Trend Micro researchers spotted a new ransomware as a service (RaaS), dubbed Stampado, which may be indicative of ransomware market trends.
Both variants of ransomware delete random files after a certain amount of time in an attempt to scare victims into paying, albeit Jigsaw gives victims more time, and both variants also encrypt files using AES (Advance Encryption Standard), the researchers wrote.
Despite the similarities, researchers said Stampado doesn’t appear to be as sophisticated as Jigsaw and was encoded using AutoIT, which researchers said made it easy to decrypt and analyze. Researchers also said Stampado only looks to encrypt files in the “%All Users Profile% and %User Profile%” folders while Jigsaw scanned all available drives.
In addition, Stampado only provides victims an email address for victim’s to contact if they wish to retrieve their files while Jigsaw has special instructions for purchasing Bitcoin to pay their ransom.
Researchers said it’s possible that the ransomware’s creators are banking on bad guys to not care if a piece of ransomware is sophisticated or a poor imitation of more popular variants, as long as it can make a quick buck.
The quality and price of the Stampado malware may be reflective of greater supply and demand trends in the ransomware market.
The RaaS market is flourishing, as seen by the exponential growth in both ransomware attacks and the number of variants, Trend Micro’s Chief Cybersecurity Officer Ed Cabrera told SCMagazine.com via email comments.
“This creates a lot of competition at different levels and at different price points,” he said. “Some RaaS providers target entry-level criminals offering lower prices and often with less capable ransomware, while other RaaS providers will offer a more capable ransomware service at a higher price.”
Cabrera said there has been an increase in the capability of crypto-ransomware development and in the sophistication in the execution of attacks. He also noted that some RaaS providers have shifted away from consumer attacks and are focusing more on attacking enterprises.
He said a connected layered defense on all platforms is a must to protect against RaaS threats.