Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Operator Barters With Security Researcher To Remove Open Source Ransomware Code (softpedia.com)

Posted by Soulskill on from the security-research-goes-meta dept.

An anonymous reader writes: The author of the Magic ransomware strain has agreed to release all decryption keys for free if Utku Sen, a Turkish security researcher, takes down his Hidden Tear open-source ransomware project from GitHub. Sen has released multiple open source ransomware projects, which contained backdoors and encryption flaws. The flaws disrupted the plans of several ransomware operators. This particular ransomware author is Russian, while Sen is Turkish, so just like Putin and Erdogan, the two struggled to come to an agreement. Utku Sen finally agreed to take down the Hidden Tear repository in three days, while the author of the Magic ransomware will provide all the encryption keys for free for the next 15 days.

1 of 34 comments (clear)

  1. Totally in awe by Okian+Warrior · · Score: 5, Informative

    The first project he created was named Hidden Tear, and malware operators used it to create the Cryptear.B ransomware family. Unfortunately for the malware operators, the ransomware's encryption contained an encryption flaw, left intentionally by Utku in its source code, which allowed him and other security researchers to help victims decrypt their locked files without paying the ransom.

    The second project was the EDA2 ransomware, which didn't contain an encryption backdoor, but came with a fully-working C&C server admin panel, which contained a backdoor account.

    This second project was used for the Magic ransomware family. The problem is that the operator of this ransomware campaign decided to host the C&C server admin panel on a free hosting provider's infrastructure. Once the hosting provider discovered what the malware operator was up to, it shut down and deleted his account, inadvertently deleting the database with all the encryption keys.

    Utku Sen publicly apologized for this incident, and then removed the EDA2 ransomware project from GitHub, but with no doubt, the project is still shared via underground forums and black markets.

    So this guy made an open source ransomware project on GitHub with intentional backdoors, which was then downloaded and used, and security researchers then used the backdoors to thwart the ransomers?

    I am totally in awe of this person. Bravo!