And another one: Maktub Locker....

DRUG

New member
This execution method is very smart, but will have flaws. It's interesting that they compress the file before crypting it, making the encryption faster. However te fact that they have a WWW site ofering decryption on 2 files, that can serve to find at least inital paterns. I've also seen how memory handles the dll responsible for the job, if you have a bad pc, your files won't be encrypted LOL!!!! :D :D :D

Edit: I have forgotten the most interesting part. This can't be written by one single person, the obfuscation on the dll, the hardcoded process, it suggests that this has been developed by a team of malware experts, not randoms with some coding skills.
 

HaQue

Moderator
There is always speculation about the skill required and resources required to do this sort of malware. this isn't like Stuxnet where a massive amount of extra knowledge was needed such as Siemens SCADA stuff, and some pretty decent rootkit type knowledge. Also the targeting requires quite a bit of knowledge about the targets, plus motivation.

This malware however really just needs to run on a windows box. And the extra parts the "team" would need would be access to 0-days, or ability/time to discover them, a way to sell the kits to people without getting caught, or a way to create and use them themselves without getting caught, and finally a way to get really money back at the end, also without getting caught.

I don't think it is a huge team, maybe 3 -5 people at the creation part. Any more and it is in danger of the usual human bullshit where there is fallings out, ego clashes, a member slipping up... (If you have 2 people creating it, getting 2 more to help doubles the chance of a mistake). Also the more people, the more chance one of them has a girlfriend/boyfriend that cant be trusted, they brag or make stupid social media posts, they have some history where they weren't so careful come back and bite them in the ass (Silk Road, lol!).

Somehow they need exploits, and the people doing the crypto part, I wouldn't think would have a huge role in that.. it takes too much time. Plus it is obvious they monitor releases of patches and Vulns, and you cannot code properly when you are pre-occupied with the world. You need web devs, and these wouldn't be the exploit devs or the crypto people because they would HATE doing web dev if they are any type of decent coder. Someone has to organise the domains and do the uploading. You also need hackers to p0wn websites. These people would generally be the younger reckless ones I reckon that love to 0wn boxes and wouldn't be skilled in actual coding. Ad to all this the ones doing all the money side of it and you start to get a significant number of people involved.

I think these different parts of the crime would not be very organised and each component may change between people as some of the players get arrested for this or other crimes they are also doing, but I doubt it is one big team. I doubt many know each other in real life or are even in the same country.

Good to see recently two of the actual developers get thrown in federal PMITA.. one for 7 years and another for I think it was 12.
 

Trumpus

New member
On the 15.12.2016 Maktub Locker Ransomware is detected in Germany. They send fake Emails with a fake bills. Bills adresses are real, but you can not open them. If you try to open them you will get the Virus downgeloaded. The new file extension is: .aywkk Design is just the same as last year.
According to virus-entferner.de the files are compressed during the process of cryption, because they want to make the process of cryption more quick: https://www.virus-entferner.de/2016/12/ ... entfernen/

Best regards
 

mixview

New member
Hi!
Here are the new overview about the transformation of ransomware http://myspybot.com/redboot-ransomware/
Blackmail viruses like RedBoot have evoked a serious discussion in the IT security circles. These types of cyber-culprits cause much more damage than mainstream ransomware as their adverse effects go beyond personal data encryption alone. The above-mentioned infection, for instance, additionally corrupts the Master Boot Record and skews the partition table to render the machine inoperable. Some researchers argue that perpetrating programs with such a depth of impact make victims highly skeptical regarding their chances for recovery, hence the crooks earn less than they would if the pest simply enciphered files without blocking computers altogether. And yet, the makers of RedBoot don’t seem to care and keep spreading their Petya-ish baddie regardless.
 
Top