Sophos Discovers Low-Cost, DIY ‘Junk Gun’ Ransomware on the Dark Web


New Report: Junk Gun Ransomware Disrupts Ransomware-as-a-Service Model

In a groundbreaking report released by Sophos, a global leader in cybersecurity solutions, a new threat in the ransomware landscape has emerged. The report titled, “’Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch,” sheds light on the rise of 19 ‘junk gun’ ransomware variants that have been discovered on the dark web since June 2023.

These ‘junk gun’ ransomware variants are cheap, independently produced, and crudely constructed, disrupting the traditional affiliate-based ransomware-as-a-service (RaaS) model that has dominated the ransomware racket for nearly a decade. Attackers are now creating and selling unsophisticated ransomware variants for a one-time cost, targeting small and medium-sized businesses (SMBs) and individuals.

Christopher Budd, director of threat research at Sophos, highlighted the evolution of ransomware and the emergence of these cheap off-the-shelf ransomware variants. While they may not command million-dollar ransoms like other prominent ransomware groups, they can still be effective against SMBs.

The median price for these junk-gun ransomware variants on the dark web is $375, significantly cheaper than RaaS kits that can cost over $1,000. These variants require little to no supporting infrastructure to operate, making them attractive to newer cybercriminals looking to enter the ransomware world.

The security community faces a unique challenge in detecting and combating these new ransomware threats, as attacks against SMBs with small ransom demands are likely to go undetected and unreported. As the ransomware landscape continues to evolve, defenders will need to adapt to effectively combat these emerging threats.

To learn more about junk gun ransomware and the changing ransomware ecosystem, read the full report on

Related articles

Recent articles