Ransomware as a Service

&gt;Communications with the C2 server are performed via HTTPS: kdvm5fd6tn6jsbwh[.]onion[.]to (185[.]100[.]85[.]150) located in Romania.<p>That&#x27;s just a tor tunnel, IP and location doesn&#x27;t matter.

&gt; &quot;Based on the strings present in the PE file, it has been written in Go&quot;<p>I find this kind of interesting. I&#x27;ve seen reports on other malware&#x2F;virus stuff written in Go recently. I wonder if this is because the ability to cross compile with Go is pretty painless? Or is it because the language is fairly approachable but still allows you to dig a bit &quot;deeper&quot; if you need to?

&gt; The business model behind the service is simple: the bad guys keep 10% of the ransom.<p>Creating a ransomware is indeed not a very nice thing to do, but IMO the ones that deserve the most to be called &quot;bad guys&quot; are the ones that actually spread the binary (so, the ones that keep the other 90%)

I find it somewhat ironic they include a captcha to protect against malicious users.

I&#x27;m waiting for something like this to take the form of an Ethereum smart contract.

Interestingly it does not seem to be a new concept: <a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;netsec&#x2F;comments&#x2F;37ko5v&#x2F;introducing_raas_ransomware_as_a_service&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;netsec&#x2F;comments&#x2F;37ko5v&#x2F;introducing_...</a> <a href="https:&#x2F;&#x2F;securingtomorrow.mcafee.com&#x2F;mcafee-labs&#x2F;meet-tox-ransomware-for-the-rest-of-us" rel="nofollow">https:&#x2F;&#x2F;securingtomorrow.mcafee.com&#x2F;mcafee-labs&#x2F;meet-tox-ran...</a><p>They used to take 20% &#x27;commission&#x27;.