Skip to main content

AstraLocker ransomware dev has change of heart, shuts down

If you thought the threat actors behind ransomware were heartless criminals, think again. The person who made the AstraLocker ransomware virus has had a change of heart and shut down the malware. They even gave the decryption keys to Virus Total.

The news comes from a Bleeping Computer report after the AstraLocker developer contacted them. The developer told Bleeping Computer it was fun running AstraLocker but it was time to shut it down. See? They’re not all bad.

faceless hacker in a black hoody
stevanovicigor / 123RF Stock Photo

AstraLocker was a malicious little virus that got around normal anti-virus protections by blasting the victim’s computer with a full viral load directly from a Word document. This tricked the anti-virus into thinking it was a normal operation. To get around sandboxing, the virus checked to see if it was running on a virtual machine and would kill processes if it was, allowing it into the actual computer.

Once on board the machine, it would do what all lockers do: encrypt the hard drive and force the victim to pay money to unlock it. It was the computer version of a smash-and-grab.

AstraLocker was a lesser-known virus until the developer released version 2.0 earlier this year. Then several sites began to report on it, and law enforcement began to take an interest in the virus. Although we here at Digital Trends like to think the virus’ developer was simply a misunderstood person who had a change of heart, some suggest it was the growing attention from federal agencies that motivated the shutdown.

Anyone who has their files locked with AstraLocker malware can contact Virus Total for the decryption keys. VirusTotal is a free collaboration between more than 70 anti-virus and computer intelligence companies. It serves as a sort of knowledge database of all the computer viruses we know about, and they research ways to fight them.

The AstraLocker developer was kind enough to drop the decryption keys in a ZIP file with VirusTotal before scurrying away. Now that the anonymous developer has shown themselves to be a kind and compassionate member of the human family, they’ve vowed to change their ways.

“I’m done with ransomware,” the developer told Bleeping Computer. “I’m switching to cryptojacking.”

Nathan Drescher
Former Digital Trends Contributor
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
New World’s trading system shut down after bug allows players to duplicate gold
New World landscape and ruins.

Players won't be able to give each other gold in New World, effectively shutting down the game's economy, due to a bug that duplicates the game's main currency. The shutdown was put in place after Amazon Game Studios was made aware of the exploit, and it extends to all player-to-player, guild treasury, and trading post transactions.

While currency plays a large part in just about every MMO out there, the shutdown is especially alarming for New World. Making money is a huge part of the game that's impacted by which faction players are part of and what taxes they have to pay when trading. Players can even form companies, or guilds, which regulate taxes in settlements, or can simply give players a larger name as they dole out their wares.

Read more
Eerily beautiful photos highlight how TV tech has changed
An old TV set.

A remarkable set of photos taken by Japan-based photographer Lee Chapman shows old, long-forgotten television sets in their original surroundings.

The eerily beautiful images were captured by Chapman over the last 10 years during explorations of abandoned houses, hotels, and schools buried deep in the Japanese countryside.

Read more
Livestreaming app Periscope will shut down on April 1
periscope super hearts lauunched application on a cell phone

Livestreaming app Persicope is closing down on April 1, owner Twitter has announced.

We’ve known since December that six-year-old Periscope was on its way out, though a specific date for the closure wasn’t given until now.

Read more