Under Attack? Breach Response Hotline: Call 833.997.7327 (US/CAN)

Smaug Ransomware

The Desolation of Smaug Ransomware

Nathan Tanthavong | August 13th, 2020

 

SaaS, PaaS, IaaS, well what about RaaS? RaaS stands for Ransomware-as-a-Serivce. Threat Actors can employ a RaaS provider to gain access to their ransomware infrastructure. Smaug Ransomware, one of the latest strains of ransomware, is taking advantage of the RaaS model.

Smaug Ransomware Using The RaaS Model

Threat Actors can use Smaug’s infrastructure via a Dark Web Onion site to download a payload with a customized ransom message, ransom price, and payment deadline. Once they deploy the payload to their target, the statistics can be viewed through Smaug’s dashboard. Features include how many hosts were infected, if the victim has visited the page, and whether or not the ransom was paid.

If a ransom is paid, it is deposited into a Bitcoin wallet owned by Smaug. Smaug keeps 20% of the ransom as a service fee and the Threat Actor can withdraw the rest. This, along with a 0.2 Bitcoin registration fee, is the price to use Smaug’s services.

“Smaug is a RaaS that makes it easy for threat actors to use ransomware to achieve objectives. The Smaug ransomware can run on all the three major operating systems opens up the potential for broader targeting.” -Anomali Threat Research

The easy use of the Smaug ransomware is what makes it a large threat to companies. Making ransomware attacks easier to perform will put it in the arsenal of many less skilled Threat Actors who would otherwise not have the technical aptitude to build and manage ransomware. A disgruntled employee with no technical background could simply hire Smaug and download the payload to begin encrypting their company’s environment.

Ransomware is already very attractive to Threat Actors because the potential payout is huge, and with services like Smaug, SpearTip believes the trend is only going to grow. An EDR tool such as SpearTip’s proprietary tool, ShadowSpear®, will ensure any applications that attempt to inject into a system’s memory, including ransomware payloads, will be prevented.

24/7 Breach Response: 833.997.7327

Categories

Connect With Us

Featured Articles

Protecting Space Satellites
Protecting Space Satellites Using Cybersecurity
25 March 2024
Ransomware-as-a-Service
Growing Cyber Threat: Ransomware-as-a-Service
11 March 2024
Information Security Threats
10 Information Security Threats IT Teams Need To Know
08 March 2024
Data Protection
Companies Investing More Into Data Protection
06 March 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.