Stampado Ransomware

For just a measly $39, anyone can buy software that can lock down your business and hold it for ransom.

This is the era we live in now‚ÄĒone where businesses, organizations and even hospitals are at threat from anyone willing to fork out the price of a restaurant meal to criminals on the dark web.

A new ransomware, Stampado, is being offered cheaply on the Dark Web. For $39, any would-be criminal can purchase a lifetime license for the malware. Bearing a lot of similarities to Cryptolocker, Stampado is offered at a fraction of other ransomware that make up the Ransomware-as-a-Service (RaaS) market.

The fact that such a market even exists, with hackers fighting over market shares, shows just how big the Ransomware beast has grown since it rose to prominence in 2013 with the very software Stampado is based on. Stampado is just the latest to join the RaaS market alongside Petya, Mischa, and Cerber.

What Does Stampado Do?

hackers-selling-stampado-ransomware-on-dark-net

Stampado offers payloads in formats such as EXE, BAT, DLL, SCR and CMD. Once a user is infected, Stampado locks files with the “.locked” file extension. It leaves victims with 96 hours to pay the ransom.

Much like Jigsaw¬†which we reported on earlier this¬†year, Stampado begins to delete random files from the infected computer every six hours if the ransom is not paid. As each Ransomware is released, the¬†authors seems to learn from each other’s successes and failures. They pick the best parts from each previous attempt and make newer, nastier strains.

Previously, RaaS was offered at prohibitively large costs. In May 2016, Locky was being offered for $3,000 on the Dark Web, with a variant called Goliath at $2,100‚ÄĒtailored specifically to beginners venturing into cybercrime. With its financial accessibility, Stampado may be the first in a generation of lower-cost criminal software as authors rush to compete with it.

The global situation with Ransomware has gotten so bad that Europol and heavy-hitting IT Security companies like Kapesrky Lab have teamed up to fight it. However, as many Antivirus agencies still heavily rely on signature-based detection to identify and tackle malware, something Ransomware authors are well aware of. New iterations of Ransomware like Cerber are highly adaptive and chimeric to avoid antivirus detection.

How Do I Protect Myself from Stampado and Other Ransomware?

The only current solution is still prevention. To avoid having your business or organization infected by Ransomware, here’s what you should do:

Make Regular Backups, and Keep One Backup Off-Site: Use the 3-2-1 rule of backups and make sure you have secure, reliable software like BackupAssist. With a backup on hand, you don’t have to pay a ransom or risk loosing your data.

Keep Your Software and OS Patched and Current: Software companies are constantly finding security vulnerabilities in their software and patching it. Make sure you benefit from their diligence.

Avoid Unsolicited and Unexpected Attachments:¬†This isn’t the only way that Ransomware can infect your system, but it is the most frequently used. Make sure everyone in your organization knows not to open suspicious attachments and to ask IT staff if they’re uncertain.

Preemptively protect your systems by downloading the 3o-day free trial of BackupAssist. Read here to learn how it can defend your data.

Posted by Adam Ipsen

Leave a Reply