Scammer related with deadbolt ransomware

-

I have a video on YouTube talking in English about recovering from this ransomware deadbolt attack, and there were a lot of posts made in the comments section of that video.

I have blocked them now, but most of them were posts by bots advertising hackers who promised to recover files which were encrypted by ransomwares.

I was trying to support a Japanese consulter whose ransom note couldn’t be restored. He didn’t know the bitcoin address to transfer the ransom to.

I couldn’t help asking this hacker to help us.

Then the hacker deceived me into believing that the decryption key would be obtained by having OP_RETURN output to the blockchain in the same way as when paying the ransom, but at a lower price than the ransom.

However, there was one thing I was not convinced of.

That was, how could they write out the decryption key to OP_RETURN without the ransom note, which has bitcoin address?

My understanding was that the bitcoin address assigned to each NAS and the decryption key are a one-to-one set, so if the bitcoin address is unknown, it should be impossible to identify the decryption key.

I repeatedly asked him about it, but he insisted that he would be able to provide me with a decryption key even if I did not know the bitcoin address.

HHe charged me $500 worth of bitcoin for the decryption key.

When I was tricked into paying him, he generated the decryption key and sent me an image while I was asleep on purpose.


When I tried to decrypt my consulter's file using this the following evening, I got the error message "the entered key has an invalid format", and we could not decrypt the files.

When I contacted them about this, the hacker sent me an image, saying, "It was too late to use the decryption key. The decryption key was used by someone else and is now invalid. To generate the decryption key again, send me another $230 worth of bitcoin so I can buy a bypass pin."

In the first place, the string that the hacker first sent me claiming to be a decryption key was not really even a decryption key, just a string of characters. If it were a decryption key, the message "invalid decryption key entered” would have been displayed.

When using the decryption key the second time, the hacker, myself, and my consulter made a appointment to generate the second decryption key to use it immediately. He sent me another key.

I tried to enter the decryption key, but an error message was displayed and decryption was not possible. He seemed to have become a bit more careful about choosing the characters to send us at least, but it was still an invalid decryption key anyway.

The hacker apologized and said he would refund all the bitcoin I sent him, but he has not made a refund.

So I made a scam report to Binance. The hacker was using his Binance account to receive my bitcoin, so I hoped it would work. They suspended his account only temporarily, and what they can do is limited.

I need to consult the police to ask them to make a low enforcement request to Binance.

I decided to warn people about this kind of scam by revealing the Instagram account of the fraudulent hacker. The account name of the hacker is mouse_codes.

There are also several other hackers who have been using bots to advertise their businesses. Though I'm not sure if all of them are fake, I would never be able to any hackers who use bots to advertise themselves.

I hope there would be no more people who fall for such kind of scams any more, so here I decided to confess what happened to me. I hope this article will save someone.

コメント

コメントを投稿

このブログの人気の投稿

Attacked By Deadbolt Ransomware

-
イメージ
Deadbolt Out of the Blue Slightly after my father went back home from work on May 13, his QNAP NAS server at his company was attacked by Deadbolt Ransomware. He noticed the extensions of all the files on the server were turned into .deadbolt next morning. Because it was Saturday morning, his securiy management company was not operating, so he gave me a call. He asked me to come to check it up and fix it.  Then I thought his vendor should take care of the incident because I was not in charge of the security management of the server any longer. So I asked him to wait for their support. Next week, the person in charge of my father's server from the vendor visited his company and explained how they could recover the files. He told us the server had been set up so that backup files would be made when they were stored at the same time, and they would be able to restore the files from the backup. My father made them take the server to their place then. It took them quite a few days to est...
続きを読む

My New Year's Resolution for 2019

-
イメージ
Quit speculation Last year I went through a hard time in tackling my depression. The worst side appeared when I was engaged in investment in a speculative way. I also bought expensive information for sale and investment tools, which didn't work well. My doctor admits depression may lead us to spend much money. So I hope I can control my zest for investment more wisely this year. Keep balancing work and life Toward the end of last year I could barely manage to retrieve concentration in my day job, though I still feel drowsy while I'm at desk and my boss looks grumpy when he finds me idling. I'm doing my best anyway. I think I had better limit my working hours to work more efficiently and to have some rest enough to get over depression, but it seems difficult for some reasons. My work load as a mother and office worker is quite heavy when I have to get over depression. I hope I can handle the problem better this year. Become a successful giver I'd li...
続きを読む