Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open-Source Ransomware Abused For the Second Time In Real-Life Infections (softpedia.com)

Posted by timothy on from the dark-side-wins-some-rounds dept.

An anonymous reader writes: After the Hidden Tear (open-source) ransomware code was used to create the Cryptear.B ransomware, now the EDA2 open-source project was used in the same way to create the Magic ransomware. Both projects were created by the same guy. While he left an encryption flaw for Hidden Tear, he didn't for EDA2, relying on a backdoor in the ransomware's admin panel, which he planned to use to steal the encryption keys from the ransomware authors, if they ever used his tool. Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

3 of 100 comments (clear)

  1. Victims should sue by mysidia · · Score: 4, Insightful

    The hosting provider who delete the files for damages.

    Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

    If it was reported to them, then the provider KNEW or should have known their servers were holding a criminal's data, including possibly encryption/decryption keys and stolen assets in relation to ransomware, which the providers' services had aided.

    At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities.

    Complete deletion was an act of negligence, and if they aren't criminally tried, the provider should at least be compensating victims for their loss that was a result of not being able to obtain ransomware decryption keys which the provider destroyed.

    1. Re: Victims should sue by mbeckman · · Score: 3, Insightful

      mysidia: while good-intentioned, that's simply not how the law works. A third party that destroys evidence as a side effect of securing the safety of themselves or their property commits no crime, because their intent is not to destroy evidence, but to regain their own security.

  2. Does this mean that we should rejoice? by Anonymous Coward · · Score: 2, Insightful

    Is it a cause for rejoicing that when we've been hit with a ransomware attack that the attacker is an ethical one that will promptly restore things when we pay the ransom? You know, an attacker that has a fiduciary responsibility to act promptly when we submit to his demands. Does this mean we should deal with only the reputable extortionists?