Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Crime The Almighty Buck

Ransomware Creator Apologizes For "Sleeper" Attack, Releases Decryption Keys 45

colinneagle writes: Last week, a new strain of ransomware called Locker was activated after having been sitting silently on infected PCs. Security firm KnowBe4 called Locker a "sleeper" campaign that, when the malware's creator "woke it up," encrypted the infected devices' files and charged roughly $24 in exchange for the decryption keys. This week, an internet user claiming to be the creator of Locker publicly apologized for the campaign and appears to have released the decryption keys for all the devices that fell victim to it, KnowBe4 reported in an alert issued today. Locker's creator released this message in a PasteBin post, along with a link to a file hosted on Mega.co containing the decryption keys. The malware creator also said that an automatic decryption process for all devices that were affected by Locker will begin June 2nd.

However, the post did not mention anything about providing a refund to victims who paid the 0.1 bitcoin (equal to $22.88 at the time this was posted and about $24 last week) required for the decryption keys since last week. KnowBe4 CEO Stu Sjouwerman says the files released do not appear to be malicious after brief analysis, and that "it does contain a large quantity of RSA keys and Bitcoin addresses." But he warned those interested to only open these files "at your own risk until further analyses are performed." Sjouwerman speculated that the malware creator may have been spooked by attention from law enforcement or Eastern European organized crime syndicates that are behind most ransomware campaigns.
This discussion has been archived. No new comments can be posted.

Ransomware Creator Apologizes For "Sleeper" Attack, Releases Decryption Keys

Comments Filter:
  • by Anonymous Coward on Monday June 01, 2015 @03:57PM (#49817853)

    That's better service then a lot of companies I intentionally do business with.... What's the would come to?

  • Strangely enough, you need someone very honest to "refund" anything via Bitcoin because he has to send the coins back himself, there's no "return/refund" mechanisms.

    So, all we can say is that guy is a "really honest crook", as strange and contradictory as it seems.

  • testing by slashdot engineer
  • by neminem ( 561346 ) <neminem@gmaLISPil.com minus language> on Monday June 01, 2015 @04:12PM (#49817955) Homepage

    My stepdad was hit by one of these a who months ago (incidentally, I can't believe he fell for it - he isn't sure how he got it, but he's a super-techie, it's surprising he both somehow installed such nasty nalware, and also didn't have any recent backups of important files). Anyway, they asked for 500 bucks (he paid it, sadly, not that I necessarily blame him). $22.88... doesn't seem like a lot of money. I'd pay that without even thinking, if I were hit with it. $500 bucks I'd have to think more about.

    • by Anonymous Coward

      If it's anything like the vast majority of ransomware investigations that pass by my desk, it's because he hasn't updated Flash in years and got hit by malvertising.

      • he hasn't updated Flash in years and got hit by malvertising.

        You don't have to be that bad, even. My parents' PC had Flash 12 on it and Flash 9 on it. Where did Flash 9 come from? It was installed at the same time as the updater software for their GPS device.

        The whole ecosystem is toxic and hateful towards the user.

    • by Anonymous Coward

      I'd pay that without even thinking

      "A man asks a woman if she would be willing to sleep with him if he pays her an exorbitant sum. She replies affirmatively. He then names a paltry amount and asks if she would still be willing to sleep with him for the revised fee. The woman is greatly offended and replies as follows:
      She: What kind of woman do you think I am?
      He: We've already established that. Now we're just haggling over the price."

      Do not give in to blackmail!

      • The man was George Bernard Shaw, playwright and society wit. The way he said it however was much more quickfire than you make it sound.
    • by Anonymous Coward

      My stepdad was hit by one of these a who months ago (incidentally, I can't believe he fell for it - he isn't sure how he got it, but he's a super-techie, it's surprising he both somehow installed such nasty nalware, and also didn't have any recent backups of important files).

      Probably got it from visiting Sourceforge...

    • by moeinvt ( 851793 )

      The malware authors need to create some sort of automated bartering program so that they can extract people's maximum willingness to pay. I'd definitely pay $22.88, but no way on $500.

  • by Anonymous Coward

    Was a wrench [xkcd.com] involved in getting him to release them?

  • Press any key to continue ...
  • by Anonymous Coward

    My machine was hit by this ransomware and I got lucky enough to be doing something when it happened so I had the process suspended two minutes into the attack. Only about 30 of my actually useful files were hit with most of it just being a bunch of old unneeded data.

    So when he released the keys and the rules to unencrypt them I found my key in the list, based on the data saved on the machine for exactly that purpose in case I purchased. This was both the bitcoin address I should have paid through and an X

Do molecular biologists wear designer genes?

Working...