Zerofox, a cybersecurity firm, has uncovered information about a new extortion service on the Dark Web Forum RAMP. The extortion service is called Cryptnet and is advertised as “quick and completely inconspicuous software” with various capabilities and functions. Cryptnet’s capabilities include the ability to remove shadow copies and disconnect reserve copying services, encrypt data without connecting to the internet, and provide a chat panel for negotiations.
According to Zerofox, Cryptnet has already infected two victims at the end of April. The announcement was published by a hacker using the nickname “Shrinbaba”. Cryptnet offers the hacker 90% of the ransom amount, which is the largest share in the RAAS (Ransomware as a Service) market, where affiliated faces usually get 60%-80% of the ransom amount.
Cryptnet operators have also offered support to cybercriminals during negotiations with victims of redemption. The announcement initially stated that there were no restrictions on the countries that could be attacked. However, after a question from another participant in the forum, the approval was subsequently removed from the original post. Zerofox believes that the removal is due to the fact that Russia could be attacked using Cryptnet, which is a taboo among Russian-speaking groups.
In conclusion, Zerofox is warning the public to be aware of Cryptnet and urges victims not to pay the ransom demands. The cybersecurity firm encourages all organizations to maintain regular backups to avoid becoming a victim of ransomware attacks.