Princess Evolution ransomware offered as RaaS on an underground market

by Gabriel E. Hall - -

Hackers promote Princess Evolution as ransomware as a service (RaaS) in the dark web

Princess Evolution ransomware is advertised on the dark web

Researchers at Trend Micro have discovered the latest variant of Princess Locker which is now advertised as Princess Evolution ransomware[1]. This file-encrypting cyber threat was found promoted as Ransomware as a Service (RaaS) in the underground market[2]

RaaS technique is based on affiliate marketing when the third-parties distribute the ransomware for the developers. As victims agree to pay the ransom, the affiliates receive 60-percent of the payment while the contrivers of Princess Evolution keep the remaining 40-percent of the ransom[3]

This arrangement allows the cybercriminals to receive funding and focus on the development of Princess Evolution ransomware without being distracted by inventing successful distribution techniques. Experts discovered multiple hacker forums on the dark web where the crooks offer their RaaS agreements. 

Coinhive's crypto-mining script allows generating even more revenue for ransomware developers

The most noticeable feature of Princess Evolution ransomware is that it not only spreads via Rig Exploit Kit but also includes a malicious script for mining Monero cryptocurrency[4]. In other terms, if the user is not redirected to the exploit hit and infected with the ransomware, cybercriminals can also receive revenue from digital currency mining. 

Despite the new adjustments in the malvertising campaign observed on July 25, Princess Evolution ransomware works the same way as its predecessor, Princess Locker. After the encryption, this crypto-malware modifies the file names to a new string of random characters to make them unreadable. 

According to the experts, hackers use XOR and AES ciphers to compromise the targeted information. Victims are demanded to install Tor browser to access details explaining how to recover files encrypted by Princess Evolution ransomware. Cybercriminals ask to pay 0.12 Bitcoin (approximately $750) for the decryption software. 

Unfortunately, the official Princess Evolution decryptor is not available yet. However, experts are currently working on the effective tool which could help ransomware victims recover encrypted data. Thus, users are advised to remove Princess Locker ransomware and wait for the official decryption software instead of paying the ransom.

Tips to protect your computer from Princess Evolution ransomware attack

The majority of ransomware attacks are successful as people do not update their programs and operating systems as well ass forget to keep backups of all the essential information[5]. Likewise, cybersecurity experts list several tips which should help you protect your system against Princess Evolution and other ransomware-type infections:

  1. Backup your system regularly;
  2. Keep all applications and OS up-to-date;
  3. Never download software cracks or music, audio, video files illegally;
  4. Visit only secure and official websites;
  5. Do not open suspicious attachments in spam emails;
  6. Use a reliable security tool with real-time protection.

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References