Ran$umBin: Disruptive Innovation for the Black Market

By Susan Richardson, Manager/Content Strategy, Code42

Sometimes the ingenuity of the free market is truly remarkable. And in the case of the new black market for ransomed data, remarkably scary. One of the latest triumphs of the entrepreneurial spirit is Ran$umBin, a sort of eBay for ransomers—or as Dark Reading described it, “a one-stop shop for monetizing ransomware.”

The ransomware middleman

Much as eBay acts as the middleman for sellers of all sizes, Ran$umBin popped up in early 2016 to act as a proxy for data ransomers. The site gives cyber thieves three options: Lock up the victim’s data and use the site as a payment proxy for the ransom; “dox” the victim, posting the stolen, sensitive information on the site to add extra urgency to the payment demands; or sell the stolen data to a third party and let them handle the extortion (or use the data in some other way). The site provides an easy bitcoin-based payment interface, and Ran$umBin takes a cut of every payment.

Making the ransomware business easier, lowering risk for veterans and newcomers

Stealing or locking up data isn’t the tough part of the ransomware business (flawed systems and unreliable users make that way too easy). It’s the payment side—making direct contact with a victim and exchanging currency—that poses the highest risk. In eliminating this risk and handling the logistics of payment, Ran$umBin serves to streamline the business of ransomware.

Comparisons to eBay, Uber or Airbnb, are apt—and alarming—in this context. These disruptive innovations made it easy for the little guy to go into business for himself, particularly by streamlining and reducing risk around payment. Sites like Ran$umBin effectively lower the barrier to entering the cybercrime business, making it easier than ever for anyone to make money in the ransomware game.

Ran$umBin: We’re just an honest business—with great customer service!

The creators of Ran$umBin tell a familiar story, claiming that they’re a neutral business that just provides an honest service for activity that’s going on anyway. Interestingly, they say they view their responsibility as serving and protecting the “safety” of their customers, meaning both the data thieves and their victims. This business mission takes shape in the strange regulations that supposedly govern the site. Ran$umBin claims they validate stolen data to make sure it’s not inaccurate, old or irrelevant, though they don’t explain how this vetting is accomplished. An even more bizarre claim of business ethics: Ran$umBin says they won’t let an individual victim be extorted more than 10 times. But nine times is perfectly reasonable. How noble.

A sign of things to come

Ran$umBin hasn’t seen much activity so far, but that’s no reason for comfort. This is just the free market’s first shot at a solution for enterprising data thieves. Think of how Facebook took the MySpace idea to a higher level. With ransomware increasingly becoming big business, new and better versions of sites like Ran$umBin are sure to pop up soon, fueling the overall ransomware market with bigger incentives, more organization and greater sophistication.

The simple antidote: Back up your data—don’t pay the ransom

The free market drives some pretty crazy innovation, but it also follows some pretty simple rules. Namely, if the money dries up, the market looks elsewhere. Fortunately, snuffing out the cash flow to data thieves couldn’t be easier: Back up your data. When ransomware hits, you’ll be certain your data is preserved. You’ll be certain the restore will be fast and comprehensive. You’ll be certain that you never have to pay the ransom.