What is even more disconcerting is how the Petya and Mischa ransomware developers have formed a “coalition”. Under the name Cybercrime Solutions, they want to raise more awareness about their products. Not to inform potential victims, but just to boost their sale numbers. As there are plenty of other types of ransomware available, staying one step ahead of the competition is critical.
As a result of this unholy collaboration, Petya and Mischa ransomware can be bundled into one package. Once this payload is distributed and successfully infects a machine, a higher ransom price will be charged. For affiliates spreading this malware, that also means a larger paycheck.
But there is more to it, as the marketing strategy by Cybercrime Solutions provides some interesting details. With the new logo used for Petya and Mischa, it seems likely Russian internet criminals are responsible for creating this malware. There is a hammer and sickle logo present once computers are infected. Although this is no conclusive evidence, hardly anyone would be surprised to find out Russian hackers are behind this digital plague.
For the affiliates who manage to distribute Petya and Mischa successfully, there is a potential 80% commission on the horizon. Since affiliates can set their own ransom demands, they will always earn 80% of the amount paid in Bitcoin by the victim. If that price would be 200 Bitcoin, they will pocket 160 Bitcoin, or US$97,660 at current prices.
Last but not least, it appears a lot of ransomware is being distributed by company employees themselves. The allure of as big payday can make people do strange things, particularly when working for a company they might not even like. A very worrisome turn of events, and it looks like this only the beginning of the ransomware threat.