By Dancho Danchev

From managed ransomware as a service ‘solutions to DIY ransomware generating tools, this malicious market segment is as hot as ever with cybercriminals continuing to push new variants, and sometimes, literally introducing novel approaches to monetize locked PCs.

In this case, by forcing their users to complete a survey before they receive the unlock code.

More details:

Sample screenshot of the actual advertisement at a cybercrime-friendly international underground marketplace:


Its customers are able to add up to two survey links allowing them to earn more revenue from the ransomware victims who would be unwillingly participating in the surveys. The ransomware blocks the Task Manager, CMD, Regedit and the Start Menu. Its author accepts Bitcoin.

Despite the fact that the ransomware doesn’t pose any sophisticated features — bypassing signatures based antivirus scanning is not a feature, it is an every day reality — it provides and example of an efficient business model aiming to utilize cost-per-action (CPA) affiliate networks in an attempt to generate revenue for the market participants.

We’ll continue monitoring the development of this ransomware, and most importantly, whether or not this monetization model will scale across the international underground marketplace.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This