The Cryptolocker/Cryptowall 3.1 ransomware kit is being sold for $3,000 worth of bitcoins, according to a Pastebin post, which claims to even offer the source code along with the manual and free support.
For those interested in purchasing only a couple of binaries, the malware developers offer a bundle of 8 per customer for $400. However, the developer also seems open to an affiliation program in which both you – the customer – and the developer split the revenue 50/50.
“This is your chance to become a partner and join or buy build individual to you and use and to generate income and to convert and monetization,” reads the post. “If you are interested then contact i need a partnership and also i selling build to you.”
This is one of the few times when we can take a look at how the underground market works, the types of services offered, and maybe estimate the amount of money made from selling custom-made malware.
Those who actually want to purchase the Cryptolocker/Cryptowall Ransomware Kit will allegedly not only gain access to full support, but can also ask for additional modules or customizations, such as preferred language interfaces for the access panel or custom deployments on VPS servers.
“Information for customers:
- JID: [email protected]
- Price of binary: $400 (8/1 customers)
- Price of source code and manual how edit code wallet btc i give you: $3000 (1 customer)
- You keep 100% of payments
- Free recompiles and support
- Escrow accepted
- Bitcoin (BTC) only!”
Besides posting a comprehensive list of features, the developer also claims the Locker can communicate with Command and Control servers over Tor without losing any connections, a unique technique that will only be disclosed once contacting support.
- Encryption algoritm BlowFish 448 bit (stronger then AES).
- 448 bit key is generated on computer and sent to C&C. Each computer generates unique key. Key is not stored on computer and is purged from RAM.
- All C&C decryption keys are encrypted with the RSA-alg (1024 or 2048 Bit Keys). The Password used to decrypt the private key is not stored and only temporary used(conclusion: even if the server is raided or compromised the User-Passwords cannot be decrypted).
- Locker can communicate with C&C over Tor, without losing any connections (contact support for more information – we are using a different technique).
- Files in all locations (external media and network) are encrypted.
- Encrypted extensions: odt, ods, odp, odm, odc, odb, doc, docx, docm, wps, xls, xlsx, xlsm, xlsb, xlk, ppt, pptx, pptm, mdb, accdb, pst, dwg, xf, dxg, wpd, rtf, wb2, mdf, dbf, psd, pdd, pdf, eps, ai, indd, cdr, jpg, jpe, dng, 3fr, arw, srf, sr2, bay, crw, cr2, dcr, kdc, erf, mef, mrwref, nrw, orf, raf, raw, rwl, rw2, r3d, ptx, pef, srw, x3f, der, cer, crt, pem, pfx, p12, p7b, p7c, c, cpp, txt, jpeg, png, gif, mp3, html, css, js, sql, mp4, flv, m3u, py, desc, con, htm, bin, wotreplay, unity3d , big, pak, rgss3a, epk , bik , slm , lbf, sav , lng ttarch2 , mpq, re4, apk, bsa , cab, ltx , forge ,asset , litemod, iwi, das , upk, bar, hkx, rofl, DayZProfile, db0, mpqge, vfs0 , mcmeta , m2, lrf , vpp_pc , ff , cfr, snx, lvl , arch00, ntl, fsh, w3x, rim ,psk , tor, vpk , iwd, kf, mlx, fpk , dazip, vtf, 001, esm , blob , dmp, layout, menu, ncf, sid, sis, ztmp, vdf, mcgame, fos, sb, itm , wmo , itm, map, wmo, sb, svg, cas, gho,iso ,rar, syncdb ,mdbackup , hkdb , hplg, hvpl, icxs, itdb, itl, mddata, sidd, sidn, bkf , qic, bkp , bc7 , bc6 ,pkpass, tax, gdb, qdf, t12,t13, ibank, sum, sie, sc2save ,d3dbsp, wmv, avi, wma, m4a, 7z, torrent, csv
- AV software cannot decrypt files (Panda Ransomware Decrypt Tool, BitDefender Decrypt, Kaspersky).
- Secure file erase (7 passes).
- Message is displayed on GUI and inside of .txt files created in all folders. This message is configured on C&C, unique by country.
- Compatible with crypters (no EOF).
- Empty recycle bin (all drives).”
Considering the bidding point for the Cryptolocker/Cryptowall Ransomware Kit is not that expensive for what it seems to offer, the return on investment could be stellar in the right hands. This is proof that you don’t need the technical know-how to start developing your own custom malware – all you need is an initial investment and the underground black-market will fill in the distribution and management gaps.