Advertisement
Tech by VICE

Hacker Has Sudden Change of Heart and Gives Ransomware Victims Their Files Back

After making $169, hacker was "very sorry."

by Lorenzo Franceschi-Bicchierai
Jun 3 2015, 4:34pm

Image: Perspecsys Photos/Flickr

Who says cybercriminals can't have a good heart?

A hacker who made a virus that locked victim's data and held it for ransom had a change of heart last weekend. In a message posted online on Saturday, the hacker, who goes by the name "Poka BrightMinds" decided to publish data to help victims infected by the virus unlock their files.

Poka BrightMinds wrote that they regretted their actions and were "very sorry."

All the hacker got from their criminal enterprise was a total of $169, according to Symantec researchers, who tracked down the Bitcoin addresses where Poka BrightMinds was set to receive payments from victims.

"I'm very sorry about that has happened. It was never my intention to release this."

Ransomware is a type of malware that infects a victim, encrypts his or her data and asks for a ransom to decrypt it, typically in Bitcoin. Sometimes the malware is programmed to display a message that says the FBI or another authority found child porngraphy, or other illegal content on the computer, and asks for the payment of a fine. The use of this type of malware has increased in the last couple of years, so much that it caught the FBI's attention.

In this case, the malware was simply called "Locker." The author posted a database of decryption keys, which in theory would allow all victims to unlock their files. The hacker also said that "automatic decryption" would start on Tuesday.

"I am the author of the Locker ransomware and I'm very sorry about that has happened," Poka BrightMinds wrote in a note posted to Pastebin. "It was never my intention to release this."

After the hacker posted the database, Nathan Scott, a member of the online forum BleepingComputer.com, created a tool to easily decrypt infected files. Various members of the forums said that they were able to unlock at least some of their files.

When the files are decrypted, an uplifting message appears on the victim's computer, according to Lawrence Abrams, a member of BleepingComputer.com

"I'm sorry about the encryption, your files are unlocked for free. Be good to the world and don't forget to smile," the message read, according to multiple victims.

"I'm sorry about the encryption, [...] Be good to the world and don't forget to smile."

It's unclear who Poka BrightMinds is, and why the hacker regretted creating the virus. Motherboard was unable to contact the hacker. Yet, despite his remorse, and his attempt to "make amends," as Symantec researchers put it, the virus' author "still broke the law and caused their victims countless worries, time, and money trying to rectify the damage."

Indeed, one of the victims, referring to the decryption message that asked people to smile, wrote that "it's hard to smile when you've had no sleep for a week and missed out on time with the family to deal with this mess."