Database marketplace Industrial Spy has launched its own ransomware campaign that encrypts victims’ stolen information.
The Industrial Spy trading platform sells various types of data stolen from companies, from millions of dollars worth of “premium” data to single files for as little as $2. The user can buy schemes, blueprints, technologies, political and military secrets, accounting reports, and client databases of competitors.
Last week, security researcher MalwareHunterTeam discovered a new sample of Industrial Spy malware that contains a ransom note.
“Unfortunately, we have to inform you that your company has been compromised. All your files have been encrypted and you cannot recover them without our private key. Attempting to restore it without our help may result in the complete loss of your data.
We have also scoured your entire corporate network and uploaded all sensitive data to our servers. If we do not receive a response from you within 3 days, we will publish your data on the Industrial Spy Market website, the letter says.
According to cybersecurity expert Michael Gillespie, Industrial Spy used DES encryption with a key that is encrypted using the RSA1024 algorithm.
When encrypting files, Industrial Spy creates a ransom note called “README.htm” in every folder on the device. In addition to the email address, the note also contains a TOX identifier for contacting the attackers.