>>16I guess. Less profitable? Sure, but also less effort.
Ransomware involves:•Cryptography
•Packing/polyloading/polymorphism (to get around AV)
•Veil framework or some other stealth shit
•Social enegineering
•More in-depth knowledge of software development to actually make the ransomware -- maybe C or C++ with GTK+ for a simple GUI
•C2 infrastructure
•Tor hidden service or some shit -- a secure way for the ransomware to connect to a server that will contain the decryption keys
•Customer support (yes, really -- people who are dumb enough to get ransomware are too dumb to figure out how to use Bitcoin, so you need to help them)
•Bitcoin address(es)
•Some way of cashing out, which is easier said than done
•Spamming or otherwise getting people to click on your ransomware and running it -- possibly a trojan via some shit like CreateRemoteThread
•If you want it to be browser-based, you need a dark web EK like Sundown EK or whatever it is that people use these days -- but the problem is that more people are on mobile than desktop OSes, and even on desktop platforms, modern browsers typically have click-to-run for Flash
•Requires stolen credit cards if you want to buy ads on websites in order to drive traffic to your ransomware site (or in some cases, you can just use Flash ads to directly deliver the ransomware to people on sites that have ads (assuming the user doesn't block ads), but many ad agencies vet ads and disallow malware)
•Etc.
One problem with ransomware is it's usually Windows-only, so you will miss out on some potential victims. Of course, I've heard of things like traffic distribution systems like Keitaro, so in theory you could deliver different payloads to different users, but that's a lot of effort, don't you think? Also, some people actually do have backups, so they won't pay the ransom. Or some people simply can't afford to pay the ransom. So infecting someone with ransomware doesn't guarantee that they'll pay.
JS crypto mining involves:•Using Tor, but not needing to set up a Tor hidden service for a server
•Shodan or something else for mass scanning (like masscan) to find insecure sites
•Basic knowledge of web shells and file inclusion or file upload vulnerabilities
•Adding
<script src="miner.js"></script> to a web page
•Monero/CoinHive shit
Which do you think is easier?
Obviously, you shouldn't do either of them.
And I completely forgot to mention the browser locker tech support scam, which spawns pop-ups (or alert boxes or something?) to make it so a user can't click out of it, and then you trick them into paying for fake antivirus.That one is browser-based and OS-agnostic, which gives it the advantage over ransomware. Scammers like that usually charge around $400 or so.
These days, people are less likely to install things. They're less trusting of .exes and .dmgs. But they still go to websites. Web-based scams and malware is where it's at. Client-side shit is for boomers who still think of computers as primarily offline devices.