01
Mar 17

Ransomware for Dummies: Anyone Can Do It

Among today’s fastest-growing cybercrime epidemics is “ransomware,” malicious software that encrypts your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files. A big reason for the steep increase┬áin ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it stupid simple for anyone to begin extorting others for money.

Recently, I came across an extremely slick and professionally produced video advertisement promoting the features and usability of “Philadelphia,” a ransomware-as-a-service crimeware package that is sold for roughly $400 to would-be cybercriminals who dream of carving out their own ransomware empires.

This stunning advertisement does a thorough job of showcasing Philadelphia’s many features, including the ability to generate PDF reports and charts of victims “to track your malware campaigns” as well as the ability to plot victims around the world using Google Maps.

“Everything just works,” claim the proprietors of Philadelphia. “Get your lifetime copy. One payment. Free updates. No monthly fees.”

One interesting feature of this ransomware package is the ability to grant what the program’s architects call “mercy.” This refers to the desperate and heartbreaking pleas that ransomware purveyors often hear from impecunious victims whose infections have jeopardized some priceless and irreplaceable data — such as photos of long lost loved ones.

I’ll revisit the authors of this ransomware package in a future post. For now, just check out their ad. It’s fairly chilling.

Tags: ,

88 comments

  1. Philadelphia is one of the most unsophiscated, poorly coded, and horrible ransomware available on underground markets at the moment.
    Featuring it here would simply be a disgrace, I thought you would focus on better things instead?

    • It looks and sounds pretty sharp to me! If I were into money at all I’d probably totally go for it. As it stands though I have more important things to deal with so I’ll skip on this particular offer as exciting as it may be.

    • You almost sound bitter. Would to care to let us know about a better one?

    • Brian Fiori (AKA The Dean)

      I’m not quite sure of your point. Are you under the impression Krebs is marketing this product? He is reporting on it—and giving us all warning. Poorly coded, or not, it represents a threat. Plus the marketing video, seems to be a pretty bold move, by these sleazy miscreants. Should Brian only report on software than is well-coded?

  2. Brian: Youtube has removed the video as a violation of their policy. You may want to repost or use a different service (or convince someone at Youtube to leave it up).

    • If it’s been removed then why is it still playing fine on this page and appearing to be coming through YouTube as per the controls at the bottom?

  3. Hi Brian,

    Can we add a link to the video (with a reference to you and yor blog) on our security blog?

  4. A_Turkish_Hacker

    138.68.130.23

    AlphaBay server IP.

    Regards,

  5. Poorly coded crap.
    people like quality now days no quality

  6. This is pretty funny. Half the responses act like it’s a consumer reports review.

  7. Well its bad poorly coded indeed it might even harm your
    pc i dont recomend you to use It.
    we wait when you come up with somethimg better then that

    • well it should bloody well damage your pc if you use it. If you are using it you are trying to ransomware people, karma is welcome to have as much fun with you as is possible.

  8. Your work are so good and amazing i really love to see this kind of helpful and positive post thank you for sharing this with us.

  9. Until legislators pass laws making this kind of activity a felonious act with a minimum of five years prison sentence for individuals selling or using this type of software, we will be held hostage by the possibility of one day having our data held in ransom.

    When the reward outweighs the punishment, if any, this type of activities will continue to flourish!

    That is life!

  10. Chilling indeed…

    A quick google search brought me to this decrypter (by Emsisoft): https://decrypter.emsisoft.com/philadelphia

    And this one by Avast (under ‘Stampado’): https://www.avast.com/ransomware-decryption-tools

    The Emsisoft decryption tools for Stampado and Philadelphia are also available here: https://www.nomoreransom.org/decryption-tools.html

  11. Thanks for the info Dennis! Great sources you’ve got there! I’ve used the Rakhni Decryptor with great success, back in 2016 I had a friend of mine that’d been infected and he was trying to use the noobcrypt and was failing miserably.

    The Avast decryption tools work well too! It’s a darn shame people really have nothing better to do with themselves but to wreak havoc on peoples lives. Bunch of low lifes.