Shark ransomware-as-a-service takes a 20 per cent commission

Ransomware gets the 'as-a-service' treatment

Symantec claims to have uncovered a new type of ransomware, called Shark, being distributed on an 'as-a-service' basis payable with a 20 per cent cut of the payments it generates.

Distributed via a professional looking website, its authors claim that it is customisable, uses a fast encryption algorithm, supports multiple languages, and is currently undetectable by all anti-virus software.

"Options for customisation include choosing which file formats the ransomware should encrypt and setting the ransom amount demanded of the victim. The attacker also enters an email address which is used to notify them when a payload they created has infected a system," claims Symantec.

It continues: "The developers say payment is fully automated and they will take a 20 per cent cut from any ransoms paid. Payment is centralised, meaning any ransom payment is made directly to the developers, who then promise to pass on the attackers' 80 per cent cut."

Symantec has categorised the payload as Trojan.Ransomcrypt.BG. Systems currently affected include every Windows operating system from Windows 95 to Windows 8 - but not Windows 10. The latest Symantec anti-virus packages will include signatures to detect it before it can be activated.

The ransomware will encrypt a wide range of files, including PDFs, image files and both Microsoft and Libre Office document files, appending ".locked" to the file names. The ransomware demands 0.3 bitcoins in payment to unlock the files.

In addition to keeping anti-virus software up-to-date, Symantec also recommends the following:

• Use a firewall to block all incoming connections from the internet to services that should not be publicly available;
• Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application;
• Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives;
• Turn off file sharing if not needed;
• Turn off and remove unnecessary services;
• Always keep patch levels up-to-date;
• Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats;
• Train employees not to open attachments unless they are expecting them;
• Turn off Bluetooth services if not required.