New "Affordable" Ransomware Hits the Market
Posted by: Timothy Weaver on 05/06/2016 10:52 AM
[
Comments
]
With each passing week, it seems a new ransomware variant hits the market. This week researchers have found a new ransomware variant: a relatively affordable ransomware-as-a-service named AlphaLocker.
What makes this new malware noteworthy is its price. The ransomware can be purchased directly from the author for as little as $65 USD, via Bitcoin. With proof of purchase, attackers get a copy of the actual ransomware, the master decryptor binary, and their own administrative panel.
The selling points are advertised to “encrypt all drives connected to the PC,” and “continues to encrypt files when the computer is turned off.” But the selling price is what worries the researchers.
“The lower price point allows ‘less-skilled’ ne’er–do–wells to possess and control (and profit from) ransomware, with little to no coding and zero ramp-up time,” said Jim Walter, a researcher with the firm Cylance
While support files affiliated with the ransomware are in English, the firm believes the author behind it is Russian.
Walter claims that the authors behind the ransomware periodically push updates to avoid getting caught by signature-based security technologies.
"While that practice is absolutely the norm amongst malware authors, it never ceases to amaze just how easily the bad guys are able to keep up the evasion, staying one step ahead of signature-based detection technologies,” Walter wrote.
Details around AlphaLocker come just a few days after the FBI issued a warning urging businesses hit by ransomware to resist paying attackers for access to their files.
Source: ThreatPost
What makes this new malware noteworthy is its price. The ransomware can be purchased directly from the author for as little as $65 USD, via Bitcoin. With proof of purchase, attackers get a copy of the actual ransomware, the master decryptor binary, and their own administrative panel.The selling points are advertised to “encrypt all drives connected to the PC,” and “continues to encrypt files when the computer is turned off.” But the selling price is what worries the researchers.
“The lower price point allows ‘less-skilled’ ne’er–do–wells to possess and control (and profit from) ransomware, with little to no coding and zero ramp-up time,” said Jim Walter, a researcher with the firm Cylance
While support files affiliated with the ransomware are in English, the firm believes the author behind it is Russian.
Walter claims that the authors behind the ransomware periodically push updates to avoid getting caught by signature-based security technologies.
"While that practice is absolutely the norm amongst malware authors, it never ceases to amaze just how easily the bad guys are able to keep up the evasion, staying one step ahead of signature-based detection technologies,” Walter wrote.
Details around AlphaLocker come just a few days after the FBI issued a warning urging businesses hit by ransomware to resist paying attackers for access to their files.
Source: ThreatPost
Comments
