Anyone Can Become a Distributor of Saturn Ransomware

The developers of the Saturn ransomware are allowing anyone to freely distribute their malicious software, in exchange for a share of the ransom payments collected from victims. This was reported by Bleeping Computer.

The malware is distributed through a Ransomware-as-a-Service (RaaS) program. To access Saturn, users must register on a website hosted on the dark web. After registration, they receive a copy of the program and can begin distributing it.

Most RaaS portals require users to pay an upfront fee before granting access to the malware’s source code. However, the creators of Saturn have adopted a completely new approach to this business model by offering fully ready-to-use software without any advance payment.

Users who gain access to Saturn’s code need to embed it into other files, such as EXE, Office documents, PDFs, and more. Distribution is typically carried out via spam or malicious advertising messages.

Victims are instructed to pay a ransom through the Saturn developers’ payment portal, located at su34pwhpcafeiztt.onion, in order to decrypt their files. The portal provides the address of the creators’ Bitcoin wallet.

If the file that infected the victim was created through the RaaS portal, the user who generated and distributed it receives 70% of the ransom amount, while the remaining 30% goes to the Saturn developers.

According to Bleeping Computer, registration on the Saturn developers’ website is still open.