"Philadelphia" is a type of encryptingransomwaremalware created in 2016.^[2] It was originally sold and distributed by the Brazilianhacker group, The Rainmaker,^[3][4] but has since circulated on thedark web. Like many forms of ransomware, the malware encrypts computer files and gradually deletes them, demanding abitcoin ransom to decrypt the files and halt the deletion process.

Philadelphia was introduced in September 2016, when it was sold as-a-service by The Rainmaker.^[2] Promotion began shortly after its release, using spam campaigns viaonline forums to encourage sales.^[3] According to theNational Health Service, following the release, the author has sold 38 copies of the malware, each for $389 USD.^[5] It was intended to cause harm and generate income through malicious email attachments, compromised websites, macros, Trojanized downloads, and other illegal methods. It activates when users download the software, which encrypts all local user files.^[5] A companionwebsite known as "Philadelphia Headquarters" allows attackers to offer a "mercy" option through the program. If chosen, it decrypts their files for free.^[6][7] The malware features many similarities toStampado, another type ofransomware.

Attackers often target thehealthcare industry, purposely sendingspear-phishing emails to hospitals.^[8] Roland Dela Paz, a cybersecurity professional, stated that the ransomware affected a hospital inSouthwest Washington and one inOregon.^[9]

JournalistBrian Krebs, on his website,Krebs on Security, described an advertisement for the malware as "fairly chilling."^[10] Additionally, noting that the ransomware’s "mercy" feature revolved around pleas from victims who risked losing irreplaceable personal data.Sophos stated that "kits available on the Dark Web allow the least technically savvy among us to do evil." CallingPhiladelphia one of the "slickest, most chilling examples."

• Ransomware
• 2016 software

• Articles with short description
• Short description with empty Wikidata description