Over the past few years, we have seen some troublesome evolutions in cybercrime. One of those worrisome trends is known as ransomware-as-a-service (RaaS). A new type of RaaS known as Philadelphia is making a lot of headlines. This particular service is run like a legitimate business, and it even has its very own professional YouTube video.

Philadelphia RaaS Acts Professionally

The Black Hat 2017 conference is always interesting to follow, and a lot of valuable information is shared with the public. One of the presentations which caught our eye revolved around the Philadelphia ransomware-as-a-service platform. It appears this particular criminal service is operated like a regular business, complete with a professional YouTube video. Gaining access to the platform still requires a Tor browser of some kind.

One can purchase Philadelphia RaaS for US$400. Considering the price, there will be quite a few interested parties. Buying a “license” gives customers access to holding computer data for ransom. It appears the Philadelphia team will handle this process on your behalf, which is rather unusual.

Philadelphia is mainly advertised on darknet forums, which is also where most of its customers will come from as well. The platform itself, operated by The Rainmaker Labs, appears to offer multiple tools to its customers as well. While Ransomware is their main bread and butter, there is also a focus on helper tools and “other stuff,” leaving a lot of room for speculation.

Additionally, the platform has its own professional introduction video on YouTube, rather than hiding it on the Darknet as well. That is quite a bold move since no other ransomware developers have ever been so blatant in their marketing. This goes to show that online criminals have gotten a lot more comfortable advertising their projects. That is not a good sign.

The Philadelphia platform was created by the same people who developed the Stampado ransomware strain in 2016. The Philadelphia strain is far more advanced, which also explains the tenfold increase in price. So far, several arrests have been made relating to people who purchased this malware from the darknet platform, including one teen who infected a local company. Going after domestic targets is never a smart idea and will only attract unwanted attention from law enforcement agencies.

This is only one of the many evolutionary steps for ransomware-as-a-service that we will witness in the years to come. This particular business model has been quite popular in recent months, and it still seems to be a very profitable business when done right. Coming up with new solutions and tools to one-up the competition will be very challenging. Philadelphia is one of the top solutions on the market right now, but it is only a matter of time until new variants are discovered.