A new service called Inpivx pushes the ransomware business to a new stage of evolution, making it easy to set up shop for those that lack the technical skills to develop the malware from scratch and build a management panel.

Promoted on a Tor site, the Inpivx team makes a straightforward offer for its customers that differs from the ransomware-as-a-service (RaaS) approach that has gained popularity lately.

For a specific price, they provide source code for the file-encrypting (symmetrical, AES encryption + RSA public-key cryptography) malware and for the management dashboard for a specific price. This model allows cybercriminals to make their own customizations to the code, or use it as a baseline for a new ransomware strain.

At the moment, the package costs $500, a very attractive price considering that a single victim paying the ransom may cover the "investment" and leave some profit. The decryption tool is included.

In a conversation with BleepingComputer, one Inpivx member said that the ransomware and the dashboard are tied together. Moreover, the client can adapt the ransomware code to what they need.

"If the client has no skill, we provide a tutorial based on our own ransomware dashboard each line of code has an explanation," Inpivx told us.

Management panel

The malware is written in C++ and it works on Windows XP through Windows 10. The dashboard is coded in PHP and it is intended to be fast, lightweight, and responsive, with a modern, flat design, as Inpivx developers say on the project's page. Since Inpivx's offer is not RaaS, they do not supply hosting services.

After the malware encrypts a victim's files, the dashboard becomes the central point of the operation. After logging in, it shows an infection status overview.

The quick look includes details about the total number of encrypted files, ransomware installations, the operating systems infected and their geographical location.

A clients section shows victim IDs, their operating system, individual ransom prices, the decryption key, and the current payment status.

The dashboard integrates a simple chat to cover communication needs with victims. This feature is to ensure that even non-technical victims are able to purchase cryptocurrency and transfer it to the cybercriminal's wallet(s).

Inpivx approach is highly likely to attract to the ransomware game individuals with expertise in other areas of the crime business. With access to the source code, they can alter the original ransomware product and create new strains that could evolve to something new by combining code from other malware.