The ransomware machine keeps moving forward, despite significant opposition. In particular, the ransomware tag-team duo of Petya and Mischa have steamrolled most attempts to block them from accessing critical systems, always finding ways to outsmart security professionals. Now, these ransomwares have adopted a Ransomware as a Service model, which has made significant changes to the way that this ransomware is distributed.Basically, anyone can take advantage of the Petya/Mischa combo, as long as they pay a simple entry fee to the developers. You can think of it like an affiliates program, where they’re paid a portion of what the ransomware earns. Users are responsible for the spread of the ransomware in order to make a profit.
For bounties less than 5 Bitcoin a week, the affiliate receives a commission of 25 percent. However, large bounties (defined as above 125 Bitcoin), are worth much more–85 percent. Hackers seem to be more concerned with spreading their ransomware than actually making any money, which is a concerning development in and of itself. So far, the ransomware developers have distributed their 125-Bitcoin affiliates a significant $69,880.63, simply for sharing the ransomware with victims who may not have been reachable before.
One other incentive for cybercriminals to adopt the Ransomware as a Service model is that the author of the Petya/Mischa double-threat has released the keys to Chimera, a rival ransomware, online. This allows antivirus developers to focus their efforts on eliminating the older threat, and forces potential criminals to consider newer threats like Petya and Mischa as a more viable option. In other words, Petya and Mischa have been mercilessly eliminating their competition–a Russian specialty.
Thus, the developers of Petya and Mischa have put together perhaps the most devastating storm of ransomware to be seen in recent times. Allowing for the spread of malware through ruthless individuals who want to make a quick buck, the developers have crafted a simple, yet devious method of spreading their malware. This model allows the users and developers to bring in a significant profit, even if it’s throwing a hefty portion at their affiliates.
Now that this gruesome twosome is available as a service, and including the fact that Petya is no longer vulnerable due to weak encryption, it’s more important than ever to ensure that you keep your system and its users safe and aware of all types of threats. The threat of ransomware could come through more than just a misleading email. Just clicking on the wrong link could initiate an unexpected download of a virus or malware, so it’s important to spread best practices around the office. By taking this proactive approach to network security, you can do no wrong.
To ensure that your business doesn’t fall victim to ransomware and other online threats, reach out to ActiveCo Technology Management at 604.931.3633.