cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

New ‘Junk Gun’ ransomware model threatens RaaS ecosystem

Ransomware is one of the most prominent cyber threats, and for almost a decade, ransomware gangs have terrorised businesses by blackmailing them out of money with the promise of restoring systems and data.

user icon Daniel Croft
Thu, 18 Apr 2024
New ‘Junk Gun’ ransomware model threatens RaaS ecosystem
expand image

Largely, the ransomware landscape has been dominated by large groups running “ransomware-as-a-service” (RaaS) operations, where they sell their large and extensive infrastructure and malware to smaller operators for a fee or part of the ransom.

However, in recent months, with the disbanding of several leading ransomware gangs such as ALPHV (BlackCat) and a number of law enforcement takedowns such as that on LockBit 3.0, the ransomware landscape is changing.

According to a report released by cyber security organisation Sophos, a new type of ransomware has been observed – “Junk Gun” ransomware. This is a cheaper, more crude and independently developed kind of ransomware model that has been designed to be sold for a one-time cost rather than as a service.

With this, the cost of these ransomware variants is much cheaper, a mere US$375 roughly, less than half some RaaS costs for affiliates, which can reach over US$1,000.

This makes them ideal for smaller targets, such as small and medium-sized businesses or even individuals.

According to its new report, ’Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch, Sophos’ X-Ops has discovered 19 Junk Gun variants on the dark web.

“For the past year or two, ransomware has reached a kind of homeostasis. It’s still one of the most pervasive and serious threats for businesses, but our most recent Active Adversary report found that the number of attacks has stabilised, and the RaaS racket has remained the go-to operating model for most major ransomware groups,” said Christopher Budd, director, threat research, Sophos.

“Over the past two months, however, some of the biggest players in the ransomware ecosystem have disappeared or shut down, and, in the past, we’ve also seen ransomware affiliates vent their anger over the profit-sharing scheme of RaaS.

“Nothing within the cyber crime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem – especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves.”

Thanks to developing technologies such as artificial intelligence (AI) and more, the average skill level of cyber criminals is dropping, and the barrier for entry into cyber crime is dropping with it. Additionally, the global cost-of-living crisis and the massive annual revenue of cyber crime (which exceeds even the largest global organisations combined) mean more and more people are looking to hacking.

“These types of ransomware variants aren’t going to command the million-dollar ransoms like Clop and LockBit, but they can indeed be effective against SMBs, and for many attackers beginning their ‘careers,’ that’s enough,” added Budd.

“While the phenomenon of Junk Gun ransomware is still relatively new, we’ve already seen posts from their creators about their ambitions to scale their operations, and we’ve seen multiple posts from others talking about creating their own ransomware variants.

“More concerningly, this new ransomware threat poses a unique challenge for defenders. Because attackers are using these variants against SMBs and the ransom demands are small, most attacks are likely to go undetected and unreported. That leaves an intelligence gap for defenders, one the security community will have to fill.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.