How ransomware for dummies is distributed on shadow forums and what it threatens.
Experts from Sophos cyber intelligence department identified 19 different types of ransomware on four shadow forums between June 2023 and February 2024, which were offered for sale for relatively small amounts. The price ranged from $20 to 0.5 bitcoins (about $13,000 at the time of the study).
Experts draw a parallel between these tools and cheap imported weapons that flooded the US market in the 60s and 70s of the last century. Despite the unreliability of such solutions, they provide novice cybercriminals with a number of significant advantages — a low threshold for entering the criminal business and relatively weak traceability. This allows you to engage in extortion yourself, without having to interact with networks of affiliates, which usually take a significant share of the profit.
According to Sophos experts, malicious programs such as EvilExtractor can indeed be unreliable. Some of them even contain built — in "bookmarks" - hidden functions that allow attackers to remotely control infected systems or gain access to data from both users and inexperienced"colleagues".
However, young hackers are probably willing to put up with all the risks, as the use of such tools can be the first step on the way to more profitable activities as part of well-known cybercrime groups.
Although the effectiveness of cheap ransomware in real attacks remains unclear, researchers note that, for example, EvilExtractor was already used in attacks in the United States and Europe last year. There are also reports of three other options that were successfully used by attackers.
Most of the incidents seem to go unnoticed and unsolved, as they are mainly directed against small companies and individuals who cannot afford expensive means of protection.
An analysis of activity on shady forums that sell cheap ransomware revealed their "amateur" nature. Unlike the most well-known darknet platforms, here users do not hesitate to ask stupid questions and freely share information, including guidelines for software development and application. Among the most popular materials is a manual written by a well-known ransomware operator under the nickname Bassterlord.
The researchers cite the example of a message from one of the forum participants who planned to conduct "targeted phishing to gain access to the system, and then collect as much valuable data as possible and launch a ransomware program." He sought advice from other members of the community on possible future targets for such an attack and recommendations for its implementation, as this was his first experience.
Sophos highlights the severity of the problem of malware availability in shady Internet forums. This phenomenon creates significant difficulties for cybersecurity professionals, as most of these attacks go unnoticed and do not receive proper coverage. This leaves a gap in the information that the community needs to fill.
Experts from Sophos cyber intelligence department identified 19 different types of ransomware on four shadow forums between June 2023 and February 2024, which were offered for sale for relatively small amounts. The price ranged from $20 to 0.5 bitcoins (about $13,000 at the time of the study).
Experts draw a parallel between these tools and cheap imported weapons that flooded the US market in the 60s and 70s of the last century. Despite the unreliability of such solutions, they provide novice cybercriminals with a number of significant advantages — a low threshold for entering the criminal business and relatively weak traceability. This allows you to engage in extortion yourself, without having to interact with networks of affiliates, which usually take a significant share of the profit.
According to Sophos experts, malicious programs such as EvilExtractor can indeed be unreliable. Some of them even contain built — in "bookmarks" - hidden functions that allow attackers to remotely control infected systems or gain access to data from both users and inexperienced"colleagues".
However, young hackers are probably willing to put up with all the risks, as the use of such tools can be the first step on the way to more profitable activities as part of well-known cybercrime groups.
Although the effectiveness of cheap ransomware in real attacks remains unclear, researchers note that, for example, EvilExtractor was already used in attacks in the United States and Europe last year. There are also reports of three other options that were successfully used by attackers.
Most of the incidents seem to go unnoticed and unsolved, as they are mainly directed against small companies and individuals who cannot afford expensive means of protection.
An analysis of activity on shady forums that sell cheap ransomware revealed their "amateur" nature. Unlike the most well-known darknet platforms, here users do not hesitate to ask stupid questions and freely share information, including guidelines for software development and application. Among the most popular materials is a manual written by a well-known ransomware operator under the nickname Bassterlord.
The researchers cite the example of a message from one of the forum participants who planned to conduct "targeted phishing to gain access to the system, and then collect as much valuable data as possible and launch a ransomware program." He sought advice from other members of the community on possible future targets for such an attack and recommendations for its implementation, as this was his first experience.
Sophos highlights the severity of the problem of malware availability in shady Internet forums. This phenomenon creates significant difficulties for cybersecurity professionals, as most of these attacks go unnoticed and do not receive proper coverage. This leaves a gap in the information that the community needs to fill.
