The developers behind the Petya and Mischa ransomware have recently made their program open to the public, after the cybercrooks leaked a rival program"s decryption keys onto the internet.
This "ransomware-as-a-service" program was launched by the developers last June 26th. As of now, the service allows anyone who is interested to be a part of spreading the Petya and Mischa ransomware to potential innocent victims on the internet, leading to possibly even greater infection rates in the future. This scheme is comparable to the Chimera ransomware, where aside from demanding a payment to decrypt files, it offers victims a chance to join their program.
According to Lawrence Abrams of Bleeping Computer, the program pays out distributors depending on how many bitcoins they have extorted from their victims. For example, if someone collects lower than 5 bitcoins in a week, they will get to keep only 25% of the earnings. Obtaining less than 25 in a week will reward the distributor with 50%, while less than 125 bitcoins will bring in a share of 75%. If in the case that they rake in 125 bitcoins or even more, they will be able to keep 85% of the profit.
Furthermore, the Petya and Mischa ransomware-as-a-service requires potential affiliates to send in what seems to be a registration fee, a small amount of bitcoins equating to ~$1.00. This, according to the program, is to "discourage timewasters and kiddies" from meddling with them. It comforts potential distributors by stating that the fee will be refunded to them when their first payment has been made.
With all of these in consideration, we advise everyone to take extra measures in staying safe on the internet by being wary of what you open and click on. Warning friends and family can go a long way too in the battle against ransomware.
Source: Bleeping Computer via Graham Cluley | Image via Bleeping Computer