Petya, Mischa ransomware-as-a-service affiliate system goes live

The more people you scare into paying the ransom, the more money you make.

David bisson
David Bisson

Petya, Mischa ransomware affiliate system goes live

The developers of the Petya and Mischa ransomware have officially made their malicious software open to the public.

The “Ransomware as a Service” (RaaS) program launched on 25 July pays out distributors based upon how many Bitcoins they extort from their victims. If the distributor collects lower than 5 Bitcoins a week, they get to keep only 25 percent of the payments.

As they rake in more money, they get to keep a greater percentage. Those who scare users into paying a total of more than 125 Bitcoins a week get to keep 85 percent of their haul.

Sign up to our free newsletter.
Security news, advice, and tips.

Profit petya mischa

The developers of the RaaS program are also keen on attracting serious distributors only.

As security expert Lawrence Abrams explains in a blog post:

“Unlike other ransomware services, the Petya & Mischa RaaS requires potential affiliates to send in a small amount of bitcoins, which equates to ~$1.00 USD, in order to register. Though this is not a lot of money, the RaaS states it is being done to ‘discourage timewasters and kiddies’. They further state that this money will be refunded in the affiliates first revenue share payment.”

Petya first emerged on the crypto-malware scene back in March 2016. The ransomware requires administrative privileges to run so that it can replace the Master Boot Record and encrypt the Master File Table (MFT), which contains critical information about every file.

Petya website

A single dropper is capable of installing Petya or Mischa onto a victim’s computer. If administrative privileges can be obtained, Petya will load up. If not, Mischa will infect the victim instead.

Unlike Petya, Mischa is a run-of-the-mill crypto-malware that encrypts a user’s files on an individual basis. It demands 1.9 BTC (approximately US $1240), which is considerably more greedy than Petya’s ransom of 0.9 BTC (US $590).

Mischa ransomware

As of this writing, there is a decryption tool available for Petya ransomware but not for Mischa.

Users should therefore make an effort to protect themselves against a ransomware infection. That should involve keeping regular backups of their important data, installing a reputable security solution, and avoiding suspicious links and email attachments.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.