The hacker's guide to boosting your ransomware's brand

Even ransomware needs good marketing to make it on the dark web.

Even ransomware needs good marketing to make it on the dark web

To beat out the competition, vendors need to develop a good marketing strategy that showcases why customers should purchase their products.

That's true for most commercial goods... including ransomware.

Stefanie Smith of Avast found that the Petya/Mischa ransomware-as-a-service (RaaS) platform is especially committed to best marketing practices.

As she explains in a blog post:

"The group behind Petya and Mischa call themselves Janus Cybercrime Solutions™, and they seem to be fans of the James Bond film Goldeneye. Like many other cybergangs on the darknet, Janus is in the business to make money. With proper marketing, companies raise awareness of their products to make sure that their business is fruitful and thriving. Since the malware business continues to become increasingly sophisticated, malware creators must also continue to keep up with the best marketing techniques."

For example, with Petya/Mischa, Janus decided to first use an image of a red skull and crossbones that blinks every few seconds.

Red skull 01

Janus's criminal staff has since done some rebranding by going with a green and black color palette, a combination which fits some of the group's new logos:

001 peyta mischa janus logos

But as many people in the world of marketing know, a good brand and some fancy logos aren't all it takes to get a product out there. You also need to actively market what you're offering.

Which helps to explain why Janus Cybercrime Solutions created an affiliate program by which low-level criminals can help distribute the ransomware and get paid for their efforts.

Such is the way of crimeware-as-a-service. As noted by Michal Salat, Avast's Director of Threat Intelligence::

"Cybercrime is now similar to drug dealing in real life. You don’t need to be a chemist to deal drugs; you can become a dealer by joining a gang. Hackers used to code their own malware, but now you don’t need to know how to code malware to distribute it. You can just buy it from the darknet and deal it."

Affiliates get as much as 85 percent of what they take in from ransom payments, while Janus gets to keep at least 15 percent so that its members can help keep the whole operation running.

027 service

To attract new affiliates, Janus operates several social media accounts. That type of public exposure is great for business...and for commenting on the efforts of security researchers who wish to break their products.

029 janus twitter

Mischa and Petya benefit from good marketing practices because ransomware more generally has become both sophisticated and lucrative.

Even so, that's no reason for ANYONE to start peddling malware or trying to infect others with it.

With that in mind, if you see someone online attempting to sell or distribute malware to others, report them to the appropriate sysadmins. You'll save a lot of people a lot of headaches.

In the meantime, make sure you protect yourself against malware and ransomware by avoiding suspicious URLs and email attachments, backing up your data regularly, and keeping your operating system and patches up-to-date.

Further reading: The dying art of computer viruses.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

No comments yet.

Leave a Reply