Atom - Rebranding the Shark Ransomware Project - How to, Technology and PC Security Forum | SensorsTechForum.com

Atom – Rebranding the Shark Ransomware Project

stf-atom-ransomware-affiliate-program-logo

Atom is the new name given to the Shark ransomware project. The cybercriminals behind it rebranded it in an attempt to clear their bad reputation as they scammed other crooks who bought Shark ransomware. Atom is a ransomware-as-a-service (RaaS) and is keeping the 80:20 percent ratio money split from the previous project in favor of those who buy it.

Atom ransomware can be downloaded from the homepage of the Atom Ransomware Project. This Web page cannot be found by simply googling it and is not sold on the Dark Web either. You can find it on the Deep Web also known as the “invisible web” – part of the Internet, where pages are not indexed and do not appear in search results.

Shark ransomware was founded for the first time on the 15th of August, 2016 on the Deep Web. Its complex build which included the Perseus Trojan horse, plus the errorless delivery of its ransomware payloads made the Shark ransomware service look professional. However, the influence of the creator ruined that allure, when he scammed other cybercriminal newcomers out of their money. The service offered an appealing commission rate for distributers of the malware, which drew them in the first place. A bit later it was found that all of the profit went directly to the creator and nowhere else.

What Remains the Same for the Atom Ransomware?

After the rebranding of the project to “Atom”, new features were added, but some remained the same. Here is a quick reference list:

  • The commission’s percentage – it is still 80 percent in favor of the distributers
  • The ransomware-as-a-service – the project is still offered as a RaaS
  • The location of the service – the website is still only found on the Deep Web
  • The code – it remains complex and made by the same professional malware developer

What are the Changes for the Atom Ransomware?

The Atom Ransomware not only has a brand new name, but brand new features as well. According to Fortinet researchers, the RaaS system is changed to a “Ransomware Affiliate Program” and seems like an improved service. For example, instead of the previously used command line interface, Atom uses a new and easily customizable GUI is offered. It is called the Atom Payload Builder. You can view it from the following image:

stf-atom-ransomware-affiliate-program-gui-pauload-builder

As seen above, there are three settings – a Bitcoin address which the user sets up to receive his profit share, the Bitcoin fee which the ransomware will demand, and the list of file extensions that the cryptovirus will search to lock. The new Atom Payload Builder is different from the old one in that it creates a fully working executable file that drops the payload, instead of a configuration file that goes together with the main .exe payload file.

The Atom ransomware uses the well-known AES encryption algorithm in its full 256-bit glory. It encrypts files with the extension .locked. After all is set and done, the following ransom note will be shown on a compromised computer’s desktop:

stf-atom-ransomware-affiliate-program-ransom-note

All that is left for buyers of the Atom ransomware is to distribute it and they can choose the way of distribution themselves. That is in case anybody buys the ransomware after the fiasco with its previous version that scammed lots of cybercriminals. What do you think? Will this ransomware campaign yield any results or its creator missed that chance from the past version of the project?

Frequently backup your data and know that it is always a good idea to scan your computer for malware with a viable security program as a precaution.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.