A new service called Inpivx pushes the ransomware business to a new stage of evolution, making it easy to set up shop for those that lack the technical skills to develop the malware from scratch and build a management panel.
Promoted on a Tor site, the Inpivx team makes a straightforward offer for its customers that differs from the ransomware-as-a-service (RaaS) approach that has gained popularity lately.
For a specific price, they provide source code for the file-encrypting (symmetrical, AES encryption + RSA public-key cryptography) malware and for the management dashboard for a specific price. This model allows cybercriminals to make their own customizations to the code, or use it as a baseline for a new ransomware strain.
At the moment, the package costs $500, a very attractive price considering that a single victim paying the ransom may cover the "investment" and leave some profit. The decryption tool is included.
In a conversation with BleepingComputer, one Inpivx member said that the ransomware and the dashboard are tied together. Moreover, the client can adapt the ransomware code to what they need.
"If the client has no skill, we provide a tutorial based on our own ransomware dashboard each line of code has an explanation," Inpivx told us.
Management panel
The malware is written in C++ and it works on Windows XP through Windows 10. The dashboard is coded in PHP and it is intended to be fast, lightweight, and responsive, with a modern, flat design, as Inpivx developers say on the project's page. Since Inpivx's offer is not RaaS, they do not supply hosting services.
After the malware encrypts a victim's files, the dashboard becomes the central point of the operation. After logging in, it shows an infection status overview.
The quick look includes details about the total number of encrypted files, ransomware installations, the operating systems infected and their geographical location.
A clients section shows victim IDs, their operating system, individual ransom prices, the decryption key, and the current payment status.
The dashboard integrates a simple chat to cover communication needs with victims. This feature is to ensure that even non-technical victims are able to purchase cryptocurrency and transfer it to the cybercriminal's wallet(s).
Inpivx approach is highly likely to attract to the ransomware game individuals with expertise in other areas of the crime business. With access to the source code, they can alter the original ransomware product and create new strains that could evolve to something new by combining code from other malware.
Comments
Bullwinkle-J-Moose - 5 years ago
"The malware is written in C++ and it works on Windows XP through Windows 10."
-------------------------------------------------------------------------------------------------------
Ooooh, that's AWESOME!
I've never seen any version of ransomware that can successfully encrypt my Windows XP Box
Where can I get infected with this?
I'm running XP-SP2 without any Microsoft Security Updates on my other box and can be online in 5 minutes
1stkorean - 5 years ago
I think you're doing the community a grave injustice by advertising this product. Making the public aware is one thing but explaining how and where to get it is a totally different thing altogether.
Elvio - 5 years ago
It is a Tor website. You can't find it by searching in Google. If you don't have the onion's url you can't access it.
Pointless_noise - 5 years ago
Am I the only one who thinks this business model is insane? How soon before the source code is leaked and available for free... If it hasn't already.
inpivx - 5 years ago
...