Sophos: New ‘Junk Gun’ ransomware disrupts ransomware-as-a-service space

K V Kurmanath Updated - May 24, 2024 at 12:14 PM.

This new development is attracting lower-tier criminals who are looking to make a profit.

The ransomware-as-a-service (RaaS) market is being disrupted by a new family of ransomware called ‘Junk Gun’ that is cheap, unsophisticated, and easy-to-use.

The ransomware-as-a-service (RaaS) market is getting disrupted, which has armed hackers with easy-to-use, off-the-shelf, and affordable ransomware solutions. The market, which has witnessed the disappearance of big players for over two years, is getting populated with ‘Junk Gun’ ransomware on the dark web.

The new family of ransomware is attracting ‘buyers’ because it is very cheap. According to a Sophos research report, The median price for these junk-gun ransomware variants on the dark web was $375, significantly cheaper than some kits for RaaS affiliates, which can cost more than $1,000.

Junk gun ransomware discussions occur primarily on English-speaking dark web forums aimed at lower-tier criminals.

“Over the past two months, however, some of the biggest players in the ransomware ecosystem have disappeared or shut down, and, in the past, we’ve also seen ransomware affiliates vent their anger over the profit-sharing scheme of RaaS,” Christopher Budd, Director (Threat Research) of Sophos, said.

“Nothing within the cybercrime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem—especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves,” he said.

As the name suggests, this family of ransomware is crudely made and unsophisticated compared to its robustly built peers.  

“They can still pack a punch,” cybersecurity solutions firm Sophos has said.

Over the last ten months, the company has discovered 19 such ‘junk gun’ ransomware variants, which are cheap, independently produced, and crudely constructed, on the darkweb.

“The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based RaaS model that has dominated the ransomware racket for nearly a decade,” a Sophos report said.

Instead of selling or buying ransomware to or as an affiliate, the attackers create and sell these unsophisticated ransomware variants for a one-time cost—which other attackers sometimes see as an opportunity to target small and medium-sized businesses (SMBs) and even individuals.

The report indicates that cyber attackers have deployed four of these attack variants. While the capabilities of junk-gun ransomware vary widely, its biggest selling points are that it requires little or no supporting infrastructure to operate and that users aren’t obligated to share their profits with the creators.

Published on April 18, 2024 10:33

This is a Premium article available exclusively to our subscribers.

Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

You have reached your free article limit.

Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

You have reached your free article limit.
Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

TheHindu Businessline operates by its editorial values to provide you quality journalism.

This is your last free article.