Novice cybercriminals experiment with DIY ransomware tools

By Dancho Danchev

For years, the DIY (do-it-yourself) trend has been evident across the entire cybercrime ecosystem.

From the early exploits generating DIY tools that set the foundations for the upcoming “malicious economies of scale” trend to emerge, to the ongoing leaks of DIY botnet and malware generating tools that were once only available to advanced attackers, it’s never been easier to enter the world of cybercrime.

In this post, I’ll profile a novice cybercriminal’s approach to entering the profitable world of ransomware.

More details:

Sample screenshot of the DIY ransomware tool:


Sample “Locked Screen” displayed to the affected victims:


Could this DIY ransomware generating tool somehow compete with alternative ransomware variants?

Not necessarily, as it lacks a command and control (C&C) interface, a feature that’s available by default in market leading ransomware-as-a-service propositions. However, with Reveton (also known as the Police ransomware) continuing to make the headlines thanks to its efficient monetization approach applied to infected hosts, novice cybercriminals will continue trying to catch up with their sophisticated “colleagues” in an attempt to steal some of the market share of this emerging monetization tactic. Therefore, we expect to see more DIY ransomware generating tools to hit the underground marketplace throughout 2013.

Users are advised to ensure that they’re running the latest versions of their third-party software, as well as browser plugins, in an attempt to mitigate a huge percentage of the risk posed by the fact that the majority of Web malware exploitation kits continue relying on outdated and already patched client-side vulnerabilities.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

2 thoughts on “Novice cybercriminals experiment with DIY ransomware tools

  1. Pingback: A peek inside a DIY password stealing malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  2. Pingback: Novel ransomware tactic locks users’ PCs, demands that they participate in a survey to get the unlock code | Webroot Threat Blog - Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s