Network-assessment

Black Friday will be here before we know it. While some people like to drive to malls and big box stores to start their Christmas shopping, others prefer to stay home and enjoy find their shopping deals online. But if you happen to be a cyber attacker, you don’t have to wait until Black Friday to find an amazing deal. You can start wreaking havoc on PCs, smartphones, and IoT devices right away using a massive collection of ransomware malware right now for the low, low price of just $750.

Wait, what is ransomware malware?

Ransomware is the new cyber criminal with the biggest hits. If ransomware infects your computing device, it can encrypt all of your local files with a cipher you can’t decrypt because you don’t have the key.  If hit with this brutal malware, you’ll see a ransom note on your screen that says something like “pay us $1000 worth of Bitcoin to decrypt your files.” Individuals and businesses might be tempted to pay the ransom because it’s the only way they think they can get their files back. Sometimes paying the ransom works! But other times, it doesn’t. Many enterprises keep extensive backups of all of their important files, so if they’re hit by ransomware, they can just get rid of the malware and restore their files from backup. Ordinary consumers should also backup their important files on a regular basis, and perhaps the growing ransomware threat is actually teaching them the importance of such a measure. External hard drives are cheaper than ever before and could be the perfect purchase for Black Friday.

Where does someone buy malware?

Cyber attackers these days don’t usually buy malware on the “clearnet,” or the ordinary side of the internet that we all know. (You’re probably on the clearnet right now, so congratulations!) If a website on the clearnet tries to sell malware, law enforcement usually find the vendor or website owner and arrests them. Big no no. Websites that sell malware to cyber attackers tend to be on the dark web, which is the part of the internet only visible and accessible through encrypted proxy networks like Tor or I2P. Those networks route your web traffic through a series of proxy servers, which means it’s difficult for law enforcement to find where the web servers are located or who is using them. It is perfectly legal for people to use the dark web with software such as the Tor web browser, as it does have some legitimate benefits. As a hidden network, the dark web provides an excellent service for folks like journalists covering the news from hostile parts of the world where free speech is frowned upon. Use of the darknet only becomes illegal when selling illegal goods like drugs, gune, malware, access to obscene material—or worse.

And there are a lot of websites on the darknet where you can buy illegal things. Cyber attackers love these hidden markets because they can buy malware without fear of getting caught. Cryptocurrencies like bitcoin are used to make purchases on darknet markets because that sort of money is almost untraceable if handled correctly. Most dark web markets are a bit like eBay for bad guys. Buyers and sellers have reputations on these markets, and if sellers deliver the goods as promised, their reputation improves. Savvy market customers will only buy stuff from sellers who have a positive reputation, so they can be sure that they won’t get scammed. But even so, locating real trust on the dark net is probably one of the most challenging things about it.

What amazing bargains will cyber attackers find on the dark web?

Researchers at cybersecurity firm Sixgill have discovered a seller on a darknet market is offering a huge collection of ransomware for about $750. That’s a great value for cyber attackers because they can make so much more money from getting their victims to pay their ransoms, possibly even millions of dollars!

Sixgill’s Gilad Israeli says, “This is the first time I’ve ever seen an underground vendor who sells an attack kit of ransomware which offers several different popular ransomware variants.” The ransomware pack includes specific strains of ransomware that cyber attackers love, such as CryBrazil, XiaoBa, Magniber, and Satan.

But the crown jewel of the collection is probably SamSam, which has been used by one group of cyber attackers to infect high caliber targets, institutions like hospitals and the City of Atlanta. Yep, SamSam was used to bring one of America’s largest cities to their knees, crippling many of their online municipal services. SamSam ransoms for institutional and enterprise targets are often more than $50,000. At that level, the encrypted files are worth more to them than the huge ransom and they typically have the money to spare. Researchers believe that the people behind SamSam have made over $6 million so far.

If the version of SamSam in this ransomware package is authentic, some cyber attackers will be willing to pay $750 for SamSam alone. But they’d better hurry because the seller says they’ll stop offering the pack after 25 sales.

How can I prevent becoming the next ransomware victim?

Good question. Keeping frequent backups is important. You can back up the files on your PCs and phones onto external hard disk drives. These days, you can often get 2 TB of storage for less than $100. Whether you use Windows, macOS, Android phones, or iPhones, there are many different applications you can use that can make automated backups for you on a regular basis. If your device gets infected by ransomware, you’ll have to option of factory resetting it or re-installing the operating system in order to get rid of the malware. Then you can restore your files from your backups, no ransom payment necessary.

If you get infected by ransomware and you don’t know what kind it is, don’t freak out. There are free services like No More Ransom and even .a web app you can use to help you figure out what kind of ransomware you’re dealing with. Once you know your breed of ransomware, you can see if No More Ransom has a free decryption tool for it. A lot of the ransomware in the $750 ransomware pack doesn’t have a decryption tool yet, but there are decryption tools for nearly 100 types of ransomware and No More Ransom is always adding more.

The worst thing you can do is pay the ransom. Not only is it an expensive way out, but paying ransoms makes deploying ransomware lucrative for cyber attackers. If they didn’t make money from it, they wouldn’t do it. And sadly, most of the time just paying up doesn’t even work—and you’ve been screwed twice. But for some people and enterprises, paying the ransom is a desperate last resort if they haven’t backed up their files properly.

Share this article

Network-assessment

Worked in a variety of IT roles until cybersecurity captured her intrigue after resolving a multitude of different malware problems for clients. Concurrently with computer technology, she enjoys creative writing and even won a few writing contests as a child. Over the years, these interests have segued into a successful blogging career. She enjoys reading novels and biographies, console gaming, lurking in web forums, alternative fashion and listening to jazz, funk, and goth music.

Website Comments

Post a comment