New research from global cybersecurity firm, Sophos, unveils an emerging threat in the realm of cyber attacks. Their latest report, `'Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch' highlights nineteen 'junk gun' variants of ransomware making rounds on the dark web. These cyber threat variants are independently produced, inexpensive, and crudely constructed, showing unique disruptive potential in terms of conventional cyber attack paradigms.

Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. This provides fresh opportunities for other malicious actors who see it as a chance to target small and medium-sized businesses (SMBs), and even individuals. The discussions around these 'junk gun' ransomware are predominantly taking place on English-speaking dark web forums catered towards lower-tier criminals, rather than the established Russian-speaking platforms that the high-profile attacker groups tend to frequent.

Christopher Budd, director of threat research at Sophos, explained the shifting landscape, stating, "Over the past two months, some of the biggest players in the ransomware ecosystem have disappeared or shut down... Nothing within the cyber crime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem - especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves."

These less advanced ransomware variants pose an attractive proposition for lesser experienced cyber criminals seeking access to the ransomware world. Besides, ads for these cheap ransomware variants are frequently associated with posts requesting advice and tutorials on getting started, indicating the 'do-it-yourself' trend in cyber crime. The median price for these 'junk gun' ransomware variants on the dark web is $375, making them significantly cheaper than some kits for RaaS affiliates which can cost more than $1,000.

Estimates show that these ransomware variants have been deployed in four attacks. These low-end versions of ransomware command significantly smaller ransoms compared to their more sophisticated counterparts, but their simplicity and affordability make them effective against SMBs: a fact reflected in over three-quarters of cyber incidents impacting small businesses in 2023.

The rise of this type of ransomware poses a unique challenge for defenders. As stated by Budd, "Because attackers are using these variants against SMBs and the ransom demands are small, most attacks are likely to go undetected and unreported. That leaves an intelligence gap for defenders, one the security community will have to fill."

The new report from Sophos points towards these 'junk gun' ransomware variants as potentially representing the next step in the evolution of the ransomware ecosystem, and underscores the need for continuous vigilance and adaptability in the face of an ever-changing cyber threat landscape.