The dark web has been the first port of call for unscrupulous cybercriminals looking to buy vicious malware for quite some time. But it seems that the various pieces of software available from these hidden markets are becoming cheaper and more malicious.
In amongst all the drugs, weapons, and stolen credentials is the latest piece of ransomware to appear for sale on the internet's seedy underbelly. For just $39 you can purchase a "lifetime license" for the particularly nasty Stampado malware.
As reported by Heimdal Security, Stampado is fully undetectable (FUD) and can be sent through emails in extensions like .exe,.bat,.scr, and .dll. It doesn't need administrator privileges to infect computers, and once activated it will encrypt files and change their extensions to .locked.
Like other forms of ransomware, victims are given a set time to pay for the key that decrypts the files. If the money is not paid within this period, the key is deleted and there will be no way to recover the data.
Infected users are given 96 hours to pay 1 bitcoin (around $660) for the key. As an added incentive to hand over the money faster, a random locked file will be deleted every six hours after the initial infection.
Showing that their first language probably isn't English, the creator/s wrote the following sales pitch for Stampado:
You always wanted a Ransomware but never wanted two pay Hundreds of dollars for it? This list is for you! ?? Stampado is a cheap and easy-to-manage ransomware, developed by me and my team. It's meant two be really easy-to-use. You'll not need a host. All you will need is an email account.
Thankfully, Stampado has yet to be spotted in the wild, but with its low-cost and easy-to-use nature it may not be long before the ransomware starts to spread.
Amazingly, the creator/s even posted a YouTube video (below) showing Stampado in action.