Security News > 2022 > July > AstraLocker ransomware reportedly closes doors to pursue cryptojacking

AstraLocker ransomware reportedly closes doors to pursue cryptojacking
2022-07-06 01:28

The developer of the AstraLocker ransomware code is reportedly ceasing operations and turning attention to the far simpler art and crime of cryptojacking.

The developer of AstraLocker posted a ZIP folder containing decryptors for the AstraLocker ransomware via VirusTotal, which Bleeping Computer said are legit.

The decision to shut down, and release an antidote of sorts, comes after ReversingLabs last week detailed the latest version of the ransomware - AstraLocker 2.0 - that had some interesting quirks and amid reports that Emsisoft is working on a universal decryptor for the Windows malware.

According to ReversingLabs' write-up, the AstraLocker 2.0 ransomware is distributed directly from Microsoft Office files that victims are tricked into opening.

Babuk emerged in early 2021 and was linked to a number of high-profile infections, including one in April 2021 that hit the Metropolitan Police Department in Washington DC. The AstraLocker ransomware appeared at about the same time that Babuk's code was leaked.

How the AstraLocker operators' exit from the ransomware scene will impact victims of AtraLocker 2.0 remains unclear.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/06/astralocker-ransomware-shutters-operations/