Coveware: Ransomware Recovery First Responders

View Original

Oh the places you'll go

In part I of our ‘Who’s Behind Ransomware’ series we talked about how commoditized ransomware can be purchased and deployed by criminals with minimal technical skills.  As a follow up to that blog post, the kind folks at ID Ransomware / MalwareHunter uncovered a great example of such technical inadequacy. The MalwareHunter team showed that a recent CryptoLite sample was using the same bitcoin wallet address...

Ransom notice with re-used wallet address

...that was used for a really amateur ponzi-scheme being run through a bitcoin chat forum.

 

amateur ponzi scheme on bitcoin forum

The date on the forum was mid 2016.  Two years later and the same criminal has graduated to blasting out ransomware - using the same wallet address. Oh the places you’ll go!