Security experts from the Heimdal security firm have discovered a new strain of ransomware dubbed Stampado that is available for sale on the Dark Web.
The Stampado ransomware is offered for sale with a lifetime license that goes for just $39, which is considered a very aggressive promotion.
The cost of $39 for a lifetime license is far less than any other ransomware offered in the criminal underground, even if it is sold for with a Ransom-as-a-Service model.
“Security Alert: New and Cheap Stampado Ransomware for Sale on the Dark Web – Heimdal Security Blog Stampado is a new ransomware family promoted through aggressive advertising campaigns on the Dark web.” states the blog post published by Heimdal Security firm.
“Its creators are probably aiming to appeal to as many buyers as possible by pricing it well below their competitors in the ransomware-as-a-service market: just $39 for a lifetime license!”
The malware author advertises the Stampado ransomware highlighting its simplicity of use and of course the low cost.
“Stampado is a cheap and easy-to-manage ransomware, developed by me and my team. It’s meant two [sic] be really easy-to-use. You’ll not need a host. All you will need is an email account.” reads the ad.
Once running on the infected PC, the Stampado ransomware would encrypt files and add the .locked extension to them. The malicious code doesn’t need administrator privileges for its installation.
The malicious code is very flexible and can be deployed in multiple formats (exe, bat, dll, scr, and cmd), according to Heimdal security the operators can also use binders, packers and crypters for distribution.
“The file can be sent in the following formats: exe, bat, dll, scr, and cmd.You can also use binders, packers and
You can also use binders, packers and crypters (although it’s FUD – do NOT send it to VirusTotal or other online AV sites because they distribute it to AV companies – even when they say that they don’t. Prefer scanning yourself).” continues the ad.
Victims have 96 hours to pay the ransom before the threat will start deleting a random file every 6 hours.
The author of the Stampado Ransomware also included in the ad a video that shows the malware in execution and provide instructions on how to decrypt the locked files.
(Security Affairs –Stampado Ransomware, Dark Web)