Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open-Source Ransomware Abused For the Second Time In Real-Life Infections (softpedia.com)

Posted by timothy on from the dark-side-wins-some-rounds dept.

An anonymous reader writes: After the Hidden Tear (open-source) ransomware code was used to create the Cryptear.B ransomware, now the EDA2 open-source project was used in the same way to create the Magic ransomware. Both projects were created by the same guy. While he left an encryption flaw for Hidden Tear, he didn't for EDA2, relying on a backdoor in the ransomware's admin panel, which he planned to use to steal the encryption keys from the ransomware authors, if they ever used his tool. Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

3 of 100 comments (clear)

  1. Throw the fucker in jail ... by Kaz+Kylheku · · Score: 3, Interesting

    Give him a 25 mHz 386/SX box with NetBSD. Release date is "when you crack the key to recover the data".

  2. Am I missing something here? by Anonymous Coward · · Score: 2, Interesting

    I ask this in good faith -- why is there open source ransomware? I have no problem with uploading encrypted data for backups and security purposes. I have no problem with such tools being open sourced. But ransomware is, by definition, used for extortion. Isn't the mere existence of open source ransomware (or any other ransomware) an abuse?

    As for the hosting provider, they should be liable for civil and criminal damages. Victims whose files are unrecoverable because the account was deleted rather than locked have every right to sue. But it also is deleting data that should be relevant to a criminal investigation. The hosting provider should have known these things, so there's no excuse. They probably should be liable both for civil and criminal penalties.

  3. Re: Victims should sue by mbeckman · · Score: 3, Interesting

    "At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities. "

    Duty bound? What duty is that? The victims have no contract with the provider. Sure, it would be nice if the provider happened to recognize this as a ransomware control server, and saved the data. But duty bound? That's a fantasy. The victims are victims of the perpetrator, nobody else.