- Twitter faces backlash for insensitive ‘triggers’ joke 3 Years Ago
- 10 user-recommended sites for live tarot readings that are almost too good to be true Today 12:08 PM
- AsapSCIENCE comes for Jake Paul over Mystery Brand scam Today 11:34 AM
- Why ‘I never thought of it like that’ can actually be deeply offensive Today 11:26 AM
- Save 40% on the Fire TV Stick 4K when you rent textbooks through Amazon Today 11:05 AM
- Netflix reportedly used real disaster footage in ‘Bird Box’ Today 10:53 AM
- Holocaust denier Chuck Johnson spotted with 2 congressmen in Capitol Today 10:30 AM
- YouTuber who made popular Darth Vader fan film prevails in copyright fight Today 10:09 AM
- Mariah Carey says she ‘doesn’t acknowledge time’ in her 10-year challenge photos Today 10:06 AM
- Beto O’Rourke under fire for supporting controversial Thin Blue Line Act Today 9:26 AM
- These surreal ‘logo misuse’ sections are hilarious, and they’re going viral Today 9:20 AM
- Senators lose their sh*t over Cardi B shutdown Instagram Today 8:45 AM
- Report: Michael Cohen made fake ‘Women for Cohen’ account that tweeted about how hot he is Today 8:32 AM
- ‘Dragon Ball Super: Broly’ unites fans and critics with major opening Today 8:07 AM
- Slack’s users roast the app’s new logo Today 7:17 AM
Cybercriminals are crowdsourcing software that holds your computer hostage
Beware of ransomware.
Crowdsourcing has become a popular way to raise money and even solve mysteries. But now a new demographic is taking advantage of the tactic: cybercriminals.
Over the past few months, a handful of hackers have given away powerful ransomware, totally for free, in the hope that others will proliferate it far and wide. Ransomware is software that, once loaded onto a target’s computer, encrypts all of their files until the victim pays a fee. Usually, that fee would go straight to whomever infected the computer, but with this crowdsourced approach, the cash is split between the designer of the malware and his newly found distribution partners.
The spread of ransomware has become a huge issue recently, with private companies, individuals and even police departments being targeted, and a report released this week saw a huge increase in the use of the cybercriminal tactic.
The rise of crowdsourced ransomware started back in May, when the site Tox hit the Dark Web. This site was incredibly easy to use: Log on, choose how much you want your intended victim to pay (usually in Bitcoin), download the custom piece of ransomware, and then spread it as you see fit, perhaps through phishing emails. If the target takes the bait and pays the ransom, then the bitcoins are transferred into your account, where Tox’s developer takes a 30-percent slice. When it launched, Tox’s creator told Motherboard that hundreds of computers had been infected.
Shortly after launch, however, the developer of Tox backed out, claiming that he couldn’t handle the pressure of creating the world’s first crowdsourced ransomware. “If I have some random hackers following me it’s ok, no panic. But if FBI or agencies that big start chasing me, who am I to fight back?” he told the Daily Dot.
But the genie had already been let out of the bottle, and other sites stepped in. At the end of July, another site was launched, this time called “Encryptor RaaS”— “raas” meaning ‘ransomware-as-a-service.’ Researchers verified that, although slightly crude, the ransomware worked as intended, and noted that the “accessibility of malicious-tools-as-a-service continue to enable just about anyone to conduct cybercrime.”
At the time of writing, the site for Encryptor RaaS is still online and being advertised on at least one Dark Web hacking forum. The owner claims that over 60 infections have taken place with the software, as of mid-August, according to a post on the same forum.
Just last week, the latest crowdsourced ransomware entered the scene. Dubbed “ORX-Locker,” which researchers confirmed is legitimate, this iteration looks like the most professional scheme so far. The developers take a 25-percent cut of the profits, offer a clean-looking control panel that simplifies downloading and checking on an infected target, and the creators claim to soon to be introducing a feature that allows attackers to increase the ransom demand if their victims don’t swiftly pay up. There’s even a ‘referral program’ that gives users an extra 3 percent of the winnings if they sign up a friend.
It’s hard to tell how many devices have been infected by any of the crowdsourced ransomware tools, and only a handful of reports have emerged from hacking forums. Indeed, it appears that some forum users remain sceptical about the venture, with some saying that it would be more worthwhile to pay the upfront cost for an already reputable piece of ransomware.
Regardless, it’s clear that there is interest in the genius idea of ransomware-as-a-service: By essentially outsourcing the distribution phase of malware infections, a ransomware developer—and anyone wanting to come along for the ride—could have a chance of making some illegal cash.
Illustration by Max Fleishman
Joseph Cox reports on cybercrime and hacking for Vice's Motherboard site. He also maintains Spy Tech Exports on Medium, a repository for documents and data pertaining to surveillance technology. His work has also appeared on HuffPost, the MIT Technology Review, the Daily Beast, and Virus Bulletin.