Swamp RAT Ransomware

There is something of a perplexing discrepancy between the way the Swamp RAT Ransomware presents itself and what it does. At first glance, the malware seems to want to indicate to the infected user that it is a piece of ransomware. A somewhat unorthodox form of ransomware that forces its victims to view pornographic material of a gay nature, instead of asking for cash in return for access to their encrypted files. However, a second glance reveals that this veneer of danger is only for show. The Swamp RAT “Ransomware” does not encrypt the user’s files. Therefore, it can’t be classified as a piece of ransomware. It’s the RAT part of its name that is accurate, because it is a Remote Access Trojan, with all the dangers that this represents.

An interesting detail that can be noted when examining the “ransomware” note that Swamp RAT Ransomware displays, is that it seems to be written in a stereotypical informal British manner, with attention being drawn to the use of the words “innit” and “mate.” Judging by this, as well as the fact that it employs proper grammar, which is rare for a ransomware note, one could conclude that this piece of malware originated from a location where informal British English is the norm. Either that or its author or authors took some care to make it appear that it did.

Unfortunately, while there may be some clues to the author’s origin contained in the “ransom” note of the Swamp RAT Ransomware, the reasoning behind their demands seem incomprehensible entirely. The vulgar and seemingly deliberate provocative imagery and language used may be taken as an indication that the author or authors weren’t taking themselves too seriously. Is this some sort of joke on their part, are they just trying to humiliate people, prove a point or make some sort of statement? As of the writing of this article, their goals remain unclear.