Credit: Bet_Noire / iStock The fast-growing Cerber ransomware earned nearly $200,000 in July despite a payment rate of just 0.3 percent as a result of its affiliate distribution model, according to a new report by Check Point and IntSights Cyber Intelligence . That puts it on track to make $2.3 million this year, said Maya Horowitz, group manager of threat intelligence at Israel-based Check Point Software Technologies Ltd. . [ Make threat intelligence meaningful: A 4-point plan . | Discover how to secure your systems with InfoWorld’s Security newsletter . ] In the affiliate model, non-technical customers can run their own campaigns using the platform and get to keep 60 percent of the profits. Affiliates get access to easy-to-use management tools, Cerber’s Bitcoin laundering system, as well as the ransomware itself. Each day, eight new Cerber ransomware campaigns are launched, she said, with over 150 affiliates at current count. By comparison, she said, the other major brand of ransomware common today is Locky. "With Locky, there is just one team of threat actors," she said. "They don’t share their malware with anyone else so all the income goes to them. With Cerber, it acts like a business that has branches all over." In addition to their 60 percent cut, there is also a 5 percent referral bonus for affiliates who recruit new members. "My assumption is that this means that there will be more and more such services, more and more attacks, even more than today," she said. Check Point gathered this data by identifying the IP addresses that infected computers used to communicate with their command-and-control centers. "It’s pretty easy to intercept this traffic," Horowitz said. "Then you can really get the details of who the targets are and which campaigns are currently running." For example, Check Point […]
