Skip to main content

AstraLocker ransomware dev has change of heart, shuts down

If you thought the threat actors behind ransomware were heartless criminals, think again. The person who made the AstraLocker ransomware virus has had a change of heart and shut down the malware. They even gave the decryption keys to Virus Total.

The news comes from a Bleeping Computer report after the AstraLocker developer contacted them. The developer told Bleeping Computer it was fun running AstraLocker but it was time to shut it down. See? They’re not all bad.

faceless hacker in a black hoody
stevanovicigor / 123RF Stock Photo

AstraLocker was a malicious little virus that got around normal anti-virus protections by blasting the victim’s computer with a full viral load directly from a Word document. This tricked the anti-virus into thinking it was a normal operation. To get around sandboxing, the virus checked to see if it was running on a virtual machine and would kill processes if it was, allowing it into the actual computer.

Once on board the machine, it would do what all lockers do: encrypt the hard drive and force the victim to pay money to unlock it. It was the computer version of a smash-and-grab.

AstraLocker was a lesser-known virus until the developer released version 2.0 earlier this year. Then several sites began to report on it, and law enforcement began to take an interest in the virus. Although we here at Digital Trends like to think the virus’ developer was simply a misunderstood person who had a change of heart, some suggest it was the growing attention from federal agencies that motivated the shutdown.

Anyone who has their files locked with AstraLocker malware can contact Virus Total for the decryption keys. VirusTotal is a free collaboration between more than 70 anti-virus and computer intelligence companies. It serves as a sort of knowledge database of all the computer viruses we know about, and they research ways to fight them.

The AstraLocker developer was kind enough to drop the decryption keys in a ZIP file with VirusTotal before scurrying away. Now that the anonymous developer has shown themselves to be a kind and compassionate member of the human family, they’ve vowed to change their ways.

“I’m done with ransomware,” the developer told Bleeping Computer. “I’m switching to cryptojacking.”

Editors' Recommendations