Image: Motherboard
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
After Motherboard reached out to the hacker via Instagram, the hacker deleted the account. The hacker did respond via Telegram, saying the malware isn’t theirs. When we asked whose it was, they deleted the whole chat history. The ad includes a link to Checkzilla, a malware repository. The website shows the alleged malware file is not detected by several antivirus programs. While the ad suggests the malware is good because of that, there is no way to know that’s the actual ransomware and not a benign file uploaded to the site.In fact, according to Allan Liska, a researcher at cybersecurity firm Recorded Future who tracks ransomware, it’s very likely the malware is “crappy” and the Checkzilla results shouldn’t be taken too seriously.Usually, ransomware groups advertise their malware on hacking forums, some public and some private. But some groups, such as Philadelphia Ransomware, have advertised on social media like YouTube, and others have used Twitter, and Facebook, according to Liska. “These are almost lower tier ransomware groups that cannot gain any traction in the usual places,” Liska told Motherboard in an online chat. “Which means anyone who does take them up on their offer is likely stuck with crappy ransomware.”
Do you have information about ransomware gangs or ransomware incidents? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com
Advertisement