An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model.
An Iranian developer is advertising on Telegram a Ransomware-as-a-Service called BlackRouter. The same expert advertises other malware and is believed to the author of another ransomware called Blackheart.
promotes other infections such as a RAT.
BlackRouter was first observed in May 2018, at the time experts at TrendMicro discovered legitimate application AnyDesk bundled with the Ransomware.
According to Bleeping Computer, security researcher Petrovic discovered a new variant of the BlackRouter Ransomware in January, but the MalwareHunterTeam stated that only differences between this variant and previous ones were an improved GUI and the implementation of a timer.
A researcher that goes online with the handle A Shadow told BleepingComputer that the same ransomware was offered as a RaaS platform in a hacking channel on Telegram by an Iranian developer.
The developer offers to its customers 80% of paid ransom payments, keeping for him the remaining 20%.
At the time, the BlackRouter was not widespread, Bleeping Computer reports only one submission to ID Ransomware since December 31.