Yesterday, I reported on how the installer for Petya was now installing a secondary standard file-encrypting ransomware called Mischa if it is unable gain Administrative privileges. As part of this new release, the malware developers are also offering this ransomware bundle as an affiliate service.
This affiliate program is called Janus and is based off the criminal organization called the Janus Syndicate from the James Bond Goldeneye film. Furthermore, the twitter account associated with this RaaS is JANUS SECRETARYand has a profile picture containing a picture of Alan Cummings, who played the criminal hacker Boris Grishenko in the same film.
The Janus RaaS, or Ransomware as a Service, is a program where malware distributors can earn a revenue share by distributing the Petya ransomware installers.
The developers are promising high infection rates, a reasonable payment structure, undetectable malware executables, and easy administration. It also advertises their proposed revenue share based on the amount of bitcoin payment generated in a week.
The RaaS site also contains a Frequently Asked Questions page, but this is the same page that is shown on the payment site to the victims. So nothing new here.
Last, but not least, is a registration and login page that potential affiliates can signup for the service or login to the administrative console.
At this time, the registration appears to be closed as they state they are currently testing the platform with "high volume distributors".