Shifr Ransomware-as-a-Service Portal Only Takes a 10% Cut From Every Payment

The world has seen multiple ransomware-as-a-service tools over the past months. Even though one could argue the market is on the brink of getting saturated, that does not appear to be the case. More specifically, a new RaaS variant has been discovered, which goes by the name of Shifr. As is to be expected, this portal lets anyone create their own ransomware strain regardless of previous technical background.

Shifr RaaS Is a Cause for Concern

Finding even more convenient ways for criminals to create new types of ransomware is never positive under any circumstances. We have seen an influx of ransomware types over the past few years already. It appears this situation will only grow worse over time, as a new ransomware-as–a-service portal has been discovered. This particular project goes by the name of Shifr, and succeeds in lowering the barrier to entry for aspiring cybercriminals.

More specifically, one could argue a three-year-old could use Shifr and create their own type of ransomware within minutes. That is not a positive development by any means. The last thing we need is more convenient ways for criminals to create new types of ransomware regardless of their coding experience. Although it is not uncommon for RaaS services to lower the barriers to entry, Shifr seems to take things to a whole new level right now.

It is also worth mentioning any type of ransomware developed through this portal is written in the Go language. In most cases, Go would not necessarily be the programming language of choice for ransomware, but it is a language most people can pick up with relative ease. This also means aspiring developers should be able to make modifications to their creations with relative ease.

Accessing the Shifr portal can only be done through the darknet, which will not come as a surprise to anyone. Do keep in mind interested parties will need a Bitcoin address, as this address will be used to collect payments from ransomware victims. It also appears the Shifr developers will take a 10% cut of all profits generated by ransomware developed on this platform. That is a fair amount, and one most criminals will not mind paying whatsoever.

As is to be expected from a RaaS portal, the customers can determine how large their ransom demand needs to be. Smaller amounts will often result in more payments, albeit some developers could get away with asking a large sum. We recently saw a Korean web hosting service provider pay $1m worth of Bitcoin to get rid of a ransomware attack. Those types of payments are rather an exception, but it is still something most aspiring developers would hope to replicate.

The bigger question is whether or not Shifr is a scam or not. The service is very cheap, doesn’t hide its tracks all that well, and the ransomware strains it can create are not overly sophisticated either. Most of these RaaS portals are potential scams, since they know the owner’s Bitcoin address. Moreover, platforms like these often collect payments first and foremost, and then forward the remainder to the customer.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.