Cybersecurity experts at ZeroFox discovered an ad on the RAMP dark web forum for a new ransomware-as-a-service (RaaS) service called CryptNet. The announcement was published by a hacker with the nickname "shrinbaba".
CryptNet is advertised as being fast and completely inconspicuous with various features and functions, such as the ability to remove shadow copies and disable backup services, as well as encryption without an internet connection and a chat panel for negotiations. According to ZeroFox, CryptNet already managed to infect two victims at the end of April.
It is noteworthy that CryptNet gives the hacker 90% of the ransom. At the same time, this is the largest share in the RaaS services market, where affiliates usually receive 60-80% of the ransom amount. According to ZeroFox, CryptNet operators are ready to provide support to cybercriminals during ransom negotiations with the victim.
Initially, the announcement stated that there were no restrictions on the countries that could be attacked. But after a question from another forum member, the statement was subsequently removed from the original post. ZeroFox believes that the removal is due to the fact that Russia can also be attacked using CryptNet, which is taboo among Russian-speaking groups.