Larry Abrams at Bleepingcomputer reported on a new strain that raises some eyebrows.
"A new version of the Stampado ransomware called Philadelphia has started being sold for $400 USD by a malware developer named The Rainmaker, According to Rainmaker, Philadelphia is being sold as a low cost ransomware solution that allows any wannabe criminal to get an advanced ransomware campaign up and running with little expense or complexity.
"On closer look, though, the Philadelphia Ransomware is not as sophisticated as advertised. As it is programmed in the AutoIT scripting language, it can be decompiled and analyzed for weaknesses. " In the cyber criminal's own words, the advertised features are:
"Everything is customisable:
- You can set the folders where the Ransomware will look for files as well as the depth/recursion level
- You can set the extensions, you can enable, disable and define intervals for the deadline and the russian roulette (as well as editing how many files are deleted on every russian roulette interval and whether the files or the crypt key gets deleted once the deadline ends
- You can edit file icon and Mutex
- You can edit the UAC (user access control) in four available options: (1) do not ask for admin privilleges; (2) ask and insist until it is given; (3) ask but run anyway even if it is not given; (4) ask and give up if it is not given
- You can edit all the interface texts as well as add multiple languages to the same file (it will detect the machine language and display the texts you edited for that locale or a default/fallback one)
- You can enable or disable USB infect, network spread and Unkillable Process, as well as set the process name
The Philadelphia Headquarter is a software that works on your machine and allows you to generate unlimited builds, see the victims on a map and on a list (with country flags and all the data you need) and also a "Give Mercy" button if you're too good 0:)"
He even has a PDF with screen shots that starts to look like professional documentation. One noteworthy feature is called "Bridges" which basically are PHP scripts on compromised servers that allow for the decryption of files instead of having to rely on expensive C&C servers. Problem is that if the PHP script disappears, the files will never be able to be decrypted. Hmmmm. Way more detail at Bleepingcomputer! Hat Tip to Larry.
Get your Updated Ransomware Hostage Rescue Manual
Get the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:
- What is Ransomware?
- Am I Infected?
- I’m Infected, Now What?
- Protecting Yourself in the Future
- Resources
Don’t be taken hostage by ransomware. Download your rescue manual now!
Don't like to click redirected buttons? Cut & Paste this link in your browser:
https://info.knowbe4.com/ransomware-hostage-rescue-manual-0