Skip to content

Veeam acquires Coveware to add World-class Cyber Incident Response

Oh the places you’ll go

In part I of our ‘Who’s Behind Ransomware’ series we talked about how commoditized ransomware can be purchased and deployed by criminals with minimal technical skills. As a follow up to that blog post, the kind folks at ID Ransomware / MalwareHunter uncovered a great example of such technical inadequacy.The MalwareHunter team showed that a recent CryptoLite sample was using the same bitcoin wallet address…

Ransom notice with re-used wallet address
Ransom notice with re-used wallet address

…that was used for a really amateur ponzi-scheme being run through a bitcoin chat forum.

amateur ponzi scheme on bitcoin forum
amateur ponzi scheme on bitcoin forum

The date on the forum was mid 2016. Two years later and the same criminal has graduated to blasting out ransomware – using the same wallet address. Oh the places you’ll go!