Ransomware Selling for $400
Posted by: Timothy Weaver on 09/12/2016 11:41 AM
[
Comments
]
Stampedo ransomware, recently renamed Philadelphia by the cybercriminal who goes by the name of The Rainmaker, is now on the dark web selling for $400.
It is being marketed to entry level ransomware criminals for just a small investment and those with a little knowledge. It includes features such as automatically detecting when a ransom is paid and then decrypting the victims files. It can also spread itself to attached storage devices and networked computers.
“The Philadelphia Headquarter is a software that works on your machine and allows you to generate unlimited builds, see the victims on a map and on a list (with country flags and all the data you need) and also a 'Give Mercy' button if you're too good 0
,” from The Rainmakers online ad for the ransomware.
One of the flaws in the malware, according to Bleeping Computers Lawrence Adams, is that it does not use a command and control server. It uses a PHP script that Rainmaker calls Bridges, which connects the ransomware to a user interface and stores the decryption key.
If the Bridge is taken down, the ransom cannot be paid and the files cannot be decrypted.
The other main flaw is that there is a decryptor key available as there was with the earlier versions of Stampedo.
The malware is spread by using spear phishing emails.
Source: SCMagazine
It is being marketed to entry level ransomware criminals for just a small investment and those with a little knowledge. It includes features such as automatically detecting when a ransom is paid and then decrypting the victims files. It can also spread itself to attached storage devices and networked computers.“The Philadelphia Headquarter is a software that works on your machine and allows you to generate unlimited builds, see the victims on a map and on a list (with country flags and all the data you need) and also a 'Give Mercy' button if you're too good 0
,” from The Rainmakers online ad for the ransomware.One of the flaws in the malware, according to Bleeping Computers Lawrence Adams, is that it does not use a command and control server. It uses a PHP script that Rainmaker calls Bridges, which connects the ransomware to a user interface and stores the decryption key.
If the Bridge is taken down, the ransom cannot be paid and the files cannot be decrypted.
The other main flaw is that there is a decryptor key available as there was with the earlier versions of Stampedo.
The malware is spread by using spear phishing emails.
Source: SCMagazine
Comments
