Endpoint Protection

 View Only

Shark: New Ransomware-as-a-Service threat takes bite of proceeds 

Aug 15, 2016 02:03 PM

A new type of ransomware known as Shark (Trojan.Ransomcrypt.BG) is being distributed on the cyberunderground. The malware’s authors use the “Ransomware-as-a-Service” (RaaS) business model, freely distributing the ransomware builder to aspiring attackers, but requiring a 20 percent cut of any ransom payments it generates.

Shark is distributed through a professional looking website that features information about the ransomware and instructions on how to download and configure it. Its authors boast that it is fully customizable, uses a fast encryption algorithm, supports multiple languages, and is “undetectable” by antivirus software.

Shark 1.png
Figure 1. Shark ransomware builder

Customizable threat
Options for customization include choosing which file formats the ransomware should encrypt and setting the ransom amount demanded of the victim. The attacker also enters an email address which is used to notify them when a payload they created has infected a system.

The developers say payment is fully automated and they will take a 20 percent cut from any ransoms paid. Payment is centralized, meaning any ransom payment is made directly to the developers, who then promise to pass on the attackers’ 80 percent cut.

Shark 2.png
Figure 2. Shark ransomware note on compromised computer

Symantec and Norton products detect this threat as:

Further Reading
To learn more about the threat posed by ransomware, read our latest whitepaper: An ISTR Special Report: Ransomware and Businesses 2016​

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.