What happened to OC? - CLOSED Carnage?!
Krazychic

Hacker behind ransomware attack has no access to emails from victims who paid

149873973315722.jpg

 

The hacker behind Wednesday’s global ransomware attack can’t get emails from those who met his demands because his account has been closed by the German provider.

 

Spoiler

Several Australian businesses including courier companies, legal firms and even Cadbury were involved in the Petya cyber attack, which demanded victims send bitcoin to a predefined address to have their files decrypted and then email him with confirmation.

 

Once received, the hacker would send a 60-character code made up of letters and digits generated by the malware so they could unlock their files.

 

“If you see this text, then your files are no longer accessible, because they are encrypted,” the ransom message read.

 

“Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

 

The hacker’s plan was flawless until email hosting company Posteo decided to close the account mentioned in the demands.

 

“Midway through today we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact,” the email provider wrote in a blog post on Wednesday.

 

“Our anti-abuse team checked this immediately — and blocked the account straight away. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases.”

 

This might have seemed like a good way to stop the hacker getting the extortion money, however the move also means the victims now have no way of getting the decryption keys needed to unlock their files.

 

Source

Iggy and Takka like this

Share this post


Link to post
Share on other sites

Tiddy-bits:

What kind of a fucking idiot "hacker" uses a third party email provider?

Takka likes this

Umh7x1l.gif

Share this post


Link to post
Share on other sites
10 hours ago, TCK said:

What kind of a fucking idiot "hacker" uses a third party email provider?

To be fair, more than likely, he did not even write or modify the software. There are probably a lot of compiled binaries and modifications for this ransomware where you just type some information, save your configuration and deploy it. 


System Administrator (Well Rounded) | AWS | Azure | Microsoft 365

Share this post


Link to post
Share on other sites
1 hour ago, WaeV said:

I hope this keeps up, so that people learn to never pay creators of ransomware.

Exactly. It sucks that your precious files were obliterated, but people paying the crook is why this sort of business exists.

 

Instead, I recommend paying (much less money) for one or two backup solutions. Backing up your files and keeping your backups unplugged and away from your system will protect your data from:

  • SSD/Hard drive failure
  • Malware (i.e. ransomware)
  • Lightning damage
  • Your house burning down

Backing up your stuff is far, far cheaper than data recovery as well as ransomware. A simple external 1 TB hard drive will set you back only $50-$60 or so, or you can back your stuff up using various cloud services.

 

WaeV likes this

Share this post


Link to post
Share on other sites

Bonus: Not only do proper backups protect against ransomware; they also protect against everyday disk failures.

 

RAID doesn't count as a backup; you need something like an external drive that you periodically sync, but leave unplugged in the closet.

Kavawuvi likes this

Share this post


Link to post
Share on other sites
25 minutes ago, WaeV said:

Bonus: Not only do proper backups protect against ransomware; they also protect against everyday disk failures.

 

RAID doesn't count as a backup; you need something like an external drive that you periodically sync, but leave unplugged in the closet.

This is where Copy on Write filesystems and read-only system snapshots come in handy.


System Administrator (Well Rounded) | AWS | Azure | Microsoft 365

Share this post


Link to post
Share on other sites
1 hour ago, WaeV said:

Bonus: Not only do proper backups protect against ransomware; they also protect against everyday disk failures.

 

RAID doesn't count as a backup; you need something like an external drive that you periodically sync, but leave unplugged in the closet.

Yep. That was one of the things I listed.

 

While RAID can help protect against disk failure, you won't be saved from malware, and if enough drives fail, your data is lost anyway. So yeah, definitely keep your backups unplugged.

Share this post


Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.