"Venafi Investigation of 35 Million Dark Web URLs Shows Macro-Enabled Ransomware Widely Available at Bargain Prices"
Venafi has released findings from a dark web investigation into the spread of ransomware via malicious macros. Between November 2021 and March 2022, Venafi collaborated with the criminal intelligence provider Forensic Pathways to analyze 35 million dark web URLs, including marketplaces and forums, using the Forensic Pathways Dark Search Engine. The investigation found 475 webpages of sophisticated ransomware products and services, with several high-profile groups marketing Ransomware-as-a-Service (RaaS). In order to infect targeted systems, 87 percent of the ransomware discovered on the dark web was distributed via malicious macros. A total of 30 different "brands" of ransomware were found in forum posts and marketplace listings. Several of the ransomware variants that are now for sale, including Babuk, GoldenEye, Darkside/BlackCat, Egregor, HiddenTear, and WannaCry, have been utilized effectively in high-profile attacks. The cost of related services is higher for ransomware strains employed in high-profile attacks. The most expensive listing, for example, was $1,262 for a customized version of Darkside ransomware used in the infamous Colonial Pipeline ransomware attack in 2021. Source code listings for well-known ransomware typically command higher prices, as indicated by Babuk source code selling for $950, while Paradise source code is being sold for $593. In addition to a wide range of ransomware at various price points, the research uncovered various services and tools that help attackers with little technical knowledge launch ransomware attacks. Source code, build services, custom development services, and ransomware packages with step-by-step tutorials are among the services with the most listings. This article continues to discuss key findings from the dark web investigation.