20 April, 2017 03:30

cropped-merkle-white-1-32x32.pngThe Merkle

CradleCore May Introduce new Monero and Ethereum Ransomware

6996f0ed2b3eb430deb96cdf9005e34a?s=24&d=identicon&r=gJP Buntinx
2 days ago
TheMerkle CradleCore RansomwareHumaniq_700x60_concept_2_032017_v2.gif

Most ransomware developers distribute their code on a large scale to score a big payday. Some of these coders take a different approach, by using the ransomware-as-a-service business model. However, things are now taking a turn for the worse, as the developers of the CradleCore malware have put up their source code for sale on the Darknet. A very troublesome development, to say the least.

Selling Ransomware Source Code on the Internet

Most people may have never heard of CradleCore before, which is not necessarily a bad thing. After all, it would be much better if most consumers never got in touch with ransomware in the first place. Unfortunately, it appears CradleCore has quickly become a fan favorite among online criminals who want to create their own customized malware.

What makes CradleCore so problematic is how the ransomware is capable of causing a lot of havoc. Moreover, it supports payment options for multiple cryptocurrencies. Whereas most malware attacks demand a bitcoin ransom, CradleCore has built-in support for Monero and Ethereum as well. Until now, there has not been a prominent type of Ethereum ransomware, yet that situation may come to change in the near future.

It is also interesting to note the CradleCore developers have never tried to offer their project as-a-service. Instead, they want to sell the source code to any aspiring developer looking to make a quick buck. That is rather interesting and troublesome at the same time since this type of approach is very uncommon among ransomware developers. It is unclear if this will become common trend moving forward, yet it is not entirely out of the question either.

As of right now, anyone can buy the CradleCore source code on the darknet for the price of 0.35 bitcoin. To be more specific, the negotiation price starts at 0.35 bitcoin, although it is possible the final payment will be much larger in the end. That is still quite a cheap price for a type of ransomware that has not been actively deployed on a large scale yet. Criminals always have the upper hand when it comes to distribution new types of malware, as security researchers have to come up with solutions to fight this threat.

Among the features provided by CradleCore are file encryption, an anti-sandbox mechanism communication to the command-and-control server over the Tor2Web protocol and offline encryption. As one would expect, infected files will be encrypted and renamed to the .cradle extension. Moreover, it comes with a complete ransom note that seems to direct users to a bitcoin payment page, although it is possible to only accept Monero or Ethereum as well.

The developers even include a brief setup guide for people looking to distribute this malware. All things considered, criminals purchase a complete ransomware package that can be set up with relative ease. Although it remains unclear whether or not people will purchase the CradleCore source code from the darknet anytime soon, yet it seems likely a new wave of ransomware attacks is just around the corner. The fact it accepts Monero and Ethereum payments as well is very troublesome, to say the least.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Categories: News, Security
Tags: bitcoin, CradleCore, Ethereum, Monero, ransomware
Leave a Comment

The Merkle

Powered by WordPress

Back to top

Advertisements
20 April, 2017 03:30

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s