A threat actor known as “phant0m” is promoting a new Ransomware-as-a-Service (RaaS) on OnniForums, a notorious dark web forum. The new ransomware, named “SpiderX,” is designed for Windows systems and boasts a suite of advanced features that make it a formidable successor to the previously infamous Diablo ransomware.
Phant0m introduced SpiderX in a detailed post titled “Introduction to the SpiderX Ransomware,” claiming that after months of development, this new ransomware is ready to take the place of Diablo.
The post highlighted SpiderX’s ransomware-enhanced capabilities and the improvements over its predecessor. Phant0m described SpiderX as incorporating all the features of Diablo, with additional functionalities designed to make it more effective and harder to detect and remove.
After a few months of hard work, | would like to announce the release of my brand new Spiderx Ransomware. It will be the successor of my Diablo which served its purpose really well but itis finally time to upgrade things to a whole new level,” reads the threat actor post.
Key Features and Capabilities of SpiderX Ransomware
SpiderX is written in C++, a choice that phant0m claims offers faster execution compared to other languages like C# and Python. This language choice, combined with the ransomware’s small payload size (500-600 KB, including an embedded custom wallpaper), ensures quick and efficient deployment.
ChaCha20-256 Encryption Algorithm:
One of the standout features of SpiderX is its use of the ChaCha20-256 encryption algorithm. Known for its speed, this algorithm allows SpiderX to encrypt files much faster than the commonly used AES-256, thereby reducing the time it takes for the ransomware to render a victim’s files inaccessible.
Offline Functionality:
Like Diablo, SpiderX does not require an internet connection to execute its primary functions. Once initiated, it can encrypt files on the victim’s computer and connect external devices (such as USB drives) without needing to communicate with a remote server. This makes SpiderX particularly stealthy and difficult to detect during its initial attack phase.
Comprehensive Targeting:
SpiderX extends its reach beyond the main user folders on the Windows drive. It targets all external partitions and drives connected to the system, ensuring comprehensive encryption. This includes USB drives and other external storage devices that may be connected post-attack, which will also be encrypted, amplifying the attack’s impact.
Built-in Information Stealer:
A new feature in SpiderX is its built-in information stealer. Once the ransomware is executed, this component exfiltrates data from the target system, compresses it into a zip file, and uploads it to MegaNz, a file transfer and cloud storage platform. This stolen data can include sensitive information, which the attacker can then exploit or sell. The process is designed to leave no traces, covering its tracks to avoid detection.
Persistence and Silent Operation:
SpiderX is designed to be fully persistent, running silently in the background to continue encrypting any new files added to the system. This persistence ensures that the ransomware remains active even if the victim tries to use the system normally after the initial attack.
Marketed to Cybercriminals
Phant0m is marketing SpiderX to other cybercriminals at a price of US$150, accepting payments in Bitcoin and Monero, which are favored for their anonymity. The affordable price and powerful features make SpiderX an attractive tool for malicious actors looking to carry out ransomware attacks with minimal effort.
Implications and Threat Assessment
The introduction of SpiderX on the dark web marks a significant escalation in the capabilities of ransomware available as a service. Its advanced features, such as the ChaCha20-256 encryption algorithm and built-in information stealer, coupled with its ability to operate offline, make it a highly effective and dangerous tool. The persistent nature of the ransomware and its comprehensive targeting of connected devices further increase its potential impact.
As ransomware continues to evolve, tools like SpiderX represent a growing threat to cybersecurity. What is most concerning is the potential widespread use of SpiderX due to its low cost and high efficiency.
The capabilities and ease of deployment of SpiderX ransomware highlight the need for vigilance and advanced security measures to protect against increasingly sophisticated cyber threats. Organizations and individuals are advised to enhance their cybersecurity measures, including regular data backups, updating software and systems, and employing enhanced security protocols to mitigate the risk of such attacks.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
