Just 39 USD for a lifetime license for Stampado Ransomware

The Stampado ransomware is a new threat available for sale on the Dark Web that was discovered by the experts at Heimdal security.

Security experts from the Heimdal security firm have discovered a new strain of ransomware dubbed Stampado that is available for sale on the Dark Web.

The Stampado ransomware is offered for sale with a lifetime license that goes for just $39, which is considered a very aggressive promotion.

The cost of $39 for a lifetime license is far less than any other ransomware offered in the criminal underground, even if it is sold for with a Ransom-as-a-Service model.

“Security Alert: New and Cheap Stampado Ransomware for Sale on the Dark Web – Heimdal Security Blog Stampado is a new ransomware family promoted through aggressive advertising campaigns on the Dark web.” states the blog post published by Heimdal Security firm.

“Its creators are probably aiming to appeal to as many buyers as possible by pricing it well below their competitors in the ransomware-as-a-service market: just $39 for a lifetime license!”

The malware author advertises the Stampado ransomware highlighting its simplicity of use and of course the low cost.

“Stampado is a cheap and easy-to-manage ransomware, developed by me and my team. It’s meant two [sic] be really easy-to-use. You’ll not need a host. All you will need is an email account.” reads the ad.

Once running on the infected PC, the Stampado ransomware would encrypt files and add the .locked extension to them. The malicious code doesn’t need administrator privileges for its installation.

The malicious code is very flexible and can be deployed in multiple formats (exe, bat, dll, scr, and cmd), according to Heimdal security the operators can also use binders, packers and crypters for distribution.

“The file can be sent in the following formats: exe, bat, dll, scr, and cmd.You can also use binders, packers and

You can also use binders, packers and crypters (although it’s FUD – do NOT send it to VirusTotal or other online AV sites because they distribute it to AV companies – even when they say that they don’t. Prefer scanning yourself).” continues the ad.

Victims have 96 hours to pay the ransom before the threat will start deleting a random file every 6 hours.

The author of the Stampado Ransomware also included in the ad a video that shows the malware in execution and provide instructions on how to decrypt the locked files.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –Stampado Ransomware, Dark Web)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.