Jump to content

Hacker Behind Massive Ransomware Outbreak Can't Get Emails


tao

Recommended Posts

A German email provider has closed the account of a hacker behind the new ransomware outbreak, meaning victims can't get decryption keys.

 

On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted.

 

But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files.

 

"If you see this text, then your files are no longer accessible, because they are encrypted," the ransom text reads. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

 

From here, the hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key."

 

This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That way, the hacker can release the specific key needed to unlock that individual victim's files.

 

That process is not possible now, though.

 

Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately – and blocked the account straight away. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases."

 

Just to be super-clear, Posteo clarified, "Since midday it is no longer possible for the blackmailers to access the email account or send emails," and "Sending emails to the account is no longer possible either."

 

In other words, victims allegedly cannot contact the hacker by email, nor send the details necessary to unlock their files.

 

In an email to Motherboard, Posteo said, "Please make no speculations about how high the chances are to decrypt files locked by ransomware if you pay a criminal." The company did not respond to questions asking how victims can contact the hacker.

 

At the time of writing, around 20 victims have sent just under $5,500 to the hacker's bitcoin address.

 

< Here >

 

Link to comment
Share on other sites


  • Replies 1
  • Views 461
  • Created
  • Last Reply

We have been trying to get email providers to block these email addresses for a long time.  Now that Posteo has done it maybe others will follow suit and people will realize they have no way to contact the ransomware developers to get their files decrypted and they will no longer pay them.  In this day and age if your files get encrypted and you don't have a daily backup you are just too stupid to have computers and ought to go back to paper and pencil.  That may sound mean but the reality of the technology today is you have a full daily backup and if anything happens you just restore from your nightly backup and move on.  You might lose a little data but you will have the majority of it which is definitely better than none.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...