Slashdot Mirror


Open-Source Ransomware Abused For the Second Time In Real-Life Infections (softpedia.com)

An anonymous reader writes: After the Hidden Tear (open-source) ransomware code was used to create the Cryptear.B ransomware, now the EDA2 open-source project was used in the same way to create the Magic ransomware. Both projects were created by the same guy. While he left an encryption flaw for Hidden Tear, he didn't for EDA2, relying on a backdoor in the ransomware's admin panel, which he planned to use to steal the encryption keys from the ransomware authors, if they ever used his tool. Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

1 of 100 comments (clear)

  1. Re: Victims should sue by tlambert · · Score: -1, Troll

    "At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities. "

    Duty bound? What duty is that?

    The duty to cover their asses, among other things.

    If I were a prosecutor, I would in fact charge them with:

    * Tampering with evidence
    * Accessory after the fact
    * Property damage
    * Contributory negligence
    * Aiding and abetting
    * Spoliation of evidence
    * (a)(5)(A) of the Computer Fraud and Abuse Act (fine and/or imprisonment for up to 10 years)
    * (a)(5)(C) of the Computer Fraud and Abuse Act (fine and or imprisonment for up to 1 year)
    * (j)(2) of the Computer Fraud and Abuse Act (forfeiture of the computer systems involved and any hosting proceeds)

    I'd also suggest civil action by those harmed, as provided for in section (g) of the Computer Fraud and Abuse Act.