An affordable ransomware has emerged, dubbed AlphaLocker, that aims to democratize the criminal business of cyber-extortion.
According to Cylance, this family of ransomware is directly purchased from the author via the internet for a mere pittance—$65, paid in Bitcoin, naturally.
“For that low price you get your own unique copy of the main executable (the actual ransomware), the master decryptor binary (based on Hidden Tear), and your own administrative panel instance,” the researchers said. “Hosting, spreading, and other typical ransomware services are then left to the buyer.”
The lower price point allows ‘less-skilled’ ne'er–do–wells to possess and control (and profit from) ransomware, with little to no coding and zero ramp-up time. In other words, all you need is $65 bucks and a cybercrime dream.
AlphaLocker stands in stark contrast to some of the more recent turn-key offerings like Ransom32, ORX-Locker, or Encryptor RAAS, which lack a full administrative panel and other customization features present in a fully packaged malware kit. All of AlphaLocker’s configuration and support files are unencrypted and in English, though the author(s) appear to be Russian.
The first versions began to appear in March 2016, Cyclance researchers noted, adding that AlphaLocker is based on the Eda2 project, by Utku Sen.
“This was an ‘open source’ ransomware project that, until recently, was openly available via Utku’s github. In January 2016, the source was pulled by Utku in response to the code being used in real attacks (and the data could not be recovered via a built-in backdoor),” they pointed out. “This is a critical point. Not only is the behavior blatantly and contextually malicious, but the actual source code is public and easy to find.”
Worryingly, the ransomware has very low detection rates, so users should be extra-vigilant, particularly since AlphaLocker and others like it could usher in a new era of widespread attacks.
“Ransomware is the new normal,” Steve Malone, the director of product management at email security company Mimecast, told Infosecurity. “The old methods of AV and AS email protection won’t cut it anymore and ignoring the problem won’t make it go away. Ransomware has become a well-funded, well-organized cyber threat in today’s market. The perpetrators have simply become too good at it, and pretending that’s not happening, or quietly paying attackers off in the event that your network is hit, only emboldens them further.”
Victims of ransomware attacks should never pay the ransom nor negotiate with the attackers. Instead, it pays to be prepared with secure file back-ups.
Photo © Nicescene