Friday, June 23, 2017

The Darknet's Brickr Ransomware

Wapack Labs analysts observed an actor, on the darknet, advertising Brickr v1 Ransomware. Brickr v1’s purpose is “to be affordable, cheap and reliable product.” Buyers must contact the actor through Jabber or through the darknet forum's private messenger. Brickr v1 encrypts a user's personal files, if executed. To receive the decryption key, a ransom must be paid. As of 28 May 2017, Brickr v1 was for sale at $80.00 via Bitcoin (BTC). An article was published on how to remove Brickr Ransomware using task manager, which prompted the actor to include a new feature that will temporarily disable the task manager when executed. The actor revealed that Brickr v2 is under development and will include upgraded features. Wapack Labs will continue to monitor the forum, track all versions of this malware, and attempt to identify the actor.

Wapack Labs has cataloged and reported extensively on ransomware in the past. An archive of related reporting can be found in the Red Sky Alliance portal.