The dark web marketplaces and undergrown marketplaces are full of vendors selling databases, weapons, illegal drugs and malicious software. Now security researchers have discovered yet another ransomware malware not only selling victims’ data but also selling them online.

Researchers from Heimdal Security have discovered a variant of the Jaff malware which is part of a larger cyber-server that sells out credit card information and various compromised bank accounts from all across the world.

More:  Hackers Selling Undetectable Proton Malware for macOS in 40 BTC

The Jaff Ransomware

The Jaff ransomware, as researchers like to call it, does not simply stop at stealing private information from the victim’s computer. Rather, it also allows attackers to capitalize further on that information by selling it on a dark web marketplace hidden deep within the darkest pits of cyberspace.

This is because it has been revealed that the Jaff ransomware shares server space with the dark web marketplace where not only the bank information of compromised accounts is present, but also information associated with users’ emails and their locations.

The information includes account data stolen from credit cards, PayPal transactions, payments made online on e-commerce portals such as Amazon and eBay and much more.

Furthermore, the cyber criminal does not have to go through any sort of verification process before being approved for purchasing information. As such, it makes it ever more efficient for attackers to purchase the compromised accounts that have a value of up to $275,241.

“Malicious hackers can use Bitcoins to purchase stolen credit cards, some of which have already been verified, and compromised accounts on Paypal, Amazon, eBay and many more,” said security researcher Andra Zaharia.“Prices per item vary from under a dollar to several Bitcoins. Access to the marketplace doesn’t include a vetting process, making the barrier to entry quite low for malicious actors of all kinds.”

The attackers can also use filters to select accounts with the highest value.

How does the ransomware work?

The Jaff ransomware works by sending an email with a PDF attachment. Once the user downloads the attachment, there is a link to the document that the user needs to click. Once clicked, the malware gets activated and starts to record or steal vital information without the user noticing.

The server of the ransomware has been traced back to Russia in St. Petersburg.

More:  Stolen Accounts and Bogus NYPD Badges for Sale at Dark Web Marketplaces

A self-sustaining malware economy

It seems that cybercriminals have finally made an economy of their own where they can either buy lucrative accounts being sold on the dark web or go for many short-term returns by launching ransomware attacks on users’ systems.

Or, they can use both and make incredible amounts of money that would just keep growing. Cryptocurrencies, on the other hand, are seemingly fueling this trend to an alarming extent.

This also means that corporations are finding it ever harder to deal with the issues as more advanced forms of ransomware are being unleashed in cyberspace.

The model of this newly discovered marketplace, for instance, is self-sustaining as criminals can purchase valuable accounts that belong to a number of countries such as Australia, New Zealand, USA, etc. and use the money to buy more.

Given that cyber criminals can now attack and steal at an exponential rate, corporations may not be able to overcome the incredible amount of cyber theft that will come as a result.

More:  Here's What a Samsung Galaxy S7 Hacked with Ransomware Looks Like

Source: Heimdal Security | Image Credit: Shutterstock


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Jahanzaib Hassan