Jokeroo Ransomware as a Service performs an exit scam
- Jokeroo RaaS said that its server has been seized by the Royal Thai Police in conjunction with the Dutch National Police and Europol.
- The RaaS is pretending that its service has been seized by the police, while it's actually exit-scamming with clients funds.
What is the issue?
On May 7, 2019, Tor sites for Jokeroo Ransomware as a Service displayed a notice on its website claiming that their server has been seized by the Royal Thai Police in conjunction with the Dutch National Police and Europol.
However, Europol denied the fact and stated that they were not involved in this case. This reveals that what Jokeroo Raas claims is fake and the Raas is conducting an exit scam.
What is Jokeroo RaaS?
Jokeroo is a Ransomware-as-a-Service that allows cybercriminals and would-be hackers to gain access to the ransomware and distribute the ransomware by signing up to the service. Upon signing up, the service provider offers ransomware and a payment server.
Jokeroo RaaS has been offered in multiple membership packages ranging from $90 to $300 and $600. In the basic package, a member earns 85% of the ransom payments.
What is an exit scam?
An exit scam is when a business stops providing it services and quietly steals away funds or goods from its members and clients. Clients would be unable to recover their lost funds in such a case.
Contents of the notice
“THIS HIDDEN HAS BEEN SEIZED
by the Royal Thai Police in conjunction with the Dutch National Police and Europol
What have you done?
The police investigation focus on the criminal activities of Jokeroo and the people behind Jokeroo. Jokeroo uses the Dutch (digital) infrastructure to provide services to criminals by renting out servers from which criminal activities can be deployed such as sending spam messages and causing RANSOMWARE attacks,
The takedown of Jokeroo is a coordinated effort by law enforcement agencies from Thailand and The Netherlands, Europol,” the notice read.
The bottom line
Jokeroo RaaS is pretending that its service has been seized by the police, while it's actually exit-scamming with clients funds.