Ran$umBin a dark web service dedicated to ransomware

A group cyber criminals created Ran$umBin, A Dark web service which operates the one-stop shop for monetizing ransomware.

These days Ransomware are quite common and it is widespread and heavily used by cyber criminals as common tools to steal data as well as extort their owners. Few days back we had seen a new type of ransomware JIGSAW that caused psychological distress and then would probably encrypt all your data. This can be risky for the cyber criminals due to the fact that such operations require interaction with the victim and if the victim is ready to pay to get their stolen data back, it isn’t that easy to monetize such attacks. It’s just not an easy task for a cyber criminal to find a trustworthy Bitcoin launder, and to monetize their crime which can minimize the risk.

This can be risky for the cyber criminals due to the fact that such operations require interaction with the victim and if the victim is ready to pay to get their stolen data back, it isn’t that easy to monetize such attacks. It’s just not an easy task for a cyber criminal to find a trustworthy Bitcoin launder, and to monetize their crime which can minimize the risk.

A group of underground cyber criminals took advantage of this kind of situation and created Ran$umBin, A Dark web service which operates the one-stop shop for monetizing ransomware. Ran$umBin is specialized for both criminals as well as the victims. It lets the criminal upload stolen data which contains user credentials, credit data, stolen identities and any other kind of cyber-loot and on the other hand it lets the victims pay for the removal of those stolen data from the Dark Web, where any cyber criminal can buy the stolen data.

The below dump from Ran$sumBin contain’s username as well as password.

It has been found that Ran$umBin has been active for under two months. The business model is quite simple as well as its very user-friendly. Cyber criminals can upload stolen data and either sell it to other criminals or extort the data’s owner by the site takes some commission.  The site’s combination is determined the identity of the data owner whether he is a criminal belonging to a pedophile would pay $100 and the site would take a 30% commission. On the other hand, if the criminal is looking for data related to the celebrity or a law enforcement representative, the site would double the commission to 40%. Alternatively, the criminal who uploads the data and either choose their own ransom demand and send their victim instruction on how to log into Ran$umBin and pay.

The site’s combination is determined the identity of the data owner whether he is a criminal belonging to a pedophile would pay $100 and the site would take a 30% commission. On the other hand, if the criminal is looking for data related to the celebrity or a law enforcement representative, the site would double the commission to 40%. Alternatively, the criminal who uploads the data and either choose their own ransom demand and send their victim instruction on how to log into Ran$umBin and pay.

The founder of Ran$umBin has defined the service as a new kind of one-stop ransom market. They will not send extortion messages to victims, and look themselves as responsible only for the safety as well as the privacy of their users.

But what in this case if a victim is being extorted again and again using Ran$sumbin?

The criminals assure that nobody gets extorted more than times in order to keep their offering fresh (No promises). But they assure that the stolen data is validated to make sure that the data isn’t old or irrelevant.

So far it is unknown who runs this operation, but based upon their language and their service structure, it is predicted that these are American Players. In fact, they also promote their service using a designated Twitter Account and have gained some traction among cyber criminals on the other hand this service has also been referred on different forums.

There is a huge team of cyber criminal teaming in the cyber underground with markets of all kinds, Certainly this type of market was to evolve. Ran$umBin’s operators are indeed American, their initiative might not hold for a long time. The North American underground market is less secretive than similar markets in Russia, Brazil, or the far east.

Often this kind of websites is taken down by authorities. In keeping a hope that in the future we and our loved ones shouldn’t be one of the victims.

Let’s keep a strong hope that this one will suffer and taken down immediately by the authorities.

Written by: Imdadullah Mohammed

Author Bio: Imdad is an Information Security Consultant, He is also a Moderator for Pune Chapter of Null – The open security community in India and Also core member of Garage4hackers. A true open source and Information Security enthusiast. His core area of expertise includes Vulnerability Assessment and Penetration Testing of the Web application, Mobile application and Networks, as well as Server Hardening.

[adrotate banner=”9″]

Edited by Pierluigi Paganini

(Security Affairs – Ran$umBin, ransomware)