Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Behind Massive Ransomware Outbreak Can't Get Emails From Victims Who Paid (vice.com)

Posted by msmash on from the interesting-turns dept.

Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

5 of 182 comments (clear)

  1. The Nuclear Option by trg83 · · Score: 5, Interesting

    While this doesn't do anything to improve life for the poor folks trying to retrieve their files, this type of aggressive approach may be required to eliminate the incentives for ransomware creators. It's truly the nuclear option, as the fallout is likely to hurt many unintended targets, but it could end the war.

  2. What was Posteo supposed to do? by Rosco+P.+Coltrane · · Score: 4, Interesting

    Let the scammer's email addy active and be accused of being accessory to racketeering?

    Tough shit for the ransomware victims, but they just had to do it.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:What was Posteo supposed to do? by fred6666 · · Score: 3, Interesting

      maybe they already have that information? What more could they learn by leaving the account active for longer?

  3. Honeypot ransomware by cowwoc2001 · · Score: 4, Interesting

    Out of curiosity, why don't anti-viruses create a random file on disk and flag any process that modifies it as a suspected ransomware (for manual or automated intervention)?

    1. Re:Honeypot ransomware by Anonymous Coward · · Score: 3, Interesting

      One file, randomly placed on a disk, is not statistically likely to serve as any sort of honeypot before other significant damage has occurred. On average, I suppose you could argue that it would mitigate the damages to roughly half... but that's an overall average. It would be virtually equal to useless just as often as it might save a good percentage of your data. It's like having a life guard on duty at a beach who *might* bother to swim out to save you if you need help, but then again, he might not. So what's the point of him being there? Better than nothing? I guess.. but probably only a lot more likely to just create a false sense of security.

      A healthy backup policy is the only real workable solution... and considering it is even automatable, I can't say I understand the resistance to practicing it.

      Although I've not been hit by ransomware, having an automated backup policy in place on my system has still saved my data on more than one occasion, whether it was due to disk drive failure or because of human error.

      well this first generation of ransomware relies on crypto libraries currently in the system, you can hook and tell the OS to snapshoot the processs memory and posibly be able to get the prime numbers used to generate the keys that, while the attack is going on, are in memory, like the Quarkslab solution for XP systems works.