Yesterday I wrote about a new Ransomware-as-a-service, the FAKBEN, surfaced from the criminal underground, requesting customers 10 percent profit cut. In the previous days I reported other cases involving ransomware, such as a malicious code that infected the UK Parliament, an off-line ransomware and a Linux.Encoder1 ransomware revealing the decryption key.
According to Bitdefender, a Cryptolocker/Cryptowall Ransomware Kit is offered for sale for $3,000, including its source code.
The experts consider this offer for the Cryptolocker/Cryptowall Ransomware Kit not that expensive for the features it implements. We have seen that the return on investment for ransomware like Cryptowall could be very high.
Security researchers of the Cyber Threat Alliance have conducted an investigation into the cybercriminal operations leveraging CryptoWall 3.0 ransomware.
A Pastebin post also claims that the manual and free support is included along with Cryptolocker/Cryptowall Ransomware Kit source code, of course, buyers can pay it in Bitcoin.
The sellers also offer for sale ransomware binaries, a bundle of 8 goes for $400. However, the developer is opening to various models of sales, including the affiliate program in which he would share 50/50 the revenue with potential buyers.
“This is your chance to become a partner and join or buy build individual to you and use and to generate income and to convert and monetization,” reads the post. “If you are interested then contact i need a partnership and also iselling build to you.”
This is one of the few times when we can take a look at how the underground market works, the types of services offered, and maybe estimate the amount of money made from selling custom-made malware.
Liviu Arsene, Security Researcher at Bitdefender, explained that buyers of Cryptolocker/Cryptowall Ransomware Kit will allegedly not only gain access to full support but paying an additional fee they fully customize their ransomware.
“Those who actually want to purchase the Cryptolocker/Cryptowall Ransomware Kit will allegedly not only gain access to full support, but can also ask for additional modules or customizations, such as preferred language interfaces for the access panel or custom deployments on VPS servers.” said Arsene.
Below the information provided by the seller, including the list of features implemented in the Cryptolocker/Cryptowall Ransomware Kit. It is interesting to note that the developer claims the ability of its ransomware of communicating with Command and Control servers over Tor without losing any connections, a unique technique that will only be disclosed once contacting support.
“Information for customers:
Unfortunately is even simpler for wannabe cyber criminals to arrange a ransomware campaign, they don’t need specific technical know-how to start developing and spreading their custom malware.
(Security Affairs – Cryptolocker/Cryptowall Ransomware Kit , cybercrime)