Hi guys, I recently wrote an article for my blog about a new service that lets you create your own ransomware. Due to Cybrary policies, this article was rejected from Cybrary OP3N, but I still think it would be interesting to some people, so I will write about it here.
A new type of ransomware is being freely distributed on the Deep Web, but this is not normal ransomware. This RaaS (ransomware as a service) is a new form of cybercrime that works by malware authors distributing the ransomware builder, and then taking a cut of the ransoms it generates. Anyone, no matter how computer savvy they are, can launch a fully-functional ransomware campaign to unsuspecting victims.
Atom Ransomware, formerly called Shark, first started popping up on the Internet in mid July 2016. You can download it through their professional looking website that gives you step by step instructions on how to set it up and start infecting people. The creators claim that it is undetectable by AV software, supports multiple languages, and uses a strong but fast encryption algorithm.
After you download the Atom payload builder, you can specify the bitcoin address to send the ransom to, the directories to infect, the file formats you wish to lock, the price of the ransom, and varying prices for different countries. All of this you can do with no technical knowledge. If you can type on a computer, you can use Atom to create ransomware. The payments are supposedly automated; sending the money first to the malware developers who take a 20% cut, then they send the other 80% to your bitcoin address that you supplied. After it encrypts the files with a .locked extension, it creates an encryption key like every other ransomware. After that, it locks the screen prompting for a password to unlock the files.
Could this be the start of a new cybercrime service? Could this be the future of ransomware?
It’s hard to say what the future will look like in this ever-changing industry, but it very well may play a big part in the future of cybercrime. With open source ransomware such as HiddenTear, and the DIY ransomware builders already out there like Tox, ransomware is becoming easier and easier to make. And with all the work it takes to launch a ransomware campaign, why distribute your ransomware yourself? Atom has a great business model so far. Easily make the ransomware, have other people distribute it, and take 20% of the profits. 20% might not sound like a lot, but say someone customizes Atom to sell for $100 to unlock the files. If that person infects one other person, that’s still $20; and it will only continue to grow as more and more people create new Atom ‘strains.’ This is highly illegal and extremely unethical, but you have to admit, it’s a great idea, and will surely be a huge money maker for them.
The one problem that may arise is that there’s no way for Atom users to guarantee that they will get the 80%. Could this just be a huge scam to get people to spread Atom? Could the developers just take the whole ransom and walk away? Let me know what you think in the comments below!
In the future I hope to be analyzing Atom more in depth, as it seems like a very cool project, and I’d love to know more about how it works internally.