BlackRouter Ransomware Promoted As A RaaS By Iranian Developers

By   ISBuzz Team
Writer , Information Security Buzz | Jan 21, 2019 06:45 am PST

Ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previously distributed another ransomware called Blackheart and promotes other infections such as a RAT. BlackRouter was originally spotted in May 2018 and had its moment of fame when TrendMicro discovered it dropping the AnyDesk remote access program and keyloggers on victim’s computers.

Israel Barak, CISO at Cybereason:

“Ransomware is one of the most effective and successful forms of cybercrime, yet attacks have slowed considerably in the past few years. But as long hackers find it simple to construct and deploy, it will be a low-risk, high-reward business model for monetizing malware.

There are some basic best practices to follow to mitigate ransomware risk:

-Back up files and regularly verify that the backups can be restored

-Don’t download software from dubious sources

-Don’t open email attachments from unknown / unexpected senders

-Train users on best practices and how to spot phishing emails

-Review cyber insurance plans – make sure they are in line with the level of risk you want from ransomware – request a “ransomware clause” for cyber extortion that would eliminate the inability to publicly disclose and adjust the unrealistic high deductible to be more in line with current ransom demands.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x