The Ransomware That Said “I’m Sorry”

When it comes to ransomware, there aren’t too many good developments happening.

Sure, every day of every week there are new bad developments. And yeah, ransomware is hitting 4000 new computer every hour. And there is a new and evil variant popping up each day. And let’s not forget that even entities like the FBI have at times suggested that paying up might be your only way to get encrypted information back (regardless, don’t pay up, ya hear?). So it wouldn’t seem like there is much to celebrate about in the ransomware-o-sphere.

Ransomware + Zombies = DDoS

Take the new ransomware variant Cerber, for example. The creators of Cerber, which has been around for about a month now, know very well that ransomware is a hot topic and as such, the concept of backing up data as opposed to paying up is on their radar.

In their evil attempts to extract payment from victims, they have modified their code so that if a victim doesn’t appear to be paying up, it will turn the infected computer into a zombie as part of a botnet. It will then initiate a Distributed Denial of Service attack, or a DDoS, making the infected computer send huge amounts of traffic to specified websites with the intention of crashing the targeted website. The way this plays out is that the ransomwared computer is unable to access its own files and at the same time, it’s causing another one to be denied service as well.

Yikes. Truly, no joy in ransomwareville.

A good sign??

But shockingly, something good has actually happened in the ransomware-o-sphere. Something amazing, in fact.

TeslaCrypt is a ransomware variant that’s been making its rounds for a few years now. Deployed via the famed Angler Exploit to players of Call of Duty, MineCraft, World of Warcraft and other online games, TeslaCrypt began to move away from a game-only based ransomware and began encrypting Word, JPEG and PDF files in recent years as well. And in good ransomware fashion, to get your files back all you had to do was pay $500.

But now it seems that perhaps, the crooks have had a change of heart.

In an odd turn of events, after noticing that the TeslaCrypt gang’s activities had started slowing down, researchers from security firm ESET decided to ask them for the master decrypt key… and the hackers gave it to them.

Yup, you read it right, they gave it to them with a message stating “Project closed, master key for decrypt XXX…XXX, […] we are sorry.”

And just like that they shut down their model. No more TeslaCrypt to worry about on Word Docs or WoW. Nothing short of amazing.

Just one thing – Of course, this doesn’t mean you’ll be seeing a nice $500 credit in your bitcoin account any time soon – they never said they’ll be paying people back, they just said they are sorry and released the key, which is of use if your infection is super-new or if you just never paid up and it’s still sitting on your now pretty-much-unusable computer.

Perhaps this is a good omen. Maybe this means that the crooks are seeing that their methods don’t work and they’ll begin to back down, and oh, we don’t know, go find real jobs at some tech startups (sad truth is that they probably won’t make as much money…too bad).

Or maybe it means they are just reloading, getting ready for their next big thing. For the moment, it remains unclear  as to what their true intentions are, but in the meantime, we’ll take the victories where we can get them, because when it comes to ransomware, they are few and far between.*

 

*Okay, okay the article is over, but now is a good time to mention that with ransomware, prevention is really the best defense. That’s why you should be backing up your files to a cloud-based backup program like Acronis Backup, Shadow Plan or any of the ones hereYou should also have a solid antimalware program like RCS to keep the rotten vile code that deploys ransomware off your computer.

Okay, now we’re really done here.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s