Ransomware gang closes down and gives crypto key to ESET, but reasons are unknown
The gang behind the TeslaCrypt ransomware have shut down their criminal operation and have apologised.
The admission to security researchers ESET also saw the gang hand over the universal master decryption key to the malware.
The surprising development was revealed by ESET in a blog posting, after it said that one of its analysts had contacted the group anonymously, using the official support channel offered to the ransomware victims by the criminals.
That analyst requested the universal master decryption key. And shockingly the criminals replied, and announced they were shutting down their operation.
“Project closed, master key for decrypt XXX…XXX, we are sorry,” replied the criminal gang.
“This allowed ESET to create a free decrypting tool promptly, which is able to unlock files affected by all variants of this ransomware,” said the security researchers.
“We must stress that ransomware remains one of the most dangerous computer threats at this moment, and prevention is essential to keep users safe,” said ESET. “Therefore, they should keep operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location (such as external storage).”
But why would the gang suddenly shut down their malicious activities, apologise, and hand over the master key?
Security experts at Sophos speculated on the reasons why the gang would decide to shut up shop, but admitted it was puzzling. Sophos speculated it could be down to four different reasons.
Firstly, the criminals were genuinely remorseful and retired in a fit of conscience. Secondly, the gang could have been hacked by rival criminals, who leaked the master key to ruin their rivals’ business.
Thirdly the gang could have ditched TeslaCrypt to concentrate on newer ransomware. And finally the gang could have made so much money that they want to retire before they get caught.
TeslaCrypt came to prominence in 2015 and like other ransomware, once it was installed on a Windows PC, it sought out valuable data on the computer by searching for file types such as photos, financial spreadsheets and Office documents.
But in a twist, it also sought to encrypt files related to dozens of games such as Call of Duty, World of Warcraft, Steam etc.
TeslaCrypt typically charged 1.5 Bitcoins (about $420) for a key to decrypt the files.
Whilst TeslaCrypt may now be neutralised as a threat, ransomware remains a growing problem for computer users. Last month ESET warned that the UK was being heavily targeted by ransomware.
It should be noted that the UK is not the only country being targeted. In the United States there has been a spate of ransomware attacks on healthcare organisations, which prompted the FBI to appeal to businesses and IT experts for emergency help.
Are you an Internet security expert? Take our quiz to find out!