Security Alert: New and Cheap Stampado Ransomware for Sale on the Dark Web
How cyber criminals advertise their malware to increase their reach and revenue
The ransomware market is booming and evidence to this is, unfortunately, abundant.
And because cryptoware is such a big segment of the malware economy, malware creators have to constantly release new “products” to keep their clients engaged and the money flowing.
Here’s just how a new ransomware family gets advertised on the forums where cyber criminals come to do their shopping.
Enter the new Stampado ransomware
You may not have heard of it, yet, but the odds are that it will soon be all over the news.
Stampado is a new ransomware family promoted through aggressive advertising campaigns on the Dark web.
Its creators are probably aiming to appeal to as many buyers as possible by pricing it well below their competitors in the ransomware-as-a-service market: just $39 for a lifetime license!
The sales pitch is straightforward and very enthusiastic:
Newest Ransomware in market!
You always wanted a Ransomware but never wanted two pay Hundreds of dollars for it?
– This list is for you! 🙂
Stampado is a cheap and easy-to-manage ransomware, developed by me and my team.
It’s meant two be really easy-to-use. You’ll not need a host. All you will need is an email account.
The rest of the ad follows the same approach.
The basic details provided in the advertisement indicate that Stampado has roughly the same functionality as CryptoLocker and other similar ransomware.
Another part of the advertisement emphasizes the flexibility that Sampado offers:
The file can be sent in the following formats: exe, bat, dll, scr, and cmd.
You can also use binders, packers and crypters (although it’s FUD – do NOT send it to VirusTotal or other online AV sites because they distribute it to AV companies – even when they say that they don’t. Prefer scanning yourself).
Once if infects a computer, Stampado will add the extension “.locked” to all kidnapped files.
Here is a printscreen of the cyber criminals’ ad on the Dark web, which underlines the key benefit:
Price is ONLY $ 39 for LIFETIME LICENSE!
Taking it one step further, the creators behind Stampado have even uploaded a presentation video to Youtube, showing it in action:
A few extra details are mentioned in the video:
- Stampado doesn’t need administrator privileges to infect computers (most ransomware don’t need system permissions to encrypt the data)
- It gives the victims 96 hours to pay the ransom
- And it includes an additional social engineering trick: if the ransom isn’t paid, Stampado will delete a random file from the victim’s PC every 6 hours.
Although we know it’s wishful thinking, we can only hope that this ransomware family won’t spread to affect too many users. Unfortunately, given the details we just mentioned, the opposite might just happen.
The wisest thing that any user and organization can do is understand how ransomware acts and spreads, going beyond data encryption.
And just in case your data was actually encrypted by this ransomware, know that cyber security researchers have cracked the code and released a decryption tool for Stampado. Be sure to read a bit about how the process works, so you can get your data back safely, without irreversibly damaging it.
Once you’ve finally had that “a-ha!” moment, you’ll understand why anti-ransomware protection is important and why data back-ups are a must-have!
* This article features cyber intelligence provided by CSIS Security Group researchers.