seller notes, but he or she will take 30 percent of each successful ransom request in exchange for providing the service.
A visit to the service’s website (on Tor) reveals a well-designed page that offers users the possibility to create a variant of the malware that’s configured to their liking, a choice of obfuscation techniques for the dropper, the opportunity to translate the ransom note, and a way to contact the malware author.
Through the website, registered users can also see how many of the ransomware instances they sent out were successful, and the amount they’ve earned so far.
At the moment, it is still unknown which encryption method Satan uses and, therefore, there is no available decryption tool.
Unfortunately, the Satan RaaS is extremely easy to use and accessible to anyone that has no scruples and no special knowledge.