July 28, 2016 By Larry Loeb 2 min read

BleepingComputer reported that the developers of the Petya and Mischa ransomware packages have embraced a new business model: ransomware-as-a-service (RaaS).

Supposedly, this has been in a limited beta release for the last few months with “a limited amount of supposed high-volume distributors.” However, any cybercriminal can now apply to become an affiliate of the RaaS program.

For Cybercriminals, By Cybercriminals

In an advertisement reproduced by BleepingComputer, the developers boast of the ransomware’s high infection rate. The ad reads, “As professional cybercriminals, we know you can’t trust anyone. So we developed a payment system based on multisig addresses, where no one (including us) can rip you off.”

Further, the developers tout their easy methods of viewing the latest infections, setting the ransom price and recrypting the binary. This can all be done with a “clean and simple web interface.”

The payment scheme is based on bitcoin. If the weekly volume is less than 5 BTC, then a 25 percent cut goes to the associate. If the volume is less than 25 BTC per week, the cut grows to 50 percent. If it goes over 125 BTC per week, the associate’s cut balloons to 85 percent.

FUD and Crypting Included

In addition to the new combined Petya/Mischa offering, it is significant to note the FUD and evasion offering that the authors make explicit on the welcome page. Free crypting and FUD services are included for those enrolled.

This means that the ransomware authors are providing assurance that client binaries will go undetected. True cybercriminal customer support is part of this deal.

All “high-volume distributors” receive a unique stub. This step assures evasion because a malware-checking program will not know this stub and may miss it during scans.

RaaS Poses a Real Threat

“Petya is considered by malware experts to be above average in terms of sophistication, which makes it surprising to see it spring up so quickly as a pseudo-public ransomware-as-a-service (RaaS) offering,” Cylance noted. “From a code and execution perspective, it is far beyond previous offerings, including the likes of Tox, Ransom32 and especially the Goliath offering from ‘Hall of Ransom.'”

It is unusual to see this level of ransomware promoted and pumped like this. Malware authors usually syndicate only when the ransomware is at the end of its utility, trying to wring every last drop of profit.

But Petya is still a real threat, and this level of distribution can only mean increased attacks.

More from

Exploring the 2024 Worldwide Managed Detection and Response Vendor Assessment

3 min read - Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways. The current state of MDR According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing…

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today