Jokeroo, a new Ransomware-as-a-Service (RaaS), is now on offer to affiliates in several membership packages.
Based on promotions in darknet hacking sites, Jokeroo allows its users to access ransomware as well as a fully-functioning payment server.
A Ransomware-as-a-Service allows hackers to subscribe to ransomware and distribute it at will.
The affiliates of the RaaS have to pay part of what they receive from their buyers to the developer.
RaaS acts as a training ground for amateur hackers as it makes it easy for them to launch ransomware.
Hackers with little knowledge of launching cyberattacks can do so without having to code the malware they use.
The History of Jokeroo
A cybersecurity researcher on Twitter under the handle @Damian1338B explained that Jokeroo RaaS was initially on sale as a GandCrab ransomware RaaS.
The developer promoted it on Exploit.in, a hacking forum.
However, after a while, another researcher, David Montenegro (@CryptoInsane) posted on Twitter that the RaaS had adopted the name Jokeroo.
The developers of Jokeroo then began to promote the RaaS on Twitter. They also stated that they had no association with GandCrab.
According to Lawrence Abrams of Bleeping Computer, Jokeroo differs from other RaaS in terms of its offers to affiliates.
Abrams specified that one unique feature of Jokeroo is that it offers its services in three packages.
For one to join the RaaS, they have to prepay for the specific package they want.
The lowest price for these packages is $90. At this price, the affiliate gains 85 percent of the redemption expenses.
The $90 package also has a list of benefits from which the affiliates can choose. For one, they can select the ransomware they want and customize it to suit their needs.
They can also use their logo, extension and icon of choice.
Additionally, the cheapest package allows its affiliates to use their ransomware to infect as many victims as they wish.
They can also manage all their victims in the dashboard, which provides their IP addresses.
This package also allows users to transact using Bitcoin. Those with antivirus software further get access to undetectable protection.
The other two packages cost $300 and $600 and allow affiliates to maintain all revenue. They also have extra benefits including several ransomware variants, payment encryption as well as Salsa20 encryption.
Other Features That the RaaS Is Offering
Besides the numerous benefits that Jokeroo is offering, the developers have announced that users have more to gain from the RaaS.
The developers have promised that Jokeroo users will now gain information on their hacking escapades on the RaaS dashboard.
The details will include the list of victims/targets, the time of the attacks, the amount they receive in ransom as well as their payment status.
Below is a snapshot of what the “victims list” looks like, according to Montenegro’s tweets.
List of Jokeroo Ransomware-as-Service victims list screenshot.
A snapshot of the Jokeroo Ransomware-as-a-Service “victims list” dashboard. Source: @CryptoInsane
Further, the activity report appears as follows:
Jokeroo’s dashboard screenshot.
]Report activity dashboard on Jokeroo. Source: @CryptoInsane
Additionally, the hackers will be able to detect the geographical location of their victims along with the Windows OS version they are using.
Furthermore, based on the package they select, the users will be able to decide what appears on their ransom notes.
Protection from RaaS and Other Malware
Seeing how easily available malware has become to potential hackers, there is a need to be more cautious against cyberattacks.
One way to protect one’s data is by backing it up. Users can save extra copies of their files on external drives or cloud servers. Make sure your backups are encrypted for extra security.
Furthermore, your computer system software should be up-to-date. Constantly updating software ensures the timely detection and clearance of a system’s vulnerabilities, leaving cybercriminals with no loopholes to use for their attacks.
Hackers also lure their victims through the use of infected files and links.
It is, therefore, essential to avoid suspicious attachments and links, or to scan them using anti-malware before opening.