Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open-Source Ransomware Abused For the Second Time In Real-Life Infections (softpedia.com)

Posted by timothy on from the dark-side-wins-some-rounds dept.

An anonymous reader writes: After the Hidden Tear (open-source) ransomware code was used to create the Cryptear.B ransomware, now the EDA2 open-source project was used in the same way to create the Magic ransomware. Both projects were created by the same guy. While he left an encryption flaw for Hidden Tear, he didn't for EDA2, relying on a backdoor in the ransomware's admin panel, which he planned to use to steal the encryption keys from the ransomware authors, if they ever used his tool. Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

12 of 100 comments (clear)

  1. Victims should sue by mysidia · · Score: 4, Insightful

    The hosting provider who delete the files for damages.

    Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

    If it was reported to them, then the provider KNEW or should have known their servers were holding a criminal's data, including possibly encryption/decryption keys and stolen assets in relation to ransomware, which the providers' services had aided.

    At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities.

    Complete deletion was an act of negligence, and if they aren't criminally tried, the provider should at least be compensating victims for their loss that was a result of not being able to obtain ransomware decryption keys which the provider destroyed.

    1. Re: Victims should sue by mbeckman · · Score: 3, Interesting

      "At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities. "

      Duty bound? What duty is that? The victims have no contract with the provider. Sure, it would be nice if the provider happened to recognize this as a ransomware control server, and saved the data. But duty bound? That's a fantasy. The victims are victims of the perpetrator, nobody else.

    2. Re: Victims should sue by greenfruitsalad · · Score: 2

      there's no such country! just ask MPAA/RIAA

    3. Re: Victims should sue by Bing+Tsher+E · · Score: 2

      And you're an anonymous commenter on a blog. Get off that hobby horse, runt.

    4. Re: Victims should sue by mbeckman · · Score: 3, Insightful

      mysidia: while good-intentioned, that's simply not how the law works. A third party that destroys evidence as a side effect of securing the safety of themselves or their property commits no crime, because their intent is not to destroy evidence, but to regain their own security.

  2. Throw the fucker in jail ... by Kaz+Kylheku · · Score: 3, Interesting

    Give him a 25 mHz 386/SX box with NetBSD. Release date is "when you crack the key to recover the data".

  3. Am I missing something here? by Anonymous Coward · · Score: 2, Interesting

    I ask this in good faith -- why is there open source ransomware? I have no problem with uploading encrypted data for backups and security purposes. I have no problem with such tools being open sourced. But ransomware is, by definition, used for extortion. Isn't the mere existence of open source ransomware (or any other ransomware) an abuse?

    As for the hosting provider, they should be liable for civil and criminal damages. Victims whose files are unrecoverable because the account was deleted rather than locked have every right to sue. But it also is deleting data that should be relevant to a criminal investigation. The hosting provider should have known these things, so there's no excuse. They probably should be liable both for civil and criminal penalties.

    1. Re:Am I missing something here? by cold+fjord · · Score: 2

      I ask this in good faith -- why is there open source ransomware?

      The short answer is that some people have bad values. If you want to dive deeper you could consider the OpenBSD licensing philosophy as a proxy for the Open Source or Free Software movement. The software and its code become an end in itself, What is "good" is defined in terms of working code that complies with the license. The ultimate purpose of the code is practically irrelevant. From time to time there are controversies that arise in regard to some proposed change in the license of some software. I seem to recall several for the GPL. These generally seem to be aimed at harming US national defense, or some sector of the economy. You can probably chalk aspects of this to the nihilism of orur present age.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    2. Re:Am I missing something here? by meerling · · Score: 2

      Researchers do a lot of things, even if only to understand how other people do them.
      On the other hand, this guy was a moron for publishing this stuff. The moment you put something like that out where anyone can get there hands on it, it's too late to stop scum from grabbing it. You'd think after the first time he'd realize that. At this point, I wonder if it was intentional on his part.

  4. Does this mean that we should rejoice? by Anonymous Coward · · Score: 2, Insightful

    Is it a cause for rejoicing that when we've been hit with a ransomware attack that the attacker is an ethical one that will promptly restore things when we pay the ransom? You know, an attacker that has a fiduciary responsibility to act promptly when we submit to his demands. Does this mean we should deal with only the reputable extortionists?

  5. Suitable punishment? by cold+fjord · · Score: 2

    IIRC the last person flogged in the US as sentenced by a court was in the 1950s. It may be time to rethink that for some offenses.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  6. Well all that is why you aren't a prosecutor by Sycraft-fu · · Score: 2

    Because if you'd graduated law school, or just taken a few classes for that matter, you'd know enough to be able to look in to relevant laws and see why your list is a crock that wouldn't hold up.