Now You Can Buy Your Own Custom Ransomware

Shark Ransomware lets you customize the experience of holding someone's files hostage

Illustration: Diana Quach
Aug 26, 2016 at 8:30 AM ET

Ransomware has become so popular, you can try it on your friends.

Users on several English and Russian language hacking forums are advertising a new twist on the practice of infecting people’s computers, encrypting their files, and demanding a payment to unlock them. Instead of limiting their spread of that kind of malicious file to the people they can directly infect, some criminal software developers are now offering to custom-build a modified ransomware for you, which you would then distribute as you see fit.

Calling itself Shark Ransomware, it seems to work in principle like most ransomware, in that it affects a Windows computer, locks some files, and demands a bitcoin payment to receive a key to get them back. The software itself is free, but when someone pays, the developer automatically takes a 20 percent cut of the ransom.

“Samples we’ve analyzed makes it looks like it does in fact work,” Adam Kujawa, Head of Malwarebytes Labs, a cybersecurity firm that specializes in ransomware, told Vocativ. “As far as how much business they’re getting, who knows for sure? It seems a little amateurish.”

There is, of course, not a whole lot of flair you can add to such a ransomware shakedown. An analysis of Shark Ransomware by security researcher David Montenegro found that it allows users to adjust how much to ask for, what types of files to target, and which email address, if any, to set as a way to contact the criminals.

To date there isn’t a known, open-source “decrypter,” or easy means to overcome such an attack, for Shark. That means that like with any ransomware, the best way to deal with it is to not get infected in the first place: Don’t download suspicious files, and frequently back up your computer.

“If you were to get hit, it’s a moral quandary at this point,” Kujawa said. “Between how much ransomware is out there and my desire not to give criminals money. In the very worst case scenario, when you have to get your files back, negotiating is a choice.”