Goliath Ransomware

The Goliath Ransomware is related to the rise of the RaaS (Ransomware as a Service) industry. There is a Deep Web website that is associated with the Goliath Ransomware, which advertises products and services related to ransomware attacks. This website is named 'Hall of Ransom.' Like most Deep Web websites, the Goliath Ransomware's website is accessed using TOR. This website sells Locky, a well-known ransomware threat, for $3000 USD. Locky is delivered using corrupted Microsoft Word macros that are distributed as spam email attachments. Locky has being used in high-profile attacks against medical institutions, which have had to spend thousands of dollars each to decrypt the affected files. Locky itself has been responsible for at least 90,000 daily attacks in the last three months! One alarming aspect of this website is that it also advertises a 'new generation of ransomware,' named the Goliath Ransomware.

The Goliath Ransomware may be Acquired by Anyone!

This website also advertises a 'USB key' that, for $1200 USD, supposedly decrypts the files encrypted by Locky. Since this is not possible, this is clearly part of a hoax where con artists take advantage of other fraudsters! This website sells the Goliath Ransomware for $2100 USD. According to this website, the Goliath Ransomware is derived from the Locky's source code. Supposedly, the Goliath Ransomware is designed for beginning attackers who are just getting started in the world of ransomware distribution. According to the Goliath Ransomware's advertising, the Goliath Ransomware has a high infection rate and allows con artists to carry out ransomware attacks with a single click. PC security analysts have linked the Goliath Ransomware and its related website to a different ransomware variant named Jigsaw, which is mentioned in the websites HTML code. Jigsaw is especially difficult to deal with because it deletes files on the victim's computer incrementally for every hour that passes in which the ransom is not paid. This pressures victims into paying the ransom amount quickly.

The Goliath Ransomware and Other RaaS Encryption Ransomware Trojans

Threats like the Goliath Ransomware may be sold on the Deep Web. In many cases, threat creators are not the same people that distribute and profit directly from the attacks. One of the reasons why threats like the Goliath Ransomware are attractive to con artists is that they promise a quick return on investment. This has made it profitable for many threat creators to distribute their threats as a service, allowing con artists to use the ransomware and handling all aspects of demanding payment and delivering decryption keys after payment was made. There are many ransomware threats that use RaaS models, including such attacks as ORX-Locker, Mischa, Petya and Cerber. High profile ransomware threats, such as TeslaCrypt 3.0, have also moved to a RaaS model in recent months. In some cases, such as with the Tox Ransomware Trojan, third parties offer their services for free and earn a percentage (in the case of Tox the percentage is 30%) of each payment made by the victims.

According to the Goliath Ransomware's website, this threat uses a VPN (Virtual Private Network) and is designed to infect Windows computers. The Goliath Ransomware does not make sense in all aspects and has not been observed in the wild currently. In fact, it is even a doubt whether the Goliath Ransomware exists or if it is a hoax used to profit from inexperienced would-be con artists. One of the aspects of the RaaS industry and similar attacks is that it has attracted many people that have absolutely no experience with the cybercrime, but see it as a profitable investment. The Goliath Ransomware may be part of a hoax created by the same threat creators as a way to make money off of possible con artists that do not understand how these attacks work.