Tuesday, July 9, 2019

Malware and Ransomware Now Being Spread by "Affiliate Programs"


As if the entire problem with data theft and Ransomware isn’t bad enough, now comes word that the creators of these programs are working to create networks of individuals who can help spread the codes and to help infect more unwary users and businesses.. for profit.

The information comes from one of my favorite places to read and learn about cyber security, Krebs On Security.  Brian Krebs is a journalist and a relentless researcher of anything having to do with computer security.  He is at the forefront of reporting in this space and even has the respect of the hackers he researches and tries to warn the world about. 

Recently I was reading a story that Brian had posted about the GandCrab Ransomware.  He has discovered that the individuals who created the program began to distribute it as “ransomware as service”.  In a nutshell this means the hackers delivered the code to others who then designed SPAM operations to generate installs of GandCrab.  For doing this, the spammers received a commission on every ransom that was paid.  This allowed the program’s designers to concentrate on creating better and more toxic versions of the malware while leaving the expansion and spamming to other parties.

Utilizing this method allowed GandCrab to proliferate at an amazing rate.  So much so that “In one year, people who worked with us have earned over US $2 billion,” says a statement by the Internet voice of the Gandcrab creators.  This quote was part of a much larger statement by the GandCrab creators who spoke out to announce their retirement from the ransomware industry.

Another part of the statement reads:

“We ourselves have earned over US $150 million in one year. This money has been successfully cashed out and invested in various legal projects, both online and offline ones. It has been a pleasure to work with you. But, like we said, all things come to an end. We are getting a well-deserved retirement. We are a living proof that you can do evil and get off scot-free. We have proved that one can make a lifetime of money in one year. We have proved that you can become number one by general admission, not in your own conceit.”

The frightening part of this to me is that successful business practices are quickly copied and implemented by competitors.  Rest assured that other creators of malware are reading this and adjusting accordingly.  The fight against “malware as service” is going to get a lot more difficult.

No comments:

Post a Comment