The developer of an easy-to-use form of customisable ransomware has massively expanded their activities, expanding their arsenal of cybercriminal tools and making it even easier for would-be cyber crooks to set up operations.
First spotted in September last year, Philadelphia ransomware is simple to deploy and at $400, is a relatively low-cost investment for entry-level cybercriminals, who also get support and updates as part of a 'ransomware-as-a-service' package which provides them with the opportunity to become part of a billion-dollar industry.
Now its creator, who goes by the name of 'The Rainmaker' on underground forums, is pushing a 'Full Lifetime License' for Philadelphia ransomware, complete with promotional videos and screenshots, spamming the Jabber messaging platform with adverts for the malicious software.
Sergey Shykevich, head of cyber research at security company Clearsky, said The Rainmaker represents a specific type of actor in the cybercrime ecosystem: those who prefer to sell products, mostly at a relatively low technological level and at low prices, but to a wide audience. "This actor represents a trend of some new cybercriminals, that try to sell their products and services also to non traditional audience, outside of Deepweb forums and markets," he said.
In addition to the basic-looking Jabber spam campaign, the cybercriminal vendor -- spotted by researchers at ClearSky Security -- has set up a professional-looking website for advertising 'anti-security solutions' and 'award-winning support'.
Not only are two different types of of ransomware available on the site, but various forms of other malicious tools are also advertised. They include DDoS attack tools, a remote access Trojan, a credential stealer, and tools which allow users to spam emails.