Encryptor Is No More, but the Victims Will Not Be Happy About the Shutdown
You want to make money by holding innocent computer users' files hostage, but you aren't technically savvy enough to come up with a ransomware threat and distribute it around? Recently, a solution emerged to this problem. It's called Ransomware-as-a-Service, and its name is pretty indicative of how it works. Aspiring cybercriminals whose computer skills amount to holding the mouse the right way around go to Dark Web forums, contact hackers, and 'rent' ransomware in order to profit from a threat that's already in the wild. The technical operation is taken care of by the hacker while the client's responsibilities come down to paying the commissions regularly. Encryptor was one of the ransomware variants that was offered as a service. It was released to the general public in July 2015 and it quickly became a hit with the technologically challenged criminals. There were a few good reasons for Encryptor's popularity.
For one, price-wise Encryptor was something of a bargain. Developers of other threats like the Cerber ransomware take about 40% of the revenues while Encryptor's creator, a person who goes by the nickname Jeiphoos, only wanted 5%. But the low price didn't mean low quality.
Encryptor's author really wanted to make his creation undetectable. He even resorted to signing the malicious files with stolen digital signatures in an attempt to dodge anti-malware programs. As an added bonus, a version for Linux servers was available, which made the target audience larger. There was no way of retrieving the information for free, either. Encryptor locked the files with a combination of RC6 and RSA, and try as they might, researchers were unable to crack the encryption.
Encryptor looked like a very appealing ransomware variant for the people looking for an easy, unscrupulous, and illegal way of making money. Only at first glance, though.
Researchers from TrendMicro saw how popular Encryptor is and, naturally enough, they were keeping a close eye on it. They noticed that some of the clients weren't completely happy with what they got, which probably put Jeiphoos in a bit of a mood.
Then, TrendMicro examined the infrastructure and found out that Jeiphoos had forgotten to hide one of the Command & Control servers in the Tor network. Law enforcement was called and the server went down in no time.
Jeiphoos (who was probably even more grumpy at this point) tried to hide the rest of the infrastructure by putting the project on halt, but unfortunately for him, law enforcement took down three more C&C servers before he could cover his tracks. His actions were the final straw for the person behind Encryptor.
On July 5, 2016, about a year after Encryptor's first appearance, Jeiphoos announced that he's stopping the project for good. Surely, that's good news. It is unless you are a victim of Encryptor and your files are still locked.
Jeiphoos was so upset with the fact that his servers were seized, that when he announced Encryptor's end, he said that he's deleting the master decryption key. He also said that he will not release the source code and will not reply to any questions or requests. What this means is that victims are left with no options. Even if they are willing to pay the ransom, they still won't be able to get their files back.
Encryptor's demise and the fact that Jeiphoos might be retiring in the near future (he said in one of his statements that he's getting too old for this you-know-what) is good news for regular computer users because they have one less threat to worry about. Unfortunately, as a result of Jeiphoos' drama queen moment, some people were forced to wave their files goodbye.