SMAUG – Multi-Platform Ransomware
SMAUG is another offering in the RaaS category, Ransomware as a Service. SMAUG offers support for both victims and users across all OS platforms with features. Sentinel Labs notes this as an exceptional offering for a RaaS that is publicly available. SMAUG first emerged in April 2020 and is doing nothing revolutionary for those who have required and acquired ‘ransomware services’ before. SMAUG however charges a 20% service fee and a registration fee of .2 BTC for people to use their service, latter can be waived by being the first five most active forum members to reach a certain number of posts and prove their success as an attack.
SMAUG has multi OS support and the ability to be distributed under ‘Company Mode’, which encrypts all devices using a single key for decryption. This is useful for malicious campaigns and such. Added to which SMAUG can also operate offline as well some basic AV evasion that leverage encrypting and obfuscation, SMAUG carries a minimal footprint. Developers of SMAUG however do recommend that users further obfuscation their payloads as SMAUG does not have a native feature. SMAUG also features fast execution times, claiming multi-threaded native code that executes faster than possible to react.
The payment after infection is fully automated and customization is available to meet user needs and however much ransom to demand, all done via a streamlined management interface. SMAUG even offers support for victims of their users, which guide them to their onion portal to make payments for their ransom. However, SMAUG makes it clear that it is forbidden to target machines of the Commonwealth of Independent States. Victims can send a sample file for proof of decryption, as well as other helpful measures to make sure victims do not struggle to make payments. See more at the Sentinel Labs website below, on IOC’s and a full write-up describing the malware activities.
Sources: