HQ/EMEAFind out how we can help your business
The recently discovered Nevada ransomware has revealed further details regarding its entire operation. Its ransomware authors reportedly have an affiliate program deployed on the RAMP community, a notorious host for cybercriminal groups and IABs.
The Nevada ransomware offers appealing terms and conditions for its employer with an initial commission rate of 85% that would go up to 90% when it could result in further success. The threat actors that use ransomware could execute their attacks even after the initial point of compromise by running post-exploitation activities to inflict more damage.
The Nevada ransomware for Windows and Linux versions is constantly being upgraded by its operators.
Earlier this month, the Nevada ransomware authors upgraded the functionality of the ransomware and disseminated the new version to its affiliates that targets Windows and Linux.
These threat actors develop the ransomware and acquire unauthorised access to a targeted system for additional actions. Hence, some researchers claim that this threat group specialises in post-exploitation attacks that elevate the initial point of compromise into a complete network breach.
With the Nevada ransomware targeting Windows, the actors encrypt targeted files by stripes, which they could use as an advantage that complements speed with Sales20. Furthermore, the locker could run through a console with pre-defined flags, including encrypting selected files and directories, removing shadow copies, loading obfuscated drives, self-mode encryption, and finding and encrypting networks.
The researchers were able to obtain access to a Nevada ransomware affiliate panel stored on TOR and have received the Windows and Linux samples of the malware to uncover a set of implantation flaws that renders the encryption algorithm decryptable.
As of now, the Nevada ransomware operation is a booming Ransomware-as-a-Service with a well-established affiliate network. The ransomware operators are looking to expand their services this year, which is why they are looking for new partners.
Their plan could see quick results soon since it has attractive partnership conditions and a strong presence on numerous underground forums.
Lastly, the ransomware operators’ offered capabilities could attract more customers, which could also contribute to its improvement soon.
