Yesterday, I reported on how the installer for Petya was now installing a secondary standard file-encrypting ransomware called Mischa if it is unable gain Administrative privileges. As part of this new release, the malware developers are also offering this ransomware bundle as an affiliate service.  

This affiliate program is called Janus and is based off the criminal organization called the Janus Syndicate from the James Bond Goldeneye film. Furthermore, the twitter account associated with this RaaS is JANUS SECRETARYand has a profile picture containing a picture of Alan Cummings, who played the criminal hacker Boris Grishenko in the same film.

The Janus RaaS, or Ransomware as a Service, is a program where malware distributors can earn a revenue share by distributing the Petya ransomware installers.

Petya and Mischa Ransomware as a Service
Petya and Mischa Ransomware as a Service

The developers are promising high infection rates, a reasonable payment structure, undetectable malware executables, and easy administration. It also advertises their proposed revenue share based on the amount of bitcoin payment generated in a week.

Revenue Share
Volume/Week Share
<5 BTC 25%
<25 BTC 50%
<125 BTC 75%
>=125 BTC 85%

The RaaS site also contains a Frequently Asked Questions page, but this is the same page that is shown on the payment site to the victims. So nothing new here.

Frequently Asked Questions
Frequently Asked Questions

Last, but not least, is a registration and login page that potential affiliates can signup for the service or login to the administrative console.

Login Screen
Login Screen

At this time, the registration appears to be closed as they state they are currently testing the platform with "high volume distributors".

Related Articles:

The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More

New FilesLocker Ransomware Offered as a Ransomware as a Service

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

New Ransomware using DiskCryptor With Custom Ransom Message