How is this going?
A wave of cheap, crude, amateurish ransomware has been discovered on the dark web, and while it may not make the headlines as LockBit, Rhysida, and BlackSuit, it still poses a serious threat to organizations.
What is “junkgun” ransomware?
This is the name Sophos researchers coined for simple ransomware that is often sold cheaply as a one-time purchase. “Spamgun” ransomware is attractive to criminals who want to operate independently but lack the technical skills.
Can you give some examples?
certainly. Kryptina ransomware will be available in December 2023 for only $20 (or $800 if you are interested in the source code to customize it or create new variants). Kryptina promises to provide a complete out-of-the-box toolkit to launch attacks.
Other examples of spam ransomware include Diablo, Evil Extractor, Yasmha, HardShield, Jigsaw, LoliCrypt and CatLogs.
Sophos researchers noted that Kryptina developers struggled to make any sales and later released their ransomware for free.
ha! Can’t even sell it for 20 yuan!
A bit embarrassing, isn’t it? Other examples of DIY ransomware are also sold at low prices – $50 or $60.
However, the average price recorded in the Sophos study was around $375, significantly less than the thousands of dollars some affiliates are prepared to pay for “traditional” ransomware-as-a-service (RaaS) operations.
Doesn’t sound good if ransomware is cheap
correct. Low barriers to entry means there are more potential ransomware attackers.
Additionally, the lack of available intelligence may make it more difficult for law enforcement agencies to track cybercriminals who avoid becoming affiliates of broader ransomware operations.
But if this “junk gun” ransomware has low technical content, can it still be powerful?
Don’t be fooled. Functionality of this type of ransomware varies, but the biggest appeal is its simplicity (little to no supporting infrastructure required) and the fact that users can keep all profits for themselves.
“Spamgun” ransomware attacks may not have the scale and visibility of major ransomware groups, but they can still be lucrative for attackers who target individuals and small businesses.
“What’s even more concerning is that this new ransomware threat presents unique challenges for defenders,” said Sophos’ Christopher Budd. “As attackers are targeting small and medium-sized businesses with these variants, and the ransom demands are high, Small, so most attacks may go undetected and unreported, leaving an intelligence gap for defenders that the security community must fill.”
Editor’s note: The opinions expressed in this guest author article are those of the contributor and do not necessarily reflect the views of Tripwire.
