Shark ransomware-as-a-service chomps its way to a 20% commission

A new type of ransomware called Shark is being offered for rent on an ‘as-a-service' basis payable with a 20 percent cut of the payments it generates to its creators.

 

Symantec discovered the malware which is distributed on a professional looking website. Shark is reportedly customisable, uses a fast encryption algorithm, supports multiple languages and is currently undetectable by all antivirus software.

 

“Options for customisation include choosing which file formats the ransomware should encrypt, and setting the ransom amount demanded of the victim. The attacker also enters an email address which is used to notify them when a payload they created has infected a system,” said Symantec in a blog post.

 

The payload has been categorised as Trojan.Ransomcrypt.BG. Systems currently affected include Windows 95 to Windows 8, not Windows 10. Shark encrypts a wide range of files including PDFs, images and Microsoft and LibreOffice documents, appending ‘.locked' to the file names. To unlock the files, the ransomware demands bitcoins for payment.

 

According to The Register, the unknown criminals behind Shark are almost certainly inspired by Cerber, the world's largest ransomware-as-a-service scam.

 

“Our research shows that advanced cyber-crime groups now mirror legitimate organisations in the way they operate, with networks of partners, associates, resellers and vendors,” said Sian John, EMEA chief strategist at Symantec. “Some groups even deploy call centre operations to ensure maximum impact on their scamming efforts, and in some instances employees of the call centre are oblivious to the fact they are working for criminal groups, executing low-level campaigns like tech support scams.”