AlphaLocker is a new malware threat that emerged in March 2016, and makes cybercrime affordable to literally anyone with intent to extort. This family of ransomware is purchased directly from the author for $65 (in Bitcoin, of course). For this incredibly low-price, the wanna-be cyber-crim gets the actual executable ransomware; the master decryptor binary; and an admin panel. The hosting and the spreading of the ransomware is the buyer’s responsibility.
This incredible deal will allow trainee criminals to get their hands on, control (and profit) using almost no coding skills or knowledge; this is certainly a major product advance in the malware market. AlphaLocker is ‘user-friendly’. It is a development of a market offering ransomware such as Ransom32, or Encryptor RAAS (ransomware as a service), that required more technical understanding and came at a costs that makes 65 bucks seem like pocket-change.
AlphaLocker’s configurations and support files are in (unencrypted) English, though some researchers think the author to be Russian. Another interesting point is that AlphaLocker is based on the Eda2 project conducted by Utku Sen. This was his second project of publishing ‘open-source’ ransomware, supposedly for cyber-security research. It was supposed to contain a backdoor that could be exploited by the effected user to gain the decryption key. It didn’t have this – Sen was too quick to present it (to impress his girlfriend named Eda). Although the source-code was taken down by the author, it only takes a few clicks to copy and store hack-worthy tools. There will undoubtedly be many other future ransomware variants based on his mistake.
This and other ransomware is becoming increasing more difficult to detect. New variants using methods like rootkit technology are a problem for traditional anti-malware programs to root out. There are other variants evolving too, and AV/AM software must keep up in the race.
As Steve Malone of Mimecast e-mail security commented recently, “Ransomware is the new normal… the old methods of AV and AS email protection won’t cut it anymore and ignoring the problem won’t make it go away. Ransomware has become a well-funded, well-organized cyber threat in today’s market“.