New Ransomware Offers on Darknet Forums

Delaware, USA ā€“ November 6, 2018 ā€“ Cybercriminals sell the pack of 23 ransomware strains on underground forums in Darknet. Anyone can purchase for $750 CryBrazil, XiaoBa, Magniber, Satan and even the infamous SamSam ransomware. This sum is significantly more than any RaaS platform asks, but the purchaser gets an opportunity in case of failure of one malicious tool to immediately start using another and repeat the attack until it reaches success. Along with ransomware, the purchaser will receive tutorials and instructions for a successful attack. It is worth noting that cybercriminals include SamSam strain to the package, as the researchers suggest that only one group or even a single attacker conducts all SamSam attacks. In addition, the installation of SamSam should be done manually, so it is fair to assume that this pack is prepared for experienced cybercriminals. In order to increase interest in the malware bundle, the seller announced that the offer was limited and only 25 customers would receive malicious tools.

Also last week a new version of Kraken Cryptor was released, which is available through a RaaS model. Malware authors offer it for only $50 and 20% of future payments promising to update the strain every other week. The cost of decrypting data sometimes reaches 1 Bitcoin. Cybercriminals are looking for new opportunities to monetize their malware involving a greater number of attackers, and the proposed package of 23 ransomware strains will be of interest to attackers targeted at companies. To protect the organization from such attacks, it is recommended to get the Ransomware Hunter rule pack for your SIEM tool: https://my.socprime.com/en/integrations/ransomware-hunter-arcsight