A NEW TYPE of ransomware that is offered for rent on an 'as-a-service' basis with an automatic 20 per cent cut for its creators may soon land on PCs worldwide.
The malware was discovered by security firm Symantec, which has given it the cuddly name of Shark.
Shark is distributed via a professional-looking website, and its authors claim that the ransomware is customisable, uses a fast encryption algorithm, supports multiple languages and is currently undetectable by all antivirus software.
Symantec begs to differ on this last point, and signatures will no doubt be downloaded to other antivirus software makers' client PCs within days.
"Options for customisation include choosing which file formats the ransomware should encrypt, and setting the ransom amount demanded of the victim. The attacker also enters an email address which is used to notify them when a payload they created has infected a system," said Symantec in a blog post.
"The developers say payment is fully automated and they will take a 20 per cent cut from any ransoms paid. Payment is centralised, meaning any ransom payment is made directly to the developers, who then promise to pass on the attackers' 80 per cent cut."
Symantec has categorised the payload as Trojan.Ransomcrypt.BG. Systems currently affected include Windows 95 to Windows 8, but not Windows 10. The latest Symantec antivirus packages include signatures to detect it before it can be activated.
The ransomware encrypts a wide range of files, including PDFs, images and Microsoft and LibreOffice documents, appending '.locked' to the file names. The ransomware demands bitcoins in payment to unlock the files.
Sian John, EMEA chief strategist at Symantec, explained that the new service reflects the rapid professionalisation of ransomware, which has become one of the quickest and easiest ways to part fools from their money.
"Our research shows that advanced cyber crime groups now mirror legitimate organisations in the way they operate, with networks of partners, associates, resellers and vendors," he said.
"Some groups even deploy call centre operations to ensure maximum impact on their scamming efforts, and in some instances employees of the call centre are oblivious to the fact they are working for criminal groups, executing low-level campaigns like tech support scams."
You have been warned. µ
Who said the week after I/O was boring?
But only inside the house
JerryRigEverything puts the OnePlus 6 through its paces
McAfee claims campaign is the work of 'Sun Team', rather than Lazarus