An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model.
An Iranian developer is advertising on Telegram a Ransomware-as-a-Service called BlackRouter. The same expert advertises other malware and is believed to the author of another ransomware called Blackheart. promotes other infections such as a RAT.
BlackRouter was first observed in May 2018, at the time experts at TrendMicro discovered legitimate application AnyDesk bundled with the Ransomware.
According to Bleeping Computer, security researcher Petrovic discovered a new variant of the BlackRouter Ransomware in January, but the MalwareHunterTeam stated that only differences between this variant and previous ones were an improved GUI and the implementation of a timer.
A researcher that goes online with the handle A Shadow told BleepingComputer that the same ransomware was offered as a RaaS platform in a hacking channel on Telegram by an Iranian developer.
The developer offers to its customers 80% of paid ransom payments, keeping for him the remaining 20%.
At the time, the BlackRouter was not widespread, Bleeping Computer reports only one submission to ID Ransomware since December 31.
The ransomware was mainly distributed via RDP accesses or through fake cracks and downloads.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.