On Tue, 15 Mar 2016 10:05:33 -0400, Virus Guy  wrote:

>
>So explain this.
>
>The last few locky spams I've gotten had .js files packaged as .zip.
>
>When you look for video examples of people messing around with locky
>exploit files (they're triggering the malware to run on their system and
>showing it encrypt files in real-time) - the locky examples are .doc
>files - the ones that leverage a particular word macro exploit.
>
>I can't find any such examples of people messing with the .js locky
>exploit.
>
>And I can find no description of a use-case as to how the .js exploit is
>triggered from an email spam attachment.
>
>==========================
>
>Ransomware author's bravado shot down by release of decryption keys
>
>March 14, 2016
>
>Security researchers have put a pompous computer criminal in their
>rightful place after releasing the decryption keys for their ransomware.
>
>Lawrence Abrams of Bleeping Computer writes that the ransomware, which
>was released last week, encrypts users' files using AES encryption,
>appends the .LOCKED extension to all files, and demands that victims pay
>a fee of 0.5 BTC (approximately US $210) in exchange for the decryption
>key. All things considered, a pretty standard piece of malware...
>
>...with a truly annoying developer behind it.
>
>In their ransom note, the extortionist prides themselves on their
>experience creating malware and on their success in hiding from the
>authorities. You can read the message in full here, but provided below
>is a selection of some of the developer's more "self-assured" comments:
>
>https://www.grahamcluley.com/wp-content/uploads/2016/03/ransomware-message.jpe
g
>
>    "You'll never be able to find me. Police will never be able to find
>me. Go ahead and try them if you like, but don't expect your data back.
>They will be concerned about helping the community, not with helping you
>meet your deadline. If they say they need to keep your desktop for a few
>days, well lol, you probably won't be seeing your machine again soon,
>let alone your data. I've been doing this for five years now and haven't
>been caught yet."
>
>    "...Just be thankful that it wasn't worse. I could have asked for
>more money. I could have been working for ISIS and saving that money to
>behead children. I could have been a mean SOB and just destroyed your
>data outright. Am I those things? No. I just need the money to live off
>of (true story) and don't care at all about the hacker 'community'. So
>there isn't anyone you will be protecting by sacrificing yourself. I'll
>just encrypt more people's data to make up for the loss."
>
>That's more than enough to get anyone's blood boiling.
>
>Fortunately, the developer has since been served their just desserts.
>
>Though they succeeded in infecting 700 victims over the course of one
>day, including three users who ended up paying the ransom fee, the
>ransomware author originally based their malware on EDA2, a
>file-encrypting project which found itself in hot water earlier this
>year when a criminal used it to develop the ransomware known as Magic.
>
>https://www.grahamcluley.com/wp-content/uploads/2016/03/eda2-abandoned.jpeg
>
>Utku Sen, the man behind the project, intentionally inserted a backdoor
>into his code when he first developed EDA2 to make sure he could check
>potential abuses of his code. It is this backdoor access Sen leveraged
>in this particular case to obtain a list of decryption keys, which are
>now available for download.
>
>https://www.dropbox.com/s/n4lfdv9ti8sbwtu/decrypted_keys.csv?dl=0
>
>https://www.grahamcluley.com/wp-content/uploads/2016/03/decryption-keys.jpeg
>
>To be sure, some thanks are owed to Utku Sen for helping the hundreds of
>users affected by this ransomware. However, it's worth noting that none
>of this would have happened if the researcher hadn't published his EDA2
>project online in the first place.
>
>Malware analysis is a good thing. It teaches us about how online threats
>continue to evolve on a day-to-day basis.
>
>Even so, only researchers with abundant technical expertise should be
>able to access samples of malicious code. Malware should never be
>published online for any reason; bad actors will always find a way to
>co-opt the code for their own nefarious purposes.
>
>https://www.grahamcluley.com/2016/03/ransomware-author-decryption-keys/



Why, do you think, that there are several keys in the .csv file with..


!!!Error decrypting key!!!

??  Are those folks just out of luck ?

boB

--- NewsGate v1.0 gamma 2