Channeling Security: Sophos Dissects Philadelphia Ransomware as a Service

Written by Lorna Garey
July 25, 2017

Sophos is bucking two trends in the security industry.

Lorna Garey

Sophos on Tuesday released an in-depth report on the latest evolution in ransomware: delivery of an executable in an “as a service” model. By following the path of the Philadelphia ransomware service from productization to sale on the dark web for $389, the report offers an eye-opening case study.

Malware distributor Rainmaker Labs even created a 13-page marketing brochure explaining Philadelphia’s feature set, which includes unlimited malware samples, a one-time purchase fee that includes all upgrades and the ability to play Russian roulette, deleting some files after a set period of time.

Sophos’ Dan Schiappa

Dan Schiappa, SVP & GM of Sophos’ end user and network security group, says the lowered bar is bad news for customers.

“Fifty-seven percent of data leakage actually comes from hacking and malicious code,” said Schiappa in an interview at Sophos’ Boston-area offices. “Now with things like malware and ransomware as a service, you don’t even have to be technically advanced.”

Sophos is bucking two trends in the security industry.

First, while many providers are pulling together consortia to help partners assemble multi-vendor security bundles, Sophos is focusing on making its full suite of endpoint and network security products communicate and quickly learn from one another. Schiappa cites a Forrester survey where enterprise IT respondents overwhelmingly said they prefer to buy an integrated suite from one vendor versus best of breed.

Schiappa says partners approve of that strategy as well because it lets them “land and expand” within customer sites.

“We’ve blended all the products into a common interface,” he said. “Our partners love that because it matches with our other big innovation, which is Synchronized Security. The benefit there for partners is, I can get in with one product. And if I sell them another Sophos product, I didn’t just didn’t sell additional product, I actually made the previous product smarter because now it has another product to talk to and get insight from.”

The Synchronized Security ecosystem covers endpoints, mobile devices and servers with integration into the Sophos Central platform.

Schiappa also stressed the expansiveness of the company’s partner program, in contrast to suppliers limiting the number of resellers and demanding, if not monogamy, then a certain level of exclusivity. Sophos now has more than 30,000 partners, and Schiappa credits them with driving about a 90-plus percent renewal rate among current customers and generating $632.1 million in FY17 billings, more than 24 percent growth, with 81 percent of that recurring subscriptions.

The company does have a “Blue Chip” designation for partners that transact five or more deals in a six-month period. This top partner tier has grown from 4,721 in FY16 to 8,524 this year.

“We’re all about the partners,” he says. “I think we’re probably the only security vendor that has in our mission statement our loyalty to the channel community.”

What does Schiappa see those partners tackling as we move into 2018?

Distributing ransomware in an inexpensive SaaS model lowers the cost of …