Last week, MalwareHunterTeam spotted a new ransomware named Saturn. As per a detailed report from Bleeping Computer, Saturn ransomware is being actively distributed at the moment, but the methods used for its distribution are unknown. Also, this ransomware is not decryptable at the moment.
After infecting the machine, Saturn ransomware executes commands to disable Windows repair and clear Windows backup catalog. It encrypts the files and adds Saturn to their name. The ransomware also leaves a ransom note in each folder, which contains a link to the payment site. The ransom amount is set to $300 at the moment, which doubles after seven days.
That was a brief introduction of Saturn ransomware. But that’s not the end of the story. The creators of Saturn are offering the ransomware for free via a Ransomware-as-a-Service (RaaS) affiliate program.
The members of the affiliate program need to generate an infection file and distribute it to other users via email or other kinds of campaigns. The infected users end up paying the ransom in form for Bitcoin to the malware creators. The affiliate member of the program gets 70% of the payment and creators get 30%.
This zero buying cost and payment division model could attract lots of notorious players who could try to get their hands on Saturn.
Submitted by: Arnfried Walbrecht