New Stampado Ransomware Sold Cheap on the Dark Web


A new and surprisingly cheap ransomware called Stampado (detected by Trend Micro as Ransom_STAMPADO.A) has been discovered being advertised in the Dark Web for $39 for a lifetime license—a fraction of the price of other ransomware being offered in the ransomware-as-a-service (RaaS) market. Stampado ransomware is said to bear a number of similarities with CryptoLocker in terms of functionality.CryptoLocker (detected by Trend Micro asRANSOM_CRILOCK/CRYPLOCK), was discovered in 2013.

Stampado is being widely advertised in the Dark Web, with a video that shows how Stampado works. According to the ads, the authors are offering payloads in formats such as EXE, BAT, DLL, SCR, and CMD. It further explains that once a user is infected, Stampado locks the files with the “.locked” file extension.

Stampado is described to feature a ransom note that includes details on how to pay the ransom, and gives the victims a grace period of 96 hours to pay the ransom. If the ransom isn’t paid, it will delete a random file from the infected computer every six hours--similar to a behavior manifested by Jigsaw. According to the report, no Stampado samples have been detected in the wild at the time of writing; hence, there is still no way to find out if the ransomware could be decrypted. 

The ransomware-as-a-service model has become an attractive commodity among cybercriminals as it lowers the barriers of entry for cybercriminals, with buyers receiving a complete package with builders and access to a control panel that allow them to modify and run their own digital extortion operation. In May 2016, a site in the dark web was offering Locky ransomware for $3,000, as well as a new ransomware variant called Goliath for $2,100. It was also revealed that the latter’s source code was supposedly derived from Locky, catering to beginners who are just starting to venture into cybercrime.

Other ransomware variants, such as Petya, Mischa, and Cerber, are known to be offered as RaaS products on deep web marketplaces and closed forums, where ransomware can either be "rented" for a set period of time, or used in a business model where affiliates distribute the ransomware and developers rake in commissions for every paid ransom. While more established ransomware families are offered for hundreds or thousands of dollars to acquire, Stampado's advertised low price could make for an appealing product for would-be cybercriminals looking to start their own ransomware operation without shelling out a significant capital.

Trend Micro endpoint solutions such as Trend Micro™ Security, Smart Protection Suites, and Worry-Free™ Business Security can protect users and businesses from this threat. Strong password policies and the disabling of automatic macro loading in Office programs, along with regular patching schedules, are also among the valid and tested ways to keep ransomware at bay. Additionally, Trend Micro™ Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching. This comprehensive, centrally-managed platform helps simplify security operations while enabling regulatory compliance and accelerating the ROI of virtualization and cloud projects.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.