Ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previously distributed another ransomware called Blackheart and promotes other infections such as a RAT. BlackRouter was originally spotted in May 2018 and had its moment of fame when TrendMicro discovered it dropping the AnyDesk remote access program and keyloggers on victim’s computers.
https://twitter.com/samh5621/status/1087031297967566850
Iranian developer advertised BlackRouter RaaS: An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model. An Iranian developer is advertising on Telegram a Ransomware-as-a-Service… https://t.co/MEn7029nXr pic.twitter.com/NpNdXC2HSp
— Shah Sheikh (@shah_sheikh) January 21, 2019
Israel Barak, CISO at Cybereason:
“Ransomware is one of the most effective and successful forms of cybercrime, yet attacks have slowed considerably in the past few years. But as long hackers find it simple to construct and deploy, it will be a low-risk, high-reward business model for monetizing malware.
There are some basic best practices to follow to mitigate ransomware risk:
-Back up files and regularly verify that the backups can be restored
-Don’t download software from dubious sources
-Don’t open email attachments from unknown / unexpected senders
-Train users on best practices and how to spot phishing emails
-Review cyber insurance plans – make sure they are in line with the level of risk you want from ransomware – request a “ransomware clause” for cyber extortion that would eliminate the inability to publicly disclose and adjust the unrealistic high deductible to be more in line with current ransom demands.”
