Sophos: New ‘Junk Gun’ Ransomware disrupts RaaS Space

RaaS market disruption

The ransomware-as-a-service (RaaS) market is getting disrupted, which has armed hackers with easy-to-use, off-the-shelf, and affordable ransomware solutions. The market, which has witnessed the disappearance of big players for over two years, is getting populated with ‘Junk Gun’ ransomware on the dark web

The new family of ransomware is attracting ‘buyers’ because it is very cheap. According to a Sophos research report, The median price for these junk-gun ransomware variants on the dark web was $375, significantly cheaper than some kits for RaaS affiliates, which can cost more than $1,000.

 

The most common ransomware infection routes include visiting malicious websites, downloading a malicious attachment or via unwanted add-ons during downloads.

A single careless moment is enough to trigger to a ransomware attack. Since malware is designed to remain undetected for as long as possible, it is difficult to identify an infection. A ransomware attack is most likely to be detected by security software.

Junk gun ransomware discussions occur primarily on English-speaking dark web forums aimed at lower-tier criminals.

“Over the past two months, however, some of the biggest players in the ransomware ecosystem have disappeared or shut down, and, in the past, we’ve also seen ransomware affiliates vent their anger over the profit-sharing scheme of RaaS,” Christopher Budd, Director (Threat Research) of Sophos, said.

Modus Operandi

Instead of selling or buying ransomware to or as an affiliate, the attackers create and sell these unsophisticated ransomware variants for a one-time cost—which other attackers sometimes see as an opportunity to target small and medium-sized businesses (SMBs) and even individuals.

The report indicates that cyber attackers have deployed four of these attack variants. While the capabilities of junk-gun ransomware vary widely, its biggest selling points are that it requires little or no supporting infrastructure to operate and that users aren’t obligated to share their profits with the creators.

Leave a Reply

Your email address will not be published. Required fields are marked *