Cheap ‘Junk-Gun Ransomware’ Emerging on the Dark Web
April 18, 2024 – Published on Security Boulevard
Headlines about ransomware in recent years have focused on the most prolific gangs like LockBit, BlackCat, and Cl0p and the rise of ransomware-as-a-service (RaaS), where affiliates pay a fee to use ransomware developed by another group and share the money paid by the victim.
However, another market is emerging on the dark web, where bad actors develop cheap and crudely built ransomware that they primarily sell as a one-time purchase, rather than lease it out as in RaaS scenarios.
For the most part, these bareboned operations come without a lot of what the highly-organized ransomware groups bring. They don’t have leak sites, they don’t use IABs to offer ways into targets’ networks, they have no affiliates or corporate-style setups to manage and they have no large, high-profile victims. In addition, their ransom demands don’t get into the millions of dollars, their ransomware isn’t designed to get around endpoint detection and response (EDR) protections, and they’re not looking for attention.
This low-end ransomware is enabling what RaaS also does – less-skilled threat actors who now have a relatively cheap way to run ransomware attacks. GuidePoint Security researchers earlier this month came out with a report describing what they call “ad hoc, opportunistic, or ‘immature’ ransomware groups” – like Phobos and DataF Locker – that operate more quietly and target smaller victims. Larger groups may get the wider notoriety, but “immature ransomware groups operating on the fringe continue to harm smaller and less well-defended organizations, often without a recognizable brand or name to aid in attributing and ascribing deceitful behavior,” they wrote.
Read More HERE.