Sophos discovered 19 cheap, independently produced, and crudely constructed ransomware variants dubbed as “junk gun”, on the dark web since June 2023. In a report titled, “’ Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch,” Sophos reported that junk gun variants developers attempt to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS) model.
“Nothing within the cybercrime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem—especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves,” said Christopher Budd, director of threat research at Sophos.
Junk-gun ransomware variants
The Sophos report noted that the median price for junk-gun ransomware variants on the dark web was $375, compared to the more than $1,000 cost of some kits for RaaS affiliates.
“While the phenomenon of junk gun ransomware is still relatively new, we’ve already seen posts from their creators about their ambitions to scale their operations, and we’ve seen multiple posts from others talking about creating their ransomware variants,” said Budd.
Challenge for defenders
Budd said junk gun ransomware poses a challenge for defenders because most attacks likely go undetected as they target small and medium-sized businesses.
“That leaves an intelligence gap for defenders, one the security community will have to fill,” said Budd.