This Ransomware Comes With Its Own Affiliate Program

Published at: Aug. 13, 2020

Avaddon, a new ransomware-as-a-service, or RaaS, protocol, is the latest to jump on the crypto extortion bandwagon. Similar to ransomware from groups like Maze and REvil, the Avaddon project offers revenue-sharing for users who successfully deploy the software on unsuspecting victims.

According to research by the cyber intelligence firm, DomainTools, RaaS development allows hackers to focus their efforts on malware development, rather than finding new places to deploy their attacks. Developers instead rely on third-party individuals who are looking to generate income by launching their own ransomware campaigns.

Speaking with Cointelegraph, Tarik Saleh, senior security engineer and malware researcher at DomainTools, commented on the affiliate scheme used within the ransomware:

“Malware authors are looking to make profits with as low of a risk as possible and the RaaS / affiliate model does just that. Cybercriminals follow tactics and techniques of other successful threat actors, so we can expect the rise of RaaS and affiliate model programs to continue.”

Saleh explains that as of today, there are no publicly available decryptors for Avaddon, aside from the ones provided to victims once the malware’s ransom is paid.

While Bitcoin is the preferred method of payment for this particular ransomware, Saleh has witnessed a change in that trend in recent months. Citing the recent Twitter hack, he noted that, “We are seeing a shift towards Monero, however, as Bitcoin doesn't offer the [same] privacy protections and anonymity.”

Saleh believes that the ransomware’s developers are Russian due to the fact that they only sell to Russian language speaking customers on Russian marketplaces.

Russia's government has “largely turned a blind eye towards taking down cybercriminals that don't involve Russian assets.” This unspoken arrangement seemingly allows Russian ransomware authors to operate with a very low risk of punishment, Saleh added.

Tags
Related Posts
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
Ransomware Targets Outdated Microsoft Excel Macros to Deploy Attacks
Microsoft Security Intelligence alerted users to a type of ransomware, called Avaddon, that uses Excel 4.0 macros to distribute malicious emails. These emails contain attachments which deploy an attack when opened in any version of Excel. Avaddon ransomware emerged in early June through a massive spam campaign that randomly targeted its victims. Some patterns seem to indicate that the ransomware mostly targets Italian users. Impersonating Italian officials As BleepingComputer reports, the attackers behind the ransomware are recruiting “affiliates” to spread the payload. According to their analysis, Avaddon’s average ransom amount is around $900, paid in crypto. The attack commonly impersonates …
Technology / July 3, 2020
Ransomware Threatens Production of 300 Ventilators Per Day
The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm. Boyce Technologies is well-known for its work in designing and manufacturing FDA-approved low-cost ventilators in just 30 days during the …
Blockchain / Aug. 7, 2020
University of York Confirms Recent Data Breach Was Caused by Ransomware
The University of York has confirmed that a ransomware attack from an unnamed gang took place in May. Vulnerabilities from their third-party service provider led to the data breach. According to an announcement via the University’s website, Blackbaud, one of the world’s largest customer relationship management systems for sectors such as the education, confirmed that the cybercriminals managed to extract copies of staff, alumni, and student records. The university clarified that no sensitive information, such as banking details or login credentials, were stolen by the gang. Overall, the hackers captured basic info like names, date birth dates, addresses, contact details, …
Blockchain / July 22, 2020
Aviation Database Struck By Unknown Ransomware Gang
Smartwatch maker and data-syncing service provider, Garmin, was the subject of a ransomware attack that took down several of its services on July 23, which managed to encrypt its internal network. According to a series of tweets published by the company, the Garmin Connect website and mobile app were affected by the hackers, plus the call centers and every customer support resources like replying emails, online chats, and handling calls. However, the nature of the attack was unveiled by ZDNet, who also stated that the cybercriminals also targeted flyGarmin, the company’s service that supports its line of aviation navigational equipment. …
Technology / July 25, 2020