There is a lot more to ransomware than meets the eye. Most people only think of this malware as a way to encrypt computer hard drives and files. But to spread ransomware, a dedicated marketing strategy is needed. New research shows how Petya’s and Mischa’s creators are using “advanced techniques” to make their products appealing to a large audience.
Ransomware Distribution Is All About Marketing
Similarly to how most product advertising works, ransomware has become an affiliate marketing scheme. Anyone who distributes the malware successfully will receive a portion of the money earned from a successful payment. The developers pocket a small fee for their coding efforts, but this marketing plan allows anyone in the world to inflict harm on others without technical expertise.
What is even more disconcerting is how the Petya and Mischa ransomware developers have formed a “coalition”. Under the name Cybercrime Solutions, they want to raise more awareness about their products. Not to inform potential victims, but just to boost their sale numbers. As there are plenty of other types of ransomware available, staying one step ahead of the competition is critical.
As a result of this unholy collaboration, Petya and Mischa ransomware can be bundled into one package. Once this payload is distributed and successfully infects a machine, a higher ransom price will be charged. For affiliates spreading this malware, that also means a larger paycheck.
But there is more to it, as the marketing strategy by Cybercrime Solutions provides some interesting details. With the new logo used for Petya and Mischa, it seems likely Russian internet criminals are responsible for creating this malware. There is a hammer and sickle logo present once computers are infected. Although this is no conclusive evidence, hardly anyone would be surprised to find out Russian hackers are behind this digital plague.
For the affiliates who manage to distribute Petya and Mischa successfully, there is a potential 80% commission on the horizon. Since affiliates can set their own ransom demands, they will always earn 80% of the amount paid in Bitcoin by the victim. If that price would be 200 Bitcoin, they will pocket 160 Bitcoin, or US$97,660 at current prices.
Last but not least, it appears a lot of ransomware is being distributed by company employees themselves. The allure of as big payday can make people do strange things, particularly when working for a company they might not even like. A very worrisome turn of events, and it looks like this only the beginning of the ransomware threat.
Header image courtesy of Shutterstock