Security vendor Trend Micro Inc. has shined its spotlight on a worrying new trend in so-called ransomware – malware that uses encryption to lock up user’s files before demanding a ransom (usually in Bitcoin) to decrypt them.

In a new post on Tuesday, Trend Micro takes a deep dive into the economics of “Ransomware-as-a-Service”, which is a catch-all term for cyber crooks who’re hawking their services via do-it-yourself (DIY) kits that allow anyone who purchases it to start spreading ransomware and holding companies hostage themselves.

Trend Micro studied the business model of a newly identified strain of ransomware kit called “Stampado”, which is being offered for sale on ‘dark web’ forums for as little as $39 for a lifetime license.

Stampado appears to be cloned from a more sophisticated breed of ransomware called Jigsaw, which takes its threats to the next level by randomly deleting files one by one after a certain amount of time if the ransom hasn’t been paid. The tactic is designed to scare users into paying quickly in order to prevent further data losses. Stampado isn’t as full-featured as Jigsaw, but in many cases it’s reported to be effective enough to get victims to pay up.

Economics of Ransomware-as-a-Service (RaaS)

What’s worrying to Trend Micro isn’t just the alarming rise in reported strains of ransomware, but also the incredibly low cost of ransomware kits, which allow even technologically unsophisticated persons to start generating a healthy, albeit illicit, income.

Ransomware services began being offered for sale back in 2012 in some Russian underground cybercrime forums, starting at around $10 to $20. However these early ransomware kits were fairly basic, as they generally included a Windows blocker that paralyzes the OS, but didn’t allow hackers an easy way to charge a ransom, and files remained unencrypted.

But as ransomware developers began to create more sophisticated programs with encryption, they realized that they could force victims to pay up in Bitcoin, the almost untraceable cryptocurrency. This caused the popularity of RaaS to explode. With no other way to regain access to their files, hundreds of companies have reportedly paid the ransoms, creating a vicious cycle as more cybercriminals look to cash in on the craze. In the last couple of years, ransomware has suddenly become one of the most profitable cyberscams around, and that meant it wasn’t long until the price of ransomware kits shot up – last year, Trend Micro came across one multi-platform variant advertised on a Brazilian hacker’s forum for $3,000.

However, the RaaS business model is no more immune to the laws of supply-and-demand than any other business, and the last year has seen underground cybercriminal forums flooded with numerous offerings. As a result, prices for ransomware kits have been declined sharply in the last year, and while many of the cheaper varieties are poor imitations of sophisticated variants like Jigsaw, the fact is that in many instances victims are still paying up, adding yet more fuel to the fire with no end in sight.

Image credit: 25261 via Pixabay.com