The ransomware-as-a-service (RaaS) market is getting disrupted, which has armed hackers with easy-to-use, off-the-shelf, and affordable ransomware solutions. The market, which has witnessed the disappearance of big players for over two years, is getting populated with ‘Junk Gun’ ransomware on the dark web.

The new family of ransomware is attracting ‘buyers’ because it is very cheap. According to a Sophos research report, The median price for these junk-gun ransomware variants on the dark web was $375, significantly cheaper than some kits for RaaS affiliates, which can cost more than $1,000.

Junk gun ransomware discussions occur primarily on English-speaking dark web forums aimed at lower-tier criminals.

“Over the past two months, however, some of the biggest players in the ransomware ecosystem have disappeared or shut down, and, in the past, we’ve also seen ransomware affiliates vent their anger over the profit-sharing scheme of RaaS,” Christopher Budd, Director (Threat Research) of Sophos, said.

“Nothing within the cybercrime world stays static forever, and these cheap versions of off-the-shelf ransomware may be the next evolution in the ransomware ecosystem—especially for lower-skilled cyber attackers simply looking to make a profit rather than a name for themselves,” he said.

As the name suggests, this family of ransomware is crudely made and unsophisticated compared to its robustly built peers.  

“They can still pack a punch,” cybersecurity solutions firm Sophos has said.

Over the last ten months, the company has discovered 19 such ‘junk gun’ ransomware variants, which are cheap, independently produced, and crudely constructed, on the darkweb.

“The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based RaaS model that has dominated the ransomware racket for nearly a decade,” a Sophos report said.

Instead of selling or buying ransomware to or as an affiliate, the attackers create and sell these unsophisticated ransomware variants for a one-time cost—which other attackers sometimes see as an opportunity to target small and medium-sized businesses (SMBs) and even individuals.

The report indicates that cyber attackers have deployed four of these attack variants. While the capabilities of junk-gun ransomware vary widely, its biggest selling points are that it requires little or no supporting infrastructure to operate and that users aren’t obligated to share their profits with the creators.