Author of ‘Locker’ Crypto Ransomware Decrypts All Infected Files and Apologizes

Published at: June 3, 2015

On May 30, the author of the crypto-ransomware known as Locker posted an apology on Pastebin and claimed that he “never intended to release” the malware program. According to Threatpost.com, the author says he terminated distribution as of June 2 and that he has decrypted all infected files.

The author said on Pastebin:

" I am the author of the Locker ransomware and I'm very sorry about that has happened. It was never my intention to release this. I uploaded the database to mega.co.nz containing 'bitcoin address, public key, private key' as CSV. This is a dump of the complete database and most of the keys weren't even used. All distribution of new keys has been stopped."

Security firm KnowBe4 explains Locker ransomware is a “sleeper campaign” that is installed through a social engineering attack and then sits silently on computers and encrypts files upon the activation of the malware creator.

Within the first few days of its original release, the malware forcibly encrypted hundreds of computers and demanded that victims pay 0.1 BTC, approximately US$22.64 at time of this writing, for a decryption key.

Despite the malware creator’s attempt to elucidate his intent, KnowBe4 CEO, Stu Sjouwerman, announced:

“If you build code like this, you know very well what you are doing. The fact it was built as a ‘sleeper’ shows months-long careful planning. The other point is that if he would really have genuine remorse, everyone would get refunded which does not seem to have happened. It is also not clear if current infection vectors have been turned off or not.”

Security firms, including KnowBe4, claim that Locker ransomware could have been a very successful scam, and they are speculating on the motives behind why the creator would put an end to its distribution.

Sjouwerman suggested that the creator most probably did not want to attract attention from law enforcement. He said:

“What we can assume is that he is a talented coder but not an experienced cybercriminal, because a foul-up like this would never have happened with professional Eastern European organized cybercrime. He may have worked as a developer for one of these gangs and decided to start his own outfit, which backfired.”

Tags

Hackers

Security

Scams

Malware

Related Posts

Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures

Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …

Bitcoin / June 9, 2020

Bitcoin Giveaway Scam Hits Popular Indian Youtuber

Ajey Nagar, a Popular Indian YouTuber with 6.7 million subscribers, is the latest victim of the ongoing BitCoin giveaway scam on Youtube. The hack happened on Nagar’s second Youtube channel- CarryisLive where he streams himself playing video games with YouTubers and celebrities. Two Bitcoin giveaway scam promotional videos were reportedly posted on the channel. Both videos displayed bitcoin addresses. One of the videos also featured an image of SpaceX and Tesla CEO Elon Musk supposedly giving away Bitcoin. The scammers were promising to double the Bitcoin sent to them. By press time, Ajey Nagar announced that his Youtube channel is …

Bitcoin / July 26, 2020

Researchers Find Monero Mining Malware That Hides From Task Manager

Cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed “Norman,” that aims to mine the cryptocurrency Monero (XMR) and evade detection. Varonis published a report about Norman on Aug.14. According to the report, Varonis found Norman as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company. Hackers and cybercriminals deploy cryptojacking hardware to use the computing power of unsuspecting users’ machines to mine cryptocurrencies like the privacy oriented coin Monero. Norman in particular is a crypto miner based on XMRig, which is described in the report as a high-performance miner for Monero …

Altcoin / Aug. 14, 2019

Inverse Finance exploited again for $1.2M in flash loan oracle attack

Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flash loan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (wBTC). Inverse Finance is an Ethereum-based decentralized finance (DeFi) protocol and a flash loan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information. The latest exploit worked by using a flash loan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market …

Defi / June 17, 2022

Top 7 cybersecurity jobs in high demand

In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …

Technology / Feb. 26, 2023