Skip to main content
  1. Home
  2. Computing
  3. News

AstraLocker ransomware dev has change of heart, shuts down

Add as a preferred source on Google

If you thought the threat actors behind ransomware were heartless criminals, think again. The person who made the AstraLocker ransomware virus has had a change of heart and shut down the malware. They even gave the decryption keys to Virus Total.

The news comes from a Bleeping Computer report after the AstraLocker developer contacted them. The developer told Bleeping Computer it was fun running AstraLocker but it was time to shut it down. See? They’re not all bad.

faceless hacker in a black hoody
stevanovicigor / 123RF Stock Photo

AstraLocker was a malicious little virus that got around normal anti-virus protections by blasting the victim’s computer with a full viral load directly from a Word document. This tricked the anti-virus into thinking it was a normal operation. To get around sandboxing, the virus checked to see if it was running on a virtual machine and would kill processes if it was, allowing it into the actual computer.

Recommended Videos

Once on board the machine, it would do what all lockers do: encrypt the hard drive and force the victim to pay money to unlock it. It was the computer version of a smash-and-grab.

AstraLocker was a lesser-known virus until the developer released version 2.0 earlier this year. Then several sites began to report on it, and law enforcement began to take an interest in the virus. Although we here at Digital Trends like to think the virus’ developer was simply a misunderstood person who had a change of heart, some suggest it was the growing attention from federal agencies that motivated the shutdown.

Anyone who has their files locked with AstraLocker malware can contact Virus Total for the decryption keys. VirusTotal is a free collaboration between more than 70 anti-virus and computer intelligence companies. It serves as a sort of knowledge database of all the computer viruses we know about, and they research ways to fight them.

The AstraLocker developer was kind enough to drop the decryption keys in a ZIP file with VirusTotal before scurrying away. Now that the anonymous developer has shown themselves to be a kind and compassionate member of the human family, they’ve vowed to change their ways.

“I’m done with ransomware,” the developer told Bleeping Computer. “I’m switching to cryptojacking.”

Nathan Drescher
Former Computing Writer
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
A Windows 11 bug may be quietly eating hundreds of gigabytes of your storage
Windows 11’s storage-eating bug now has a fix from Microsoft
Windows 11 suffering from RAM crisis

If your Windows 11 PC suddenly looks low on storage, your downloads folder or game library may not be the problem. According to Windows Latest, a bug tied to a Windows system file can silently consume tens or even hundreds of gigabytes on the system drive.

The file in question is called CapabilityAccessManager.db-wal, and it sits inside Windows’ Capability Access Manager folder. Windows Latest says the issue may appear as unusually high “System files” usage in Windows 11’s storage breakdown, even though the Settings app does not clearly identify the exact file responsible. In some reported cases, users saw it grow to 200GB, and even more.

Read more
Your next Teams meeting could have an AI teammate that answers questions for you
Teams is getting smarter, cleaner, and quieter about it. The AI features are opt-in, the chat cleanup is automatic.
Computer, Electronics, Laptop

Microsoft Teams is getting a meaningful update that overhauls almost every part of how you use the app, from AI-assisted meetings to a cleaner chat layout. Most of the changes are already in testing, and several are scheduled to roll out before the end of the summer.

Starting with the most interesting addition: an upgraded AI Facilitator that can listen to your meeting, spot when someone seems confused, and generate a response (via Windows Report). 

Read more
A hacker’s arrest just revealed how Microsoft can track your Windows device
Microsoft knew what websites his Windows PC visited.
Windows 11 on a laptop

A teenager allegedly used a VPN to cover his tracks while hacking a US jewelry retailer, but Microsoft knew anyway.

Court documents unsealed in the US case against Peter Stokes, a 19-year-old dual US-Estonian citizen accused of being a member of the notorious Scattered Spider hacking group, reveal that Microsoft provided the FBI with records tied to a tracking mechanism called the Global Device Identifier, or GDID. 

Read more