The notorious Shark Ransomware Project has recently changed both its domain and name and it is now called Atom – a ransomware affiliate program.
The main purpose of this rebrand is the ransomware to start from the bottom as it was repeatedly given bad reviews which, or course, led to reputation harm. Many articles gave it a bad reputation, including VirusGuides.com, which called its advertisement “questionable distribution scheme”.
When it first appeared on the malware stage, Shark differed from other Ransomware-as-a-Service (RaaS) offering as it didn’t rely on Tor to host its website, like the majority of its competitors usually do. Instead, the website was hosted on the public Internet.
Shark was offering crooks wannabes a ransomware builder, which gave them the opportunity to develop their own Shark Ransomware version, based on their preferences. Then, they could choose between exploit kits (EK) or spam campaigns for a distribution method.
The victims who paid the ransom demanded are required to send the money do the Bitcoin wallet of the Shark`s developer. Then, the creator would keep 20% of the profits and the other 80% he would send to the affiliate, who infected this particular victim (allegedly).
Now, when a user loads the Shark`s webpage, they would be redirected to a new website, offering the Atom ransomware affiliate program.
Atom pretty much operates the same way Shark did, also offering a payload builder and also using the 20%-80% money tactic. However, there is one big change in Atom, which now uses a nice graphical user interface to build the ransomware instead of the terminal-based builder Shark used. With this previous builder, users had to pass customization settings via command-line options.
Atom`s improved builder generates the final EXE file that crooks need to deliver to victims and the final payload but it also prints out a ransomware campaign ID. Affiliates, who are using it, could check details about how many victims have been attacked and the profits gained from them by entering this ID on the Atom`s website.
Even though Shark rebranded, the new Atom project is considered scammy-looking as well. The main reason for this is that victims are still asked to make the ransom payment to the Atom`s author Bitcoin wallet and there is no guarantee he would give this 80% to his affiliates as promised. The crooks could always change his mind and close down the whole operation keeping all the profits.