Author

Topic: [2016-01-27]Ransomware author tries to blackmail security researcher into taking (Read 275 times)

full member
Activity: 172
Merit: 100
If voting made any difference they wouldn't let us
Ransomware author tries to blackmail security researcher into taking down 'educational' malware project

The author of the Magic ransomware unsuccessfully attempted to blackmail a security researcher into taking down two open-source 'educational' malware projects on GitHub.

Magic, a malicious program which is written in C# and which demands 1 Bitcoin from its victims, is the second strain of ransomware discovered in January to have been built on malware that has been made available to the public for 'educational' purposes.

The first threat, Ransom_Cryptear.B, is based on an open-source project called Hidden Tear, which is currently hosted by Turkish security researcher Utku Sen on his GitHub page.

According to Security Week, Sen was able to break the encryption algorithm of the Ransom_Cryptear.B malware soon after its discovery due to a flaw he had intentionally left in Hidden Tear's code. Sen ultimately used that flaw to recover victims' files without requiring them to pay the ransom.

The story of the Magic ransomware does not have such a happy ending for users, however.

The Magic ransomware strain is based on EDA2, another file-encrypting project developed by Sen, which contains the code for the ransomware executable and the encryption algorithm, as well as a PHP web panel that acts as the command and control (C&C) server for storing victims' encryption keys.

Quite the unfortunate turn of events. But that's not where the story ends.

As it turns out, the ransomware author had a backup of the encryption keys and agreed to release all of them for free on two conditions: that Utku Sen pay him three Bitcoins (currently approximately US $1200), and that he also take down his Hidden Tear GitHub project.

Ultimately, Sen says he was able to convince the attacker to drop the Bitcoin payment, and nothing has happened since that agreement was made.

Curious about the current status of things, Softpedia reached out to Sen, who has since provided the following update:

More https://www.grahamcluley.com/2016/01/ransomware-author-tries-blackmail-security-researcher-taking-educational-malware-project/
Jump to: