Meet Shark, a ransomware project discovered by Serbian security researchers GrujaRS and reported by Softpedia. The project is freely distributed on the Deep Web. However, a deeper look into Shark revealed that it’s a scam even though it delivers valid ransomware payloads.
Shark ransomware can be downloaded from the Shark Ransomware Project’s homepage. As reported by Softpedia, the page is not on the Dark Web and is not accessible via Google. It’s located on that section of the public Internet where search and indexing bots can’t reach it.
The ZIP file that is downloaded, PayloadBundle.zip, unpacks into three files:
- ReadMe.txt – see below
- PayloadBuilder.exe – the builder of the threat used for the creation of customized versions
- Shark.exe – a version of the ransomware
The ReadMe.txt file contains the following:
Attention! We recommend you to use a virtual machine when working with this files. And do not run payload.exe on your PC. Good luck!
More about the Shark Ransomware Project
On its website, the ransomware claims that its builder can be employed:
- for different file formats to encrypt
- to choose the folders to target
- to choose a Bitcoin wallet
- to set a ransom fee in exchange for decryption key
According to researchers, the builder’s design is effective as it offers the user to apply country-based filters for the ransom note.
According to Shark Project’s creators, their ransomware can be translated and can evade detection by AV software.
So, Where Is the Catch with Shark Ransomware? Why Is It a Scam?
Shortly put, Shark employs a centralized payment system. The system allows the crook to keep 20% of the ransom payments. Then it redirects the rest of the payments to the people who distributed it.
GrujaRS, the researcher who contacted Softpedia, told them that:
50% of the distribution would not be tempting, but 80% sounds good. Unfortunately, many young people will not resist the challenge. This evil has no end. Pandora’s box is open.
Furthermore, researchers warn that Shark’s promotional campaign was based on spamming and was banned from underground forums like Megatop. All of these factors point to the fact that the whole project may be more a scam than an actual ransomware-as-a-service scheme. This may be just an attempt of an experienced cyber crook trying to trick newcomer crooks into spreading his piece of code while keeping the profits for himself.
The fact that the Perseus Trojan is present in the downloadable archive is an indication that whoever has put the whole thing together is not an amateur. Moreover, the Shark builder creates flawlessly working ransomware payloads.
We will be following the Shark ransomware story as it is very likely to unfold in the weeks to come. Autumn is coming and cyber crooks will be getting more active – people will soon be over with summer vacations and will be returning to their PCs. So, backup your data and update your AV software!
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter