Malware News New Stampado Ransomware Advertised on the Dark Web

Exterminator

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Crooks are advertising a new breed of ransomware on the Dark Web, calling it Stampado and selling it for only a fraction of the price of other ransomware variants, namely a meager $39 for a lifetime license.

While most ransomware families cost hundreds of dollars to rent each month, Stampado decided to open the gates of hell and unleash cheap ransomware on the market, with a slew of features that allow subsequent crooks to focus on distribution and leave malware coding to the Stampado crew.

According to Heimdal Security, the cyber-security vendor that spotted Stampado's ad, the ransomware has the same features, at least on paper, that are also found in the infamous and still-undecrypted CryptoLocker ransomware.

Stampado available as a RaaS offering
Crooks are offering Stampado via a Ransomware-as-a-Service (RaaS) model that has become very popular among cyber-criminals. This means that a buyer would receive a builder or get access to a control panel where they could create their custom ransomware file and then embed it in other documents to distribute as spam, adware, or fake installers.

Stampado's authors say that they can provide ransomware payloads in formats such as EXE, BAT, DLL, SCR, and CMD.

Along with the Dark Web advertisement, the crooks also recorded a video to guide potential buyers through the infection process. This video provided some clues of how Stampado works.

The ransomware locks files with the ".locked" file extension, also used by other ransomware families, and comes with a very well worded ransom note that includes all the details to pay the ransom.

No Stampado infections detected until now
The ransom fee is probably customizable based on each buyer's preference, along with a grace period, which in the video appears to be 96 hours.

After that, Stampado will delete a random file from the infected computer every six hours. This behavior is similar to the Jigsaw ransomware, which also deletes user files to scare the victim into paying the ransom.

No Stampado samples were detected in the wild at the time of writing, so neither Heimdal Security nor other experts Softpedia contacted can tell if the ransomware could be decrypted.
Click to expand...
 
  • Like
Reactions: Alkajak, _CyberGhosT_, jamescv7 and 11 others
StriderHunterX

StriderHunterX

Level 5
Verified
Well-known
Jan 10, 2015
207
Dark Web?

Shall I bust out the "de-facto browser" of choice to surf those turbulent waters? This is scary stuff,indeed.
A measly $39 bucks for a disruptive weapon of this scope? :eek: Although,someone could start reverse-engineering on it....

The race begins.
 
  • Like
Reactions: _CyberGhosT_, frogboy and DardiM
boredog

boredog

Level 9
Verified
Jul 5, 2016
416
as far as I know you can not access the dark web with a normal browser. you need something like tor plus its addon browser. and a good vpn. and you have to like onions:p
 
  • Like
Reactions: _CyberGhosT_ and Zerion
Zerion

Zerion

Level 4
Verified
Well-known
Mar 2, 2016
151
boredog said:
as far as I know you can not access the dark web with a normal browser. you need something like tor plus its addon browser. and a good vpn. and you have to like onions:p
Click to expand...

Tor is enough, but a good VPN is to advise, and a nice antivirus / antimalware setup as there are some fishy ppl there.. sick what you can actually do there.. order a hit, weapons, drugs, whatever.. the sites are .onion :eek:
 
  • Like
Reactions: _CyberGhosT_
boredog

boredog

Level 9
Verified
Jul 5, 2016
416
well I don't need weapons. have enough of those. don't need drugs, don't need to order a hit but I could use a good woman that can cook.
maybe a mail order bride? :D she doesn't even need to send pic of truck or boat cause I have those too.
I do us quietzone that comes with tor and their version of firefox but they don't update it at all and so when my sub is up in oct I might go another route since they seem to have no support anymore on wilders.
 
Last edited:
  • Like
Reactions: _CyberGhosT_ and Zerion
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Question is, should we be linking to that kind of thing here ?
What ? it's a common sense question ;)
::EDIT::
I am now banished to the corner, I realize the link
is only to the story. I haven't had my coffee, ignore me.
 
Last edited:
  • Like
Reactions: DardiM and frogboy
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Well no matter if the selling price of ransomware kit is cheap or expensive, still deadly and typical user will just pay for it.

So always think before you click.
 
  • Like
Reactions: DardiM
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Malware News macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
Replies
0
Views
1,020
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • Sad
Malware News BianLian ransomware claims attack on Boston Children's Health Physicians
Replies
0
Views
1,216
Security News
Gandalf_The_Grey
Gandalf_The_Grey
TuxTalk
    • Like
    • +Reputation
Ransomware Spotlight : Akira
Replies
0
Views
1,168
News Archive
TuxTalk
TuxTalk

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top