Ransomware scammers continue to surprise us with their arrogance. Not only do they lock the computers of innocent people, but sometimes they also throw away the key. One ransomware scammer got caught and decided to delete the master key to encrypted computers.
Ransomware Master Key Deletion – What Happened?
The ransomware-as-service called Encryptor RaaS was created in mid-2015. The creator of the service offered a generous 95% cut for affiliates who would spread his virus. 5% is a low cut. Shark ransomware demanded 20% which was enough to raise a few eyebrows.
The person who created Encryptor RaaS is known as “jeiphoos.” He’s very active on the Web, frequenting underground forums and social media sites. Jeiphoos continued operations until July 2016. His operation ran into some trouble.
According to his last messages before flipping the switch, jeiphoos was upset with his affiliates. He blames them for “insulting” him and “spreading FUD” (fear and doubt.) After that, jeiphoos deleted the master key and stopped processing payments. The case was chronicled by Trend Micro.
Encryptor RaaS – How Low Can You Go?
The developer of Encryptor RaaS is not only bitter and resentful, but he’s also quite incompetent. The reason for the shutdown of his service wasn’t just annoyance with his clientele. The Encryptor RaaS server was discovered and shut down by law-enforcement. Jeiphoos left one of his services without protection, which led to his discovery and the neutralization of the service.
Ransomware scamming is bad enough as it is, but destroying the master key out of anger is a new level of scumbagness. It wouldn’t make any difference if jeiphoos had just released the master key for free. In other words, any victims of the virus have no way to recover their files, even if they try to pay the scammers. It’s not uncommon for scammers to simply ignore payments.
Jeiphoos’s Final Message:
Ransomware-as-Service Is Failing
Ransomware-as-a-service sounds like an effective idea. Crooks cooperate on their illegal activities and share the profit. However, these are criminals we’re talking about. If they had any integrity, they wouldn’t be in this business. Crooks often try to scam each other.
The Encryptor RaaS proves yet again that this model doesn’t work. Back in our Shark article (another RaaS), we compared the RaaS model of Shark ( now Atom Builder) to the Free-To-Play model. Crooks can download the ransomware program for free and, but they still have to pay later in the form of commissions. The problem should be obvious to most – you can’t expect a criminal to keep his word.