Crowdsourced Ransomware Developer Hasn't 'Made a Single Cent'

It's a great idea, but no one seems to be making money from crowdsourced ransomware yet.

Joseph Cox

Joseph Cox

Photo: Shutterstock

Ransomware is booming. New, devilish variants of malware that hold your files hostage continue to be revealed, and the scene appears to be one of the most vibrant areas of cybercrime at the moment.

But one hacker who has developed a piece of crowdsourced ransomware—malware that is free for anyone to download and then distribute—claims he hasn't made any cash from the venture at all.

"I've still haven't made a single cent yet," the creator of Encryptor RaaS, who used the handle Jeiphoos, told Motherboard in an online chat. Encryptor RaaS is one of a handful of ransomware variants that are putting a spin on the now established ransomware formula.

Typically with ransomware, a hacker will either create or purchase a piece of malware, and then try to infect as many targets as possible. This might be done through tricking the victim into clicking a phishing link, exploiting the target computer's auto update mechanism, or a number of other ways. They then keep whatever money they manage to squeeze out of the victims.

Crowdsourced ransomware, meanwhile, outsources that distribution phase. The malware creator allows anyone to download their product for free, and those collaborators then attack targets as they see fit. Once the victim pays up, the creator and distributor split the profit, with more cash usually going to those who proliferate the malware. Jeiphoos, for example, takes a 20 percent cut from each ransom, which is, naturally, paid in Bitcoin.

On the face of it, the model has the potential to radically change how the growing business of ransomware works, by allowing just about anyone to get in on the action. But, judging by Jeiphoos' case, things aren't going too well.

Infecting a target "sounds easier than it is," and too few people had downloaded the software in the first place, Jeiphoos said.

"There are 226 non demo customer IDs for now," referring to the number of people who have decided to use Encryptor RaaS, while there are apparently 330 victims at the time of writing, Jeiphoos said. But as mentioned, none of those have paid, for whatever reason.

One victim did claim to hand over the ransom, "but he was just trolling me," Jeiphoos said.

When asked whether crowdsourced ransomware will take off, Jeiphoos said "I hope so," but added that "I can't look into the future."