Philadelphia Ransomware’s Slick Pitch to Cyber Criminals

A lifetime copy of Philadelphia ransomware is now available for purchase on the dark web. This malware enables criminals without the technical skills to pull off a cyber attack on their own to dip their toes in the ransomware industry. The developer, Rainmaker Labs, previously created and distributed the Stampado ransomware.

Attackers have already targeted healthcare organizations with phishing emails containing Philadelphia. Ransomware distributors often target hospitals because doctors need immediate access to patient data. While other organizations may take time to explore other options, hospitals often determine that it is more cost-efficient to simply pay the ransom.

Slick Marketing for User-Friendly Philadelphia Ransomware

Philadelphia ransomware phishing email.
An example of a Philadelphia ransomware phishing email from Proofpoint.

Journalist Brian Krebs discovered a promotional video for Philadelphia ransomware and posted it to YouTube. In the video, animated text touts Philadelphia as “the most advanced and customisable ransomware.”

The five-minute long infomercial demonstrates how easily a purchaser of Philadelphia can customize every aspect of the attack. The attacks can exclude specific countries, the ransom can be set to any amount, and ransom notes can be altered.

Buyers of Philadelphia can also activate Russian Roulette on the ransomware. This feature deletes a specified number of files from the victim’s computer at selected intervals.

Rainmaker Labs charges a one-time fee of $400 for a lifetime copy (including updates) to Philadelphia. Of course, the promotional video doesn’t mention that experts have already cracked the ransomware.

Sophisticated Interface, Unsophisticated Encryption

While the customizable nature of Philadelphia is unparalleled, the encryption it uses is not. Fabian Wosar created a decrypter for Philadelphia, and Emisoft offers it for free.

That’s good news for those who have the time and technical skill to download the program to restore their files, but not everyone has that capability. Even if victims eventually decrypt their files, hospitals or small businesses could suffer huge consequences for having lost control and access to data, even for a short time.

Ransomware Distributors Continue Changing Tactics

As antivirus software and computer users catch on to the tricks of ransomware distributors, cybercriminals will find new ways to spread their malware. The famous ransomware Locky all but disappeared before showing back up in a new distribution campaign.

To evade antivirus software, attackers hid the ransomware in a Word document hidden in a PDF attached to an email. We expect ransomware tactics to continue evolving as the public and security specialists become more sophisticated in avoiding infection. Take a look at the Philadelphia ransomware infomercial to see just how sophisticated this industry has become.

Leave a Reply

Your email address will not be published. Required fields are marked *