Ransomware products and service ads on the dark web show signs of danger

A forensic investigation by Venafi and Forensic Pathways identified 475 web pages peddling sophisticated ransomware products and services.

Credit: Getty Images

Why is the destructive potential of ransomware so dreadful? Some clues can be found in the “for sale” advertisements. In a review of some 35 million dark web URLs, a machine identity management vendor and forensic specialist discovered some 475 web pages peddling sophisticated ransomware products and services along with a number of high profile teams selling ransomware as a service.

The work is a joint effort between Venafi and Salt Lake City-based Forensic Pathways that took place between November 2021 and March 2022. Researchers used Forensic’s dark search engine to conduct the investigation.

30 different ransomware brands identified

Here are some of the search results:

  • 87% of ransomware found on the dark web was distributed via malicious macros to infect targeted systems.
  • 30 different “brands” of ransomware have been identified in market listings and forum discussions.
  • Many ransomware strains sold, such as Babuk, GoldenEye, Darkside/BlackCat, Egregor, HiddenTear, and WannaCry, have been successfully used in large-scale attacks.
  • Ransomware strains used in large-scale attacks result in a higher price for associated services. For example, the most expensive listing was $1,262 for a customized version of Darkside ransomware, which was used in the Colonial Pipeline ransomware attack.
  • Source code listings for well-known ransomware usually command higher prices. For example, the Babuk source code is listed for $950 and the Paradise source code sells for $593.

Ransomware sold for as little as $1

In addition to a variety of ransomware at different price points, a wide range of services and tools that make it easier for attackers with minimal technical skills to launch ransomware attacks are for sale on the dark web, Venafi said. Services with the most listings include those that offer source code, build services, custom development services, and ransomware packages that include step-by-step tutorials.

Generic ransomware generation services also charge high prices, with some listings costing over $900. Many low-cost ransomware options are available on several listings, with prices starting at around $1 for Lockscreen ransomware.

Go home