January 25, 2013Dancho Danchev By Dancho Danchev

Novice cybercriminals experiment with DIY ransomware tools

For years, the DIY (do-it-yourself) trend has been evident across the entire cybercrime ecosystem.

From the early exploits generating DIY tools that set the foundations for the upcoming “malicious economies of scale” trend to emerge, to the ongoing leaks of DIY botnet and malware generating tools that were once only available to advanced attackers, it’s never been easier to enter the world of cybercrime.

In this post, I’ll profile a novice cybercriminal’s approach to entering the profitable world of ransomware.

More details:

Sample screenshot of the DIY ransomware tool:


Sample “Locked Screen” displayed to the affected victims:


Could this DIY ransomware generating tool somehow compete with alternative ransomware variants?

Not necessarily, as it lacks a command and control (C&C) interface, a feature that’s available by default in market leading ransomware-as-a-service propositions. However, with Reveton (also known as the Police ransomware) continuing to make the headlines thanks to its efficient monetization approach applied to infected hosts, novice cybercriminals will continue trying to catch up with their sophisticated “colleagues” in an attempt to steal some of the market share of this emerging monetization tactic. Therefore, we expect to see more DIY ransomware generating tools to hit the underground marketplace throughout 2013.

Users are advised to ensure that they’re running the latest versions of their third-party software, as well as browser plugins, in an attempt to mitigate a huge percentage of the risk posed by the fact that the majority of Web malware exploitation kits continue relying on outdated and already patched client-side vulnerabilities.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button