Oh the places you'll go

In part I of our ‘Who’s Behind Ransomware’ series we talked about how commoditized ransomware can be purchased and deployed by criminals with minimal technical skills.  As a follow up to that blog post, the kind folks at ID Ransomware / MalwareHunter uncovered a great example of such technical inadequacy. The MalwareHunter team showed that a recent CryptoLite sample was using the same bitcoin wallet address...

...that was used for a really amateur ponzi-scheme being run through a bitcoin chat forum.

The date on the forum was mid 2016.  Two years later and the same criminal has graduated to blasting out ransomware - using the same wallet address. Oh the places you’ll go!