Managed ‘Russian ransomware’ as a service spotted in the wild

By Dancho Danchev

In 2013, you no longer need to posses sophisticated programming skills to manage a ransomware botnet, potentially tricking tens of thousands of gullible users, per day, into initiating a micro-payment to pay the ransom for having their PC locked down. You’ve got managed ransomware services doing it for you.

In this post I’ll profile a recently spotted underground market proposition detailing the success story of a ransomware botnet master that’s been in business for over 4 years, claiming to be earning over five hundred thousands rubles per month.

More details:

What he offers are two packages of his ransomware release. The first package includes the actual source code (in Delphi), as well as detailed instructions on using and modifying it. The price is $100. The second package however, includes the option of directing live traffic to the landing pages of his customers. This is an attempt to efficiently convert the traffic into ransomware-infected hosts, the source code of the ransomware, managed crypting of the actual binaries, money laundering tips for the fraudulently obtained funds, as well as instructions on how to actually ‘cash out’ the money through an ATM. The price for the second package is $500.

Sample screenshot of the actual ransomware:


Sample screenshot of the source code offered as a proof for its possession:


Sample screenshot of the cybercriminal’s statement from his bank, proving that his fraudulent campaigns are actually generating him tons of money:


We’ll continue monitoring the development of this service, and post updates as soon as new developments emerge.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

One thought on “Managed ‘Russian ransomware’ as a service spotted in the wild

  1. Pingback: Novel ransomware tactic locks users’ PCs, demands that they participate in a survey to get the unlock code | Webroot Threat Blog - Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s