The alleged creator of the new strain of ransomware known as Locker has apologized for launching the attack. The Internet user claiming to be the hacker responsible for the ‘sleeper’ malware published the decryption keys that should allow the infected users to recover their digital files.
However, there’s probably less hope for the victims that have already paid the Bitcoin ransom, as the hacker didn’t mention any refunds.
The Locker ransomware, which can be described as a ‘sleeper’ virus, was recently activated after sitting silently on several hundreds of infected computers over an unknown period of time. The hacker activated the malware last week, which caused the files kept on the infected devices to become encrypted. The author of the attack then charged around $24 for the decryption keys.
Locker’s creator announced he was sorry for his actions by posting a message on PasteBin on May 30th.
“I am the author of the Locker ransomware and I’m very sorry about what has happened. It was never my intention to release this. I uploaded the database to mega.co.nz containing ‘Bitcoin address, public key, private key’ as CSV. This is a dump of the complete database and most of the keys weren’t even used. All distribution of new keys has been stopped,” the hacker wrote.
According to the developer, an automatic decryption process that will free all the devices affected by the ‘sleeper’ ransomware kicked-off on Tuesday (2nd), at midnight. Still, the message doesn’t mention the ransoms already paid and possible refunds.
According to Stu Sjouwerman, founder of the digital security firm KnowBe4, the decryption keys released by the hacker don’t appear to be malicious. However, the online safety expert released his opinion based on a brief analysis and advises all victims to wait for a more detailed study of the keys.
The safest option for now is to wait for the automatic decryption of the files promised by the hacker, says Sjouwerman.
Internet users all over the world are sharing their opinions about the attack and the hacker’s unexpected attitude, who claimed that the ransomware was activated by mistake. Nevertheless, Sjouwerman believes the desing of the ‘sleeper’ virus suggests “months-long, careful planning,” so a simple mistake is not a likely explanation for what happened.
The expert believes the creator of Locker might have attracted unwanted attention from the authorities or organized crime and is now trying to fix the problem.
“What we can assume is that he is a talented coder but not an experienced cybercriminal, because a foul-up like this would never have happened with professional Eastern European organized cybercrime. He may have worked as a developer for one of these gangs and decided to start his own outfit, which backfired.”