Satan enters roll-your-own ransomware game

Satan is infecting computers, encrypting files and demanding ransoms.

No, we're not talking about the prince of darkness itself, but an underground ransomware service bearing its name. It's devilish code: net demons wielding it can create a customised ransomware payload that will encrypt a victim's files with RSA-2048 bit and AES-256 bit encryption.

Those Satan enslaves are directed through the many circles of the Tor network in order to pay a bitcoin ransom that varies in size.

The Satan ransomware is available openly on the Tor network and presents punters with a slick form through which the malware is customised.

The established malware researcher known as Xylitol reported the malware

El Reg ignored VXers' constant pleas "not upload malware to VirusTotal" by promptly uploading the ransomware to VirusTotal, finding that it was detected by about half of antivirus scanners, although this number can differ thanks to heuristics and other antivirus dynamic checks not covered by the lauded online security service.

Malware that is uploaded to VirusTotal is at risk of being discovered by anti-virus engines and security researchers.

Should you choose to spread the word of Satan, the hell-code's authors claim to take a 30 per cent cut of any ransoms paid to customers.

"The bitcoin paid by the victim will be credited to your account. We will keep a 30 percent fee of the income … [which] will become lower depending on the number of infections and payments you have."

The service will help customers encrypt their files and wrap it in Word document macros and installers. It is up to customers to decide how to disseminate the malware, but most arrive by phishing.

Create your malware. Satan's panels.

Satan is not alone in its evil ways: other ransomware-as-a-service offerings including a JavaScript-based instance have been uncovered.

Many ransomware variants have been undone by white hat hackers working under the No More Ransom Alliance to find and exploit holes in the malware that allows free file decryption.

The Alliance unifies previously un-co-ordinated ransomware reversal efforts. The Reg expects it won't be long before the Alliance's forces are arrayed against Satan's in an effort to unravel its encryption and bring the good word to the afflicted. ®