When an encryption Trojan has struck successfully, criminals demand high ransom demands. In order for this to work reliably, the developers of such pests are always thinking about new methods to build up even more pressure. The makers of REvil are now threatening DDoS attacks and calls to customers and partners, from whom data is on Trojanized computers.
Obviously, just encrypting data has not been enough for victims to pay ransom for a long time. It is now part of the standard repertoire for attackers to copy data and publish it. This leverage seems to work again and again and companies pay horrendous sums of money.
DDoS attacks and phone calls
As reported by a security researcher on Twitter, the REvil developers have now expanded their service for premium customers. You are running an affiliate program with the malware. Among other things, they provide the malicious code and an infrastructure to distribute the Trojan. If victims pay ransom, around 30 percent of this goes to the developers. The affiliates get the rest.
Recently, premium customers can also book DDoS attacks and blackmail calls for free. If a company is confronted with a DDoS attack paralyzing its server or the blackmailer informing customers of the company about leaked data, this could strengthen the willingness to pay.
REvil is ransomware tailored for Windows PCs that is currently infecting computers on a large scale. The backers claim to have made 100 million US dollars in one year with their pest. This year they want to extort US $ 2 billion with their criminal activities.