Cheap ransomware poses a massive threat to small businesses

  • Sophos has noted an increase in the sale of low-effort, low cost malware it’s calling junk-gun ransomware.
  • Designed to work without additional tinkering or infrastructure, it enables easily executed attacks against businesses.
  • The ease of use allows attackers to target small businesses with smaller demands but a lower risk of being stopped or caught.

According to a report from Sophos published this week, the ransomware-as-a-service (RaaS) market may be experiencing something of a disruption.

This disruption comes in the form of so-called “junk-gun” ransomware. This is ransomware that can purchased for a one-time fee at a price far lower than other RaaS kits.

“For the past year or two, ransomware has reached a kind of homeostasis. It’s still one of the most pervasive and serious threats for businesses, but our most recent Active Adversary report found that the number of attacks has stabilized, and the RaaS racket has remained the go-to operating model for most major ransomware groups,” explains Christopher Budd, director of threat research at Sophos.

“Over the past two months, however, some of the biggest players in the ransomware ecosystem have disappeared or shut down, and, in the past, we’ve also seen ransomware affiliates vent their anger over the profit-sharing scheme of RaaS. Nothing within the cybercrime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem—especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves,” the director adds.

This junk-gun ransomware has a median price of $375, far lower than the $1 000 and higher cost of ransomware sold by more established players.

What makes this malware even more attractive is that buyers don’t have to share their illicit profits with the creators nor is additional infrastructure required to execute an attack. This spells trouble for SMEs as while enterprises may be able to fight this seemingly low-effort ransomware, smaller companies may be unable to stave off these attacks.

As such, there could be a multitude of ransomware attacks that prove successful because they are unreported and the ransoms paid by targets.

“These types of ransomware variants aren’t going to command the million-dollar ransoms like Clop and Lockbit but they can indeed be effective against SMBs, and for many attackers beginning their ‘careers,’ that’s enough. While the phenomenon of junk gun ransomware is still relatively new, we’ve already seen posts from their creators about their ambitions to scale their operations, and we’ve seen multiple posts from others talking about creating their own ransomware variants,” adds Budd.

Sophos says that tracking junk-gun ransomware may prove difficult given how fractured the market is. Coupled with the silence from targets, this makes obtaining samples to study tough. Still, the cybersecurity says it may be a worthwhile endeavour given that it’s a burgeoning market.

You can read more about this malware in Sophos’ report ‘Junk gun’ ransomware: Peashooters can still pack a punch.


About Author


Related News