When the tables turn and hackers cry for help

When the tables turn and hackers cry for help

blog_main_help

Security researcher and Chief Technology Officer at Emsisoft, Fabian Wosar, makes headlines again. Our Lab team did not know if they should laugh or cry when they received a request for help with a bug in Apocalypse ransomware developers code. Bleeping Computer reports that Fabian was contacted through their forums where he regularly helps victims of ransomware to decrypt their data.

“During their exchange, the ransomware coder has asked Wosar to help their crew fix a bug in the ransomware’s encryption process that causes files to be overwritten with junk data.”

In the exchange, the developer attempted to use flattery and to appeal to his sympathetic nature.

fabian_conversation

Fabian posted about the request on Twitter. Professionals from Infosec and various security researchers have weighed in. Most suggested that he should not help those who benefit from the suffering of ransomware attack victims. Others felt that by helping to correct the code, the victims who paid the money to have their files recovered would in fact receive their data and not files filled with garbage. Fabian is yet to decide.

fabian_twiiter

Apocalypse, who sent the request, are the same developers who recently renamed a strain of their ransomware to ‘Fabiansomware’ to try to have him labelled as its creator. Fabian has cracked several versions of their ransomware in the past and distributed the decrypter keys for free.

Fabian has become something of a hacker helpline in recent days with another ransomware family, fs0ciety, contacting him to sell him decrypter keys for ransomware he had hacked weeks beforehand.

For as long as he continues this kind of work he will remain a target with the hope that users won’t have to be.

Have a nice (ransomware-free) day!

 

  • Alan Takaki

    I had it already I spent a small fortune fixing it!
    what good is your company if it cannot block these virus & malware I ran Emisisoft it each hour & that got old quick!
    so I scanned it every 3 hours & you are telling me about a scam??
    I already got it, so what are you going to do? refund my money??

  • LodeHere

    The ultimate safety insurance is still making a system backup now and then after you made some changes in settings you don’t want to have to make again, including after downloading-installing new software, especially if you don’t remember exactly how you made those changes in setting afterwards.

    Making a system restore point is also good, but a complete system backup saved on an external drive is the best. Or otherwise utilizing the Refresh option. Although for that you have to have an OS disk and re-install a lot of stuff and do the settings again. But it’s still less work then reformatting.

    Save your System Backup on an external drive you only use for that and never have plugged into your computer except when making the backup or when using the backup to restore your system with. Otherwise that drive can also be infected.

  • Robert Bonomo

    I would not help the developers. If just one line of your code is included into their code they can then claim (technically and legally) that you are part of the ransomware software and it adds value to the ‘Fabiansomware’ claim.

    Remember they are slick people. This can be a ruse to get you to contribute to the code.

    Help the victims? Yes.

    My 2 cents(CAD) worth (0.0141 EURO)