Atom Ransomware

The Atom Ransomware is a new version of the Shark Ransomware Project, which was first observed by PC security researchers in July of 2016. The Atom Ransomware is simply a rebranding of this ransomware brand, perhaps motivated by the fact that PC security analysts paid close attention to the Shark Ransomware, particularly how it works. After all, ransomware and other con artist activities tend to prefer operating out of the eye of public scrutiny. The Atom Ransomware, like Shark, also is available on the public Web, not requiring potential customers to connect using their preferred method, the Dark Web through the Tor Web browser, which is considered safer because of its anonymity. The Atom Ransomware is similar to Shark in that it runs using WordPress. However, the Atom Ransomware is much better than Shark at hiding its admin panel login.

The Atom Ransomware Allows Extortionists to Create Customized Ransomware Infections

The content of the Atom Ransomware website, which gives potential con artists instructions on how to build an Atom Ransomware variant reads:

ATTENTION!
I RECOMMEND YOU TO RUN THIS SOFTWARE ON VIRTUAL PC!!!
1) Press "TRY TO UPDATE"
2) Enter your bitcoin address (example: "1CK6KHY6MHgYvmRQ4PAafKYDrg1ejbH1cE")
3) Enter your decryption price (example: "1.545")
4) Enter extensions to encrypt (example : "txt,xml,xmlx,zip")
5) Press "BUILD"
6) Copy your tracking ID to see statistics on site
7) Spread your version of payload
I recommend you to regenerate payload every 2-3 days to avoid AV detection.
Recommended Decryption Price: from 0.1 to 0.5 BTC
Extensions list: hxxp://www.file-extensions.org/extensions/common-file-extension-list

Con artists also include the 'the Atom Payload Builder,' which provides the means for creating the Atom Ransomware variants in the form of a downloaded executable file in EXE format. The Shark ransomware had a similar functionality, but building the payload was done directly on the website. This threat carries out a typical ransomware Trojan attack, encrypting the victim's files and then demanding the payment of a fee in exchange for the decryption key.

How the Atom Ransomware can be Adapted to Carry out Attacks

According to the Atom Ransomware RaaS (Ransomware as a Service) information Web page, the following are some of its characteristics:

Fully Customizable - You can choose file formats and price for your attack.
Fast Algoritm - It uses a fast and reliable encryption algorithm.
Fully Translated - The program supports multiple languages.
Monetization - You will receive 80% of the payment amount directly to your Bitcoin wallet.
Fully Automated - Receiving payments is fully automated.
Undectecable by AV - Every day we change the source code, to avoid the appearance in anti-virus databases.

The con artists that distribute the Atom Ransomware allow their clients to create a fully customized ransomware Trojan and then keep 20% of the money collected from the victims of these attacks. However, potential clients of the Atom Ransomware would be smart to hire the Atom Ransomware with a bit of skepticism. Although the RaaS industry has been on the rise in the last year, there have been numerous cases of RaaS providers tricking their clients, failing to pay and simply using their 'clients' as ways to distribute their ransomware payloads further. These may then retaliated by releasing code related to the RaaS payload, which helps PC security researchers. Essentially, there is no honor or trust among con artists, and we cannot forget that the Atom Ransomware and other RaaS services are providing a con artist service essentially. Considering that the Atom Ransomware is hosted on a public Internet website that is receiving widespread attention, and its business model, it is likely that malware researchers will crack the Atom Ransomware in the near future and provide a decryption utility to potential victims of these attacks. Malware researchers advise victims of an Atom Ransomware infection meanwhile to deal with the threat in the same way as with other ransomware Trojans, removing the threat from the infected computer with the help of a reliable, fully updated anti-malware application, and then restoring the compromised files from a backup.