Cyber Heist Twist: “Salfetka” Sells INC Ransom Source Code Amid Team Turmoil

Looking to unleash some cyber chaos? “Salfetka” might hook you up with INC Ransom’s code for a cool $300k. But hurry, only three buyers get to decrypt the fun! #RansomwareSale #CybercriminalBargains

Hot Take:

Well, folks, it looks like the cybercrime equivalent of a garage sale is upon us! “salfetka,” the shadowy entrepreneur of the cyber underworld, is hawking the source code of INC Ransom like it’s a barely-used treadmill. For a cool $300,000, you too can own a piece of malware history. But act fast—this offer is limited to three lucky buyers. I can’t help but wonder if this is the cyber version of a ‘going out of business’ sale or just a really niche episode of ‘Antiques Roadshow.’

Key Points:

  • “salfetka” is selling the source code for INC Ransom’s Windows and Linux/ESXi versions on the dark web forums.
  • They’re asking for a modest $300k and limiting the sale to three buyers—talk about exclusive merchandise!
  • Details in the sale post match public analyses of INC Ransom, adding a veneer of legitimacy—or a really well-crafted scam.
  • INC Ransom is also moving to a new shady URL, potentially indicating internal drama or just a change in decor.
  • Buying ransomware source code could be a game-changer for new threat actors or a rebranding strategy for old ones.

Need to know more?

There's No Business Like Snow Business

Let's talk about the sensational sale that's got the dark web buzzing. "salfetka" is not just a fan of fancy table linens but also a connoisseur of cyber weapons. They're selling not one, but two versions of INC's ransomware, and the details are so juicy they could be from a tech thriller. KELA's analysts have cross-checked the forum's tech specs, and it's looking like "salfetka" did their homework. But remember, kids, on the internet, nobody knows you're a dog—or a scammer.

Leak Site Real Estate

Moving on up to a deluxe website in the sky, INC Ransom is leaving its old digital digs for a new TOR address. They're even keeping the old site up as a sentimental reminder for two to three months—how sweet. The new site features some old faces and a dozen new victims to keep things fresh. But with only half the past victims making it to the new list, one has to wonder if this is a mere relocation or a full-blown witness protection program for malware.

Is This a Ransomware Reunion?

Who doesn't love a good reunion tour? INC's new extortion page is giving off serious Hunters International vibes, leading cyber sleuths to speculate about a possible team-up. And let's face it, in the world of ransomware, recycling is hot. Rebranding might just mean slapping a new label on the same old malicious code. Why reinvent the wheel when you can just repaint it and sell it as new?

Pandora's Box of Digital Doom

Last but not least, let's chat about the potential consequences of this cyber yard sale. If this source code falls into the wrong hands (because they're usually in the right ones, right?), we could see a surge in ransomware attacks. With the Linux/ESXi version being rarer than a well-mannered internet troll, it's a hot commodity for hackers wanting to level up in the world of digital destruction. So, if you see a sudden uptick in online baddies, you might have "salfetka" to thank for that.

Tags: Data Leak Extortion, network access brokers, RaaS, ransomware encryptor, Ransomware Rebranding, ransomware-as-a-service, source code sale