FrozrLock, the ransomware discovered by the BleepingComputer team with early tips and guidance of security researcher David Montenegro and Avast security research Jakub Kroustek, is a new type of a ransomware-as-a-service tool which began to infect devices and servers since April 16.
Although its origin is yet to be disclosed, researchers state the ransomware first started to operate in Russia. In a private conversation with BleepingComputer, Kroustek said:
“First detections were from Russia, without making any conclusions about its origin. [It was] spreading via JS downloaders named as Contract_432732593256.js”.
Prior to the release of the FrozrLock homepage and other public identities, researchers called the ransomware AutoDecrypt in consideration of the name of its decrypter. Based on various claims around the discovery of FrozrLock, also known as FileFrozr, the ransomware seems to have been around since early March. While the first case of infection or encryption wasn’t discovered until April, during that one-month period, FileFrozr built its platform wherein customers of the ransomware-as-a-service can monitor encrypted devices in a customized user interface.
According to BleepingComputer’s Catalin Cimpanu, the current rate or cost per license is 0.14 bitcoin, which at the time of reporting is worth $231. The price of FrozrLock license nearly doubled since late March, from 0.09 BTC to 0.14 BTC.
— Rommel Joven (@rommeljoven17) March 29, 2017
The FrozrLock ransomware and its online web-based platform show a glimpse of what new-generation ransomware-as-a-service will look like in the near future. Within one single unified platform, buyers of the ransomware license can track the ID of the encrypted device, view the decryption key and trace the payment made in its simply designed interface, as seen below in the screenshot captured by BleepingComputer.
With such minimalistic user interface, anyone with the slightest understanding of ransomware mechanisms will be able to carry out ransomware attacks using the FrozrLock ransomware with ease. All that needs to be done is the execution of the attack and delivering the malware into a device to successfully encrypt files. Most importantly, because the FrozrLock is capable of encrypting files and systems within minutes, it provides users leverage over their victims.
Over the past few months, the industries of technology, healthcare and education in particular have observed an exponential increase in ransomware attacks. Since earlier this year, the concept of ransomware-as-a-service also gained popularity on the dark web, concerning cybersecurity firms and law enforcement agencies.
“[Raas] This is an easy, no pressure gateway for aspiring affiliates since nothing is invested in obtaining the ransomware. Recent updates to the site show that this RaaS variant has continued to receive support and refinements from the author in order to improve the product,” researchers at cybersecurity company Fortinet said.
The meteoric rise in ransomware-as-a-service is expected to exponentially increase the cases of ransomware attacks across many industries in the upcoming months.