{
	"id": "8e5ad2ae-12e7-42ed-926a-e49b48d7cdaf",
	"created_at": "2026-04-06T03:36:02.81403Z",
	"updated_at": "2026-04-10T03:21:11.966222Z",
	"deleted_at": null,
	"sha1_hash": "6c99a40ddb17d3643523523a6bde3d6f5cd7927f",
	"title": "Ransomware recruits affiliates with huge payouts, automated leaks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1899132,
	"plain_text": "Ransomware recruits affiliates with huge payouts, automated leaks\r\nBy Lawrence Abrams\r\nPublished: 2020-05-15 · Archived: 2026-04-06 03:31:23 UTC\r\nThe Netwalker ransomware operation is recruiting potential affiliates with the possibility of million-dollar payouts and an\r\nauto-publishing data leak blog to help drive successful ransom payments.\r\nStarted as Mailto and responsible for high profile attacks, the ransomware operators rebranded as Netwalker in March 2020\r\nwhen it began to recruit potential affiliates to distribute their ransomware.\r\nThese affiliates would be in charge of breaching networks and deploying the ransomware, and in return, would receive the\r\nlion's share of any ransom payments they bring in.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nPromises of riches\r\nIn a series of posts to a Russian hacker forum shared with BleepingComputer by cyber intelligence firm Advanced\r\nIntelligence, the public-facing operator of the Netwalker ransomware has been interviewing affiliates for their program since\r\nMarch.\r\nIn a new post created over the weekend, Netwalker outlines all the improvements made to their operation, which\r\ninclude some very revealing data about ransom payments and new ways that they are extorting their victims.\r\nRecruitment post\r\nAttached to the post are four images showing some of the large ransom payments they have received from victims who paid.\r\nThese ransom payments range from $696,000 up to $1.5 million.\r\nAs affiliates typically earn 70% of a ransom, if not more, they would receive between $487,000 to over a $1 million from a\r\nsingle ransom payment.\r\nNetwalker ransom payments\r\nAuto-publishing data leak site adds further leverage\r\nIn addition to the million-dollar payouts, Netwalker is promoting an auto-publishing data leak site that allows an affiliate to\r\nupload links to stolen data and then set a date when it should be publicly released.\r\nA tactic that has become common this year is for ransomware operators to steal unencrypted data from networks before\r\nperforming the encryption.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/\r\nPage 3 of 5\n\nThey then tell the victims that they will publicly release their files on data leak sites if a ransom is not paid.\r\nNetwalker has gone one step further and created a leak site that allows their affiliates to create posts containing a victim's\r\nname, their description, links to their data, a password to open the data file, and the date and time that the data should be\r\nposted.\r\nThe site will then show a countdown for a particular victim's data reveal to provoke anxiety within their victims in the hopes\r\nit will coerce them into making a ransom payment.\r\nStolen data leak blog\r\nWhen the countdown reaches zero, the leak will automatically publish with a link and password for the stolen data. This data\r\nis usually hosted at the MEGA file-sharing site.\r\nLink to leaked data\r\nWith ransomware operations generating such tremendous amounts of revenue, they are becoming more organized and\r\nselective as they try to recruit only the best talent.\r\nUnfortunately, this also means that ransomware, and the data breaches they cause, are not going away any time soon.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ransomware-recruits-affiliates-with-huge-payouts-automated-leaks/"
	],
	"report_names": [
		"ransomware-recruits-affiliates-with-huge-payouts-automated-leaks"
	],
	"threat_actors": [],
	"ts_created_at": 1775446562,
	"ts_updated_at": 1775791271,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6c99a40ddb17d3643523523a6bde3d6f5cd7927f.pdf",
		"text": "https://archive.orkl.eu/6c99a40ddb17d3643523523a6bde3d6f5cd7927f.txt",
		"img": "https://archive.orkl.eu/6c99a40ddb17d3643523523a6bde3d6f5cd7927f.jpg"
	}
}