- CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising Slycer Ransomware as a Service (RaaS).
- Slycer Ransomware is a Python-based malware that encrypts the files on the victim machine and sends its decryption key to the attacker.
- Slycer allows threat actors to gather highly sensitive information regarding the affected company and escalate the attack to the next phase including, and not limited to, phishing attacks, social engineering-based attacks, and identity theft.
- CloudSEK’s Threat Intelligence Research team is validating the authenticity of this post.
Analysis and Attribution
Information from SourceOn 29 August 2021, a threat actor published a post on a cybercrime forum, advertising the membership of the Slycer Ransomware generator. The actor claims that there are three subscription plans for users based on time period, namely, one-time, lifetime, and monthly. The Slycer ransomware that is written in python has the following features:
- It encrypts all files on the victim system using the Fernet symmetric encryption technique, regardless of their extension or file type, except for system files.
- It uses a customized algorithm developed by the threat actor, to accelerate the encryption process.
- When the ransomware is executed, it sends a Gmail prompt along with the victim’s customer ID, and the decryption key to the attacker.
- Once the execution is completed, it deletes all the logs and the key from the victim device and then disables the Task Managers.
- Slycer then sends customized notes and messages to the victim to collect the ransom.
- It also allows the attacker to send custom Icons and other applications to the victim’s device.
- A downloadable ransomware file.
- The price quotation for the ransomware. The price of the entire set-up including the source code ranges from USD 2400 - USD 2600.
- A YouTube video tutorial demonstrating the working of the ransomware.
- The actor is not popular on the forum.
- The information shared by the actor seems logical but doubtful.
- The reliability of the actor can be rated Not usually reliable (D).
- The credibility of the advertisement can be rated Doubtful (4).
- Giving an overall source credibility of D4.
Impact & Mitigation