Curated Content | Thought Leadership | Technology News

The Rise of Cheap Ransomware on the Dark Web

A new storm is brewing.
Heidi Council
Contributing Writer
Dark digital storm clouds

Recent research highlights a worrying trend on the dark web: the proliferation of cheap, one-time-use ransomware tools. Between June 2023 and February 2024, Sophos’ intelligence unit uncovered 19 different ransomware types for sale or in development across various dark web forums. These tools, which researchers liken to the low-quality “junk guns” of the past, are being marketed to amateur cyber criminals, offering them an easy and relatively anonymous entry into the world of cybercrime.

The ransomware variants observed range in price from as little as $20 to around 0.5 bitcoin (approximately $13,000), with a median price of $375. Unlike more sophisticated ransomware-as-a-service (RaaS) models, these tools require no revenue sharing with affiliates, making them particularly attractive to individuals seeking to initiate attacks independently. They target small businesses and individuals less likely to have strong cybersecurity measures in place.

Why it matters: The availability of inexpensive ransomware on the dark web poses significant threats to global cybersecurity, particularly for small and medium-sized businesses (SMBs) and individuals. These tools lower the barriers to entry for aspiring cybercriminals and could lead to an increase in attacks. Moreover, the simplicity and anonymity offered by these ransomware kits complicate efforts by cybersecurity professionals to track and mitigate these threats effectively.

  • Community Engagement on Dark Web Forums: The forums selling these ransomware tools are bustling with activity from amateurs seeking advice and sharing tactics, highlighting the community-driven aspect of this new cybercrime wave. This includes discussions on targeting strategies and operational tips, indicating a collaborative environment that supports the development of cybercriminal skills.
  • Evidence of Usage in the Wild: Despite the uncertainties about their reliability, at least one ransomware tool called EvilExtractor has been confirmed as used in real-world attacks across the U.S. and Europe. Reports on dark web forums also claim successful deployments of other variants, demonstrating the practical threat posed by these tools.
  • Intelligence and Monitoring Challenges: The low cost and independent nature of these ransomware attacks make them difficult to monitor. Christopher Budd from Sophos emphasized the intelligence gap that arises as these attacks often go undetected and unreported, increasing the challenge for defenders to stay ahead of cyber threats.

Go Deeper -> ‘Crude’ ransomware tools proliferating on the dark web for cheap, researchers find – The Record

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters