Nineteen inexpensive one-time-use ransomware tools akin to "junk guns" proliferating on the dark web between June 2023 and February 2024 have reduced the barrier to entry for ransomware attacks for less sophisticated cybercriminals, according to The Record, a news site by cybersecurity firm Recorded Future.
Despite the risk of being backdoored or nonfunctional, such ransomware tools — which includes EvilExtractor that has been leveraged to compromise U.S. and European organizations — have been attractive to threat actors seeking to possess the entirety of ransomware proceeds or looking for better opportunities within a ransomware operation, a report from Sophos X-Ops revealed.
Attacks leveraging ransomware tools are also less likely to be detected due to their lack of infrastructure and leak sites, said researchers.
"Because attackers are using these variants against [small and medium-sized businesses] and the ransom demands are small, most attacks are likely to go undetected and unreported. That leaves an intelligence gap for defenders, one the security community will have to fill," said Sophos X-Ops Director Christopher Budd.
