Forcepoint Security Labs has identified a new form of ransomware called “CradleCore” – a crimeware kit that is currently being offered to cybercriminals looking to own custom ransomware. “Cradle Ransomware” as it is also being known is peculiar in the sense that it is being sold as source code. Typically, ransomware is monetised by developers using the RaaS business model. Only if that doesn’t work will the developers then consider selling the source code. In this case it is being sold as a one off source code which suggests that CradleCore may be a first or side project of someone with limited experience of malware business models looking for extra income. It also means that anyone who purchases it will not only be able to update the ransomware but also share the source code to others. Ultimately, this may result in other ransomware variants stemming from CradleCore’s source code.
Carl Leonard, principal security analyst at Forcepoint, said:
“This latest discovery is another example in the current pandemic of ransomware. Whilst this case appears to have been developed by someone with limited experience of the malware business, it shows how low the barrier is to entry into cybercrime. Furthermore, the fact that anyone who purchases it will also be able to update the ransomware and share the source code with others, highlights how incidents like these may well lead to more and more individuals finding themselves tempted to ‘have a go’.
Forcepoint customers are protected against threats like these but we urge everyone to be alert, to take care when opening attachments and to ensure senders are verified.”
More information on this is available on the Forcepoint blog.