Ransomware: Now available with slick marketing

Ransomware vendors are advertising their wares with ever-greater polish and skill.
Written by Danny Palmer, Senior Writer

The developer of an easy-to-use form of customisable ransomware has massively expanded their activities, expanding their arsenal of cybercriminal tools and making it even easier for would-be cyber crooks to set up operations.

First spotted in September last year, Philadelphia ransomware is simple to deploy and at $400, is a relatively low-cost investment for entry-level cybercriminals, who also get support and updates as part of a 'ransomware-as-a-service' package which provides them with the opportunity to become part of a billion-dollar industry.

Now its creator, who goes by the name of 'The Rainmaker' on underground forums, is pushing a 'Full Lifetime License' for Philadelphia ransomware, complete with promotional videos and screenshots, spamming the Jabber messaging platform with adverts for the malicious software.

Sergey Shykevich, head of cyber research at security company Clearsky, said The Rainmaker represents a specific type of actor in the cybercrime ecosystem: those who prefer to sell products, mostly at a relatively low technological level and at low prices, but to a wide audience. "This actor represents a trend of some new cybercriminals, that try to sell their products and services also to non traditional audience, outside of Deepweb forums and markets," he said.

In addition to the basic-looking Jabber spam campaign, the cybercriminal vendor -- spotted by researchers at ClearSky Security -- has set up a professional-looking website for advertising 'anti-security solutions' and 'award-winning support'.

In addition to Philadelphia, the website also promotes Stampado, a particularly cheap and nasty form of ransomware which uses worm-like capabilities to move across networks and external drives.

Not only are two different types of of ransomware available on the site, but various forms of other malicious tools are also advertised. They include DDoS attack tools, a remote access Trojan, a credential stealer, and tools which allow users to spam emails.

While Philadelphia is far from becoming one of the most common forms of ransomware, the move reflects how slick the marketing of such scams has become.

Because it is proving easy to make a profit from, ransomware has become one of the biggest menaces on the web. This ZDNet guide contains everything you need to know about it: how it started, why it's booming, how to protect against it, and what to do if your PC suffers an attack.


A custom version of Philadelphia ransomware designed to extort money from individuals by demanding lower ransoms.

Image: Proofpoint


Editorial standards