Scammers deceive scammers - with ransomware "Philadelphia".
Under the title "Ransomware as a Service (RaaS), an analysis of "Philadelphia", Sophos addresses purchasable virus programs. The report takes an in-depth look at the inner workings of a ransomware-building system that anyone can buy for $400. Once purchased, the criminals can hijack computers and hold data for ransom.
The builders of the "Philadelphia" RaaS kit (produced at Rainmakers Labs) explain their business as legitimately as any other software company. They distribute "Philadelphia" on marketplaces on the Darknet and show an introductory video on YouTube about the kit and how to customize the ransomware using a wide range of features.
Help Guide for Criminals
A detailed help guide that walks customers through the setup is also available on a .com website. Even though Ransomware as s service is not new, the overtly glossy marketing for a do-it-yourself extortion attack definitely baffles. In addition to the marketing, the product has numerous settings that allow buyers to customize their ransomware.
Locate victims
This includes options like "track victims on Google Maps" or a "be gracious" feature. Tips on how to develop a campaign, and set up a control center and raise money are also explained. Ironically, the mercy setting isn't necessarily there to help victims:
"The mercy feature provides criminals with some sort of exit when they are in a precarious position after a targeted attack," explains report author Palotay. Google tracking, mercy, and other features at Philadelphia are examples of what is becoming more common: flexible building blocks for cyberhackers.
"The fact that Philadelphia costs US$400, and other kits between US$39 and US$200, is remarkable. For the $400 value - pretty good for what it promises buyers - you get regular updates, unlimited access to limitless build types. It's like a real software service that supports customers with regular updates."
Cheater cheat cheater
The report also reveals that some cybercriminals have pirated "Philadelphia" and are selling their version at a lower price. While the pirating is nothing new, the scale is interesting. Ready-to-use threats that don't require the attacker to actually know what exactly they are doing are easy to get and are becoming more and more developed. Sophos expects this trend to go one better, and for fraudsters to continue to deceive each other.
You can find the entire report in English under the following link Link
