Stampado Ransomware Starts Deleting Files If No Payment Is Made

A nasty new variant of ransomware known as Stampado is being actively promoted on the dark web, researchers at Heimdal Security have warned, with a lifetime licence costing as little as $39 (£29.15).

What makes this particular family such a nasty variant of ransomware, is that it is being touted as easy to use and manage, with no need for a host, only an email address.

Deletion Deadline

The creators even offer potential clients a promotional video of Stampado on Youtube, detailing some of its features.

For example, Stampado does not require administrator privileges to infect computers.

But even worse is the fact that victims have just 96 hours to pay the ransom. If the sum isn’t paid, Stampado will delete a random file from the victim’s PC every 6 hours.

“Cryptoware is such a big segment of the malware economy, malware creators have to constantly release new “products” to keep their clients engaged and the money flowing,” said Heimdal Security.

“Although we know it’s wishful thinking, we can only hope that this ransomware family won’t spread to affect too many users. Unfortunately, given the details we just mentioned, the opposite might just happen.

“The wisest thing that any user and organisation can do is understand how ransomware acts and spreads, going beyond data encryption. Once you’ve finally had that ‘a-ha!’ moment, you’ll understand why anti-ransomware protection is important and why data back-ups are a must-have!”

The discovery of Stampado comes after another nasty piece of malware was revealed this week. Cisco’s Talos Labs uncovered malware that poses as ransomware, which actually just deletes your files even if the ransom is paid.

That malware, which has been dubbed ‘Ranscam’, follows the conventional ransomware route by infecting a computer, encrypting the files, and then demanding a payment to unlock them.

Profitable Business

Ransomware unfortunately is a profitable business for criminals. SentinelOne researchers discovered last month that a new version of the CryptXXX family of ransomware had netted payments of about £26,000 during a period of less than three weeks.

And there is little doubt that ransomware is a huge threat nowadays, and it has hit all types of organisations including hospitals and even NASCAR racing teams. ESET has previously warned that the UK was being heavily targeted by ransomware.

Earlier this year the gang behind the TeslaCrypt ransomware shut down their criminal operation and apologised. The gang also handed over the universal master decryption key to the malware to security researchers ESET.

Are you a security pro? Try our quiz!