Saturday, January 18, 2025
HomeRansomwareRansomware-as-a-Service - Now Anyone can Download Free Ransomware that is Available on...

Ransomware-as-a-Service – Now Anyone can Download Free Ransomware that is Available on Dark Web

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered a new Ransomware as a service threat available in the Dark web with free of cost without any registration.

Instead of distributing the Malware and infect the computer, Malware authors are earning money by selling their malware via Ransomware as a service cybercrime business model.

In this case usually, ransomware developer host their services in dark web and anyone can buy it and they can change their own modification such as ransom amount, ransom notes.

Apart from this, some sophisticated Ransomware having some advanced functions such evasion techniques to avoid detection and analysis also users will be provided a control panel to control each and every infected victim.

Also Read:  Ransomware Attack Response and Mitigation Checklist

Ransomware as a Service

Buyers just need to set up their vault address and they need to customize it then later they will spread the malware.

So once infect victims paid the ransom amount then the percentage of the amount will deliver both buyer and the malware author who create this ransomware.

How Does this Ransomware as a Service Works

This Ransomware as a Service underground Process is well organized and well-planned cybercrime operation.

Buyer can get the ransomware from secret Tor Website (onion) that includes a guide that helps buyer for proper configuration process.

Ransomware as a Service

In this case, before reach the original version, buyers can try the demo version of the ransomware.

Buyer only needs to add their bitcoin wallet address and the ransom amount that they want to demand from the victim.

After completed this process, Malware will be successfully generated and the user can be downloaded it.

Once buyer successfully distributed and compromise the victims and if the victim will be paid the ransom amount then the 10% of ransom amount will be transferred into the original developer’s wallet.

Free Ransomware Running Process

Once it launched into the Victims system, initially it checks the internet connection, if it finds an internet connection then it will terminate its process.

But once it finds the connection then it will communicate with a specific address and download an encryption key.

According to McAfee Labs,Once the file is running, it creates several files on the system:
  • Encryption_key: the RSA key encrypted in AES
  • Lock_file: an indicator that the system is encrypted
  • Uuid_file: a reference for the infected machine. A TOR address is generated with this ID.

After the successful process of encryption, it displays the ransom notes on the user desktop and it points to the TOR site hxxp://kdvm5fd6tn6jsbwh[.]onion with the ID of the infected machine.

Once the payment will be made by the victims then they can download the decryption key to unlock the Encryption key.

“The targeted extensions include many picture and photography files related to Canon, Kodak, Sony, and others. There are also extensions for AutoCAD, Autodesk projects, scalable vector images, and Microsoft Office files. These files are mostly used by designers, photographers, architect—and many others. “

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

New NonEuclid RAT Evades Antivirus and Encrypts Critical Files

A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has...

New Great Morpheus Hacker Group Claims Hacking Into Arrotex Pharmaceuticals And PUS GmbH

A Data Leak Site (DLS) belonging to a new extortion group named Morpheus, which...

1000’s Of SonicWall Devices Remain Vulnerable To CVE-2024-40766

A recent investigation revealed that the Akira and Fog ransomware groups are actively exploiting...