Mischa and Petya power-up: joint ransomware-as-a-service is now online

Now all hacker-wannabes may access a certain website to join Petya and Mischa ransomware developers to continue their misdeeds. A new affiliate system has been launched which allows anyone to distribute the mentioned viruses and make a profit of such activity. As a usual RaaS, i.e., ransomware-as-a-service, it encourages users to earn as much income as possible to receive the biggest share. It has not been the only case with ransomware viruses. In the past, Tox and Encryptor RaaS viruses were also granted such privilege. Thus, is this the time users should start worrying?

Speaking of Petya ransomware, it was one of the few file-encrypting viruses, which caused a great deal of trouble for virus researchers. Besides operating as ordinary ransomware, it is capable of locking the entire computer. What is more, it manages to affect hard drives. The original version was launched already several months ago. Some IT researchers expected it to tide down. However, the malware received a back-up from another ransomware.

For Petya to complete its malicious mission, it required restarting the system. Therefore, IT experts have quickly exploited this flaw and found a way to prevent the ransomware from misbehaving. After a while of peace and rest, the hackers launched Petya again with a small “update” – Mischa ransomware. If the predecessor did not succeed in finishing encrypting the files, Mischa malware would step in and finish the job. Petya is known to employ an improved Salsa20 algorithm. What is more, the virus may damage computer’s boot blocks.

It seems that the cyber criminals decided not to leave open weak spots for the “good guys” and decided to call the virtual community to cooperate. Regarding the table of profit distribution, the scheme seems highly attractive. The more bitcoins you earn, the more money you receive from the creators of these ransomware threats. In addition, they offer users to obtain their crypters to start a hacker’s career easier.

After this online campaign, some of you might start questioning the safety of your files and the computer in general. Certainly, this recent activity suggests becoming more vigilant. Previously, Petya has been spotted dispersing through fake job application forms via spam emails. Thus, do not open fishy emails before double-checking its sender. The upgraded security applications also are a huge help confronting data-encrypting viruses.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions