New dark web scheme lets wannabe cybercriminals get in on ransomware - for free

Ransomware operation provides malicious software in exchange for a slice of successful scores.
Written by Danny Palmer, Senior Writer

The service offers step-by-step instructions on building ransomware.

Image: Fortinet

A new dark web scheme could allow any wannabe cybercriminal to grab a piece of the ransomware pie for free -- on the condition that any ill-gotten profits are split 50/50.

Ransomware -- a form of malware which encrypts a victim's files and demands a ransom to restore them -- has boomed in the last 18 months. A number of ransomware-as-a-service affiliate schemes allow even the most technically illiterate cyber thief to cash in on a form of crime which cost businesses over a billion dollars last year.

But while these schemes are sold to users for a fee -- be it a one-off payment, or as part of a subscription based service -- this new ransomware operation is providing malicious software to affiliates for free in exchange for a big slice of any successful scores.

The move represents another evolution in ransomware which could make it an even more dangerous threat, because criminals may be tempted to download it and launch a ransomware campaign as they don't need to part with their cash to do so.

"The simplistic and straight-forward design of Dot ransomware enables just about anyone to conduct cybercrime," warn Fortinet researchers, who predict Dot will soon become a big threat to businsesses.

"Although we haven't seen this ransomware in the wild, with the advertisements being made accessible on hacking forums, it's only a matter of time until people start taking the bait."

This particular scheme appeared during mid-February and offers users Dot ransomware. All the user needs to get started is to access to the download via the Tor browser and to register a Bitcoin address -- Bitcoin being the number one method of extorting ransoms.

Once this is done, the authors of Dot provide a guide to getting started, including recommendations of which file types to use to distribute ransomware, as well as recommendations for what ransoms to charge in which countries in order to maximise returns.

The authors even go so far as to provide a dashboard for users to keep track of the number and status of infections. The core of the malicious software service appears to be designed to look as if it's like any other form of legitimate set of software tools.


Dot's authors attempt to position the ransomware as like any other software service.

Image: Fortinet

Offering Dot as a free, commissioned-based service has advantages for both the authors and their affiliates; the ransomware writers have an easy way of spreading their malicious software -- complete with with ongoing significant returns from successful infections -- while the would-be criminals get their hands on ransomware without having to pay.

However, the author has coded Dot to ensure that a technically literate user can't rewire the program to take all the payment for themselves.

Victims are infected with Dot via malicious attachments, which will encrypt their files when run and open a ReadMe HTML, informing them they need to pay a Bitcoin ransom in order to regain access to their data.

Read more on cybercrime

Editorial standards