Security Awareness Training Blog

    New Ransomware Gang Pays Affiliates Up To 70% Of The Loot

    Ransomware-as-a-Service_business_modelA growing Ransomware-as-a-Service model uses affiliate attackers with proven track records to spread the malware, offering a percentage of the ransom.

    The business of ransomware and other types of malware has many types of players. Some organizations are focused on the entire ransomware attack – from build to phish to infection, with others only wanting to build, some just wanting to provide phishing services, and still others only interested in executing the actual attack.

    In today’s world of cyberattack, there’s something for everyone.

    One of the distribution models for ransomware that is gaining popularity is the use of an affiliate network of attackers. The creators of the latest iteration of this model, FilesLocker, are looking for affiliate organizations and individuals with proven track records of distributing ransomware via phishing, social engineering, or other methods, specifying that affiliates must meet an infection minimum of 10 per day. Affiliates can expect anywhere from 60-75% of the ransoms generated through their actions.

    Opportunities like this are sought after by attackers who have the art of phishing down to a science. With an ability to email millions of recipients, along with an understanding of how to craft an email message that will get the recipient to click a link, these kinds of attackers love that someone else is responsible for the ransomware part of the attack.

    This kind of attack means more potentially malicious emails coming into your organization. The bad news is attackers are sufficiently motivated to want to infect as many of your users as possible, to rake in the greatest amount of money possible. The good news is it still takes a user to turn this ransomware “dream” into a reality – without the user clicking on the attachment or malicious link, the attack is dead.

    Organizations should look to Security Awareness Training to teach users what phishing emails look like, the tactics they take, and how to have a generally heightened sense of security when it comes to interacting with email and the web. By enrolling users continually through Security Awareness Training, organizations reduce the risk of falling victim to phishing scams and social engineering tactics on the web, improving organizations security.

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews