Author of ‘Locker’ Crypto Ransomware Decrypts All Infected Files and Apologizes

On May 30, the author of the crypto-ransomware known as Locker posted an apology on Pastebin and claimed that he “never intended to release” the malware program. According to Threatpost.com, the author says he terminated distribution as of June 2 and that he has decrypted all infected files. 

The author said on Pastebin:

" I am the author of the Locker ransomware and I'm very sorry about that has happened. It was never my intention to release this. I uploaded the database to mega.co.nz containing 'bitcoin address, public key, private key' as CSV. This is a dump of the complete database and most of the keys weren't even used. All distribution of new keys has been stopped."

Security firm KnowBe4 explains Locker ransomware is a “sleeper campaign” that is installed through a social engineering attack and then sits silently on computers and encrypts files upon the activation of the malware creator.

Within the first few days of its original release, the malware forcibly encrypted hundreds of computers and demanded that victims pay 0.1 BTC, approximately US$22.64 at time of this writing, for a decryption key.

Despite the malware creator’s attempt to elucidate his intent, KnowBe4 CEO, Stu Sjouwerman, announced:

“If you build code like this, you know very well what you are doing. The fact it was built as a ‘sleeper’ shows months-long careful planning. The other point is that if he would really have genuine remorse, everyone would get refunded which does not seem to have happened. It is also not clear if current infection vectors have been turned off or not.”

Security firms, including KnowBe4, claim that Locker ransomware could have been a very successful scam, and they are speculating on the motives behind why the creator would put an end to its distribution.

Sjouwerman suggested that the creator most probably did not want to attract attention from law enforcement. He said:

“What we can assume is that he is a talented coder but not an experienced cybercriminal, because a foul-up like this would never have happened with professional Eastern European organized cybercrime. He may have worked as a developer for one of these gangs and decided to start his own outfit, which backfired.”

Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures   June 9, 2020
Bitcoin Giveaway Scam Hits Popular Indian Youtuber   July 26, 2020
Researchers Find Monero Mining Malware That Hides From Task Manager   Aug. 14, 2019
Inverse Finance exploited again for $1.2M in flash loan oracle attack   June 17, 2022
Top 7 cybersecurity jobs in high demand   Feb. 26, 2023