Symantec has uncovered a new type of ransomware being distributed on the cyberundergound, known as Shark.
According to the company’s official blog, the malware’s authors use a Ransomware-as-a-Service business model, freely distributing the ransomware builder to aspiring attackers, but requiring a 20% cut of any ransom payments it generates.
Shark is distributed through a professional looking website that features information about the ransomware and instructions on how to download and configure it. Its authors boast that it is fully customisable, uses a fast encryption algorithm, supports multiple languages, and is “undetectable” by antivirus software.
According to Symantec, options for customisation include choosing which file formats the ransomware should encrypt and setting the ransom amount demanded of the victim. The attacker also enters an email address which is used to notify them when a payload they created has infected a system.
The developers say payment is fully automated and they will take a 2% cut from any ransoms paid. Payment is centralised, meaning any ransom payment is made directly to the developers, who then promise to pass on the attackers’ 80% cut.
Symantec says it does have products that can detect this threat.