Locky and Goliath Ransomware Sold Through Malevolent Dark Website

The world of hackers and cybercrooks is starting to flip on its axis as they set out to conduct strange practices as of late. Among those practices, hackers are starting to sell off ransomware over the dark web, an encrypted network that only those with Tor browsers may access its contents, which are made up of databases and web services that remain inaccessible by common web browsers and search engines.

The ransomware currently being sold over the dark web are the famous Locky Ransomware, which was responsible for extorting thousands of dollars from a Hollywood hospital, and the Goliath Ransomware, which is relatively new to the scene.

Discovered and revealed by BleepingComputer's Lawrence Abrams, are the details of an area on the dark web that is titled "Hall of Ransom," which has four pages explaining the sale of ransomware and the identification of the "programmers." The language throughout the pages is mostly remedial and doesn't use proper English grammar. However, the message is rather clear in that the sellers of Locky and Goliath Ransomware look to promote their malware and make off with $3,000 for each sale of Locky.

Digging deeper into the dark web site that offers ransomware for sale you will discover that it also offers up a USB key that supposedly removes the ransomware but costs $1,200. Strangely enough, the fee for obtaining a Locky decryption key is only $250, which would essentially decrypt files that have been encrypted by the Locky ransomware on an infected computer. However, the decryption method will not remove the Locky ransomware from your computer.

As far as Goliath ransomware goes, it is also being offered over the dark web for a price of $2,100. The source code of Goliath ties it with Locky giving the impression the same hackers created it. Though, Goliath ransomware is described by Abrams as being almost non-existent when it comes to distribution. Abrams further downplayed the threat, saying, "Some of its features just do not make sense, such as the need for a high end GPU card, unless they are introducing a cryptocoin mining feature. I and others have searched high and low for a sample of the Goliath ransomware, and if it exists, it is in almost non-existent distribution."

Abram's research has shown a potential link between another variant of ransomware, called Jigsaw, which is also relatively new in the game of crypto-ransomware. Jigsaw has been ousted as a ransomware to delete files incrementally on an infected computer each hour that the ransom is not paid.

During the peak of Locky ransomware's infection rates, there were around 90,000 infections per day. Now, Locky ransomware looks to garner additional revenue for its creators by selling off the actual infection for $3,000. Moreover, touted as a newer variation of Locky, Goliath ransomware is the next new hope for the perpetrators of the latest string of ransomware. If we have learned one thing from the recent events surrounding the proliferation of ransomware, is that we should expect the unexpected and never limit the potential possibilities of ransomware creators, no matter how bizarre they may appear.