Cybercriminals are crowdsourcing software that holds your computer hostage

Beware of ransomware.


Joseph Cox


Published Sep 3, 2015   Updated May 28, 2021, 1:12 am CDT

Crowdsourcing has become a popular way to raise money and even solve mysteries. But now a new demographic is taking advantage of the tactic: cybercriminals.

Over the past few months, a handful of hackers have given away powerful ransomware, totally for free, in the hope that others will proliferate it far and wide. Ransomware is software that, once loaded onto a target’s computer, encrypts all of their files until the victim pays a fee. Usually, that fee would go straight to whomever infected the computer, but with this crowdsourced approach, the cash is split between the designer of the malware and his newly found distribution partners.

The spread of ransomware has become a huge issue recently, with private companies, individuals and even police departments being targeted, and a report released this week saw a huge increase in the use of the cybercriminal tactic. 

The rise of crowdsourced ransomware started back in May, when the site Tox hit the Dark Web. This site was incredibly easy to use: Log on, choose how much you want your intended victim to pay (usually in Bitcoin), download the custom piece of ransomware, and then spread it as you see fit, perhaps through phishing emails. If the target takes the bait and pays the ransom, then the bitcoins are transferred into your account, where Tox’s developer takes a 30-percent slice. When it launched, Tox’s creator told Motherboard that hundreds of computers had been infected.  

Shortly after launch, however, the developer of Tox backed out, claiming that he couldn’t handle the pressure of creating the world’s first crowdsourced ransomware. “If I have some random hackers following me it’s ok, no panic. But if FBI or agencies that big start chasing me, who am I to fight back?” he told the Daily Dot.

But the genie had already been let out of the bottle, and other sites stepped in. At the end of July, another site was launched, this time called “Encryptor RaaS”— “raas” meaning ‘ransomware-as-a-service.’ Researchers verified that, although slightly crude, the ransomware worked as intended, and noted that the “accessibility of malicious-tools-as-a-service continue to enable just about anyone to conduct cybercrime.”

At the time of writing, the site for Encryptor RaaS is still online and being advertised on at least one Dark Web hacking forum. The owner claims that over 60 infections have taken place with the software, as of mid-August, according to a post on the same forum.

Just last week, the latest crowdsourced ransomware entered the scene. Dubbed “ORX-Locker,” which researchers confirmed is legitimate, this iteration looks like the most professional scheme so far. The developers take a 25-percent cut of the profits, offer a clean-looking control panel that simplifies downloading and checking on an infected target, and the creators claim to soon to be introducing a feature that allows attackers to increase the ransom demand if their victims don’t swiftly pay up. There’s even a ‘referral program’ that gives users an extra 3 percent of the winnings if they sign up a friend. 

It’s hard to tell how many devices have been infected by any of the crowdsourced ransomware tools, and only a handful of reports have emerged from hacking forums. Indeed, it appears that some forum users remain sceptical about the venture, with some saying that it would be more worthwhile to pay the upfront cost for an already reputable piece of ransomware.

Regardless, it’s clear that there is interest in the genius idea of ransomware-as-a-service: By essentially outsourcing the distribution phase of malware infections, a ransomware developer—and anyone wanting to come along for the ride—could have a chance of making some illegal cash.

Illustration by Max Fleishman

Share this article
*First Published: Sep 3, 2015, 10:00 am CDT