It looks like a new ransomware group is now making the headlines for their scare tactics. According to reports, Avaddon ransomware operators have come up with a new technique to extort their victims. Avaddon operators have launched a website to leak the stolen data of victims who fail or refuse to pay a ransom demand.
Avaddon ransomware recruits affiliates
Of late, major ransomware operators including Maze have resorted to new blackmailing techniques that involve launching a data leak website. Well, the trend was probably set by Maze operators who started leaking the stolen data of their victims. But following Maze, many other ransomware operators have employed similar tactics.
Owned and managed by ransomware operators, ransomware groups these days operate data leak websites as extensions to their existing work. Such websites are primarily used to scare and blackmail victims into paying a ransom demand, and more often than not, companies end up paying a ransom demand given their reputation at stake.
So far, Avaddon has reportedly listed only one victim, which happens to be a construction company. Avaddon has leaked documents that collectively take up 3.5 MB of space. However, the story doesn’t end there.
Avaddon operators have gone a step further, recruiting affiliates to carry ransomware attacks on their behalf, CoinTelegraph reports. This way, Avaddon operators are now looking to explore a revenue-sharing model in an effort to continue making money, courtesy of Ransomware as a service (RaaS).
What is Ransomware as a Service (RaaS)?
As we have explained in the past, RaaS involves a malware development where operators remain hidden behind their affiliates. Simply put, operators outsource the ransomware attacks and still end up making money through their affiliates, further reducing the risk of getting exposed without affecting the substantial income.
In the RaaS model, ransomware operators focus their efforts more on malware development rather than finding new victims. Avaddon operators are reportedly recruiting third-party affiliates who may be exploring ways to generate income by launching their own ransomware campaigns using Avaddon-made malware.
Unfortunately, recruiting more affiliates also increases the chances of more widespread ransomware attacks.