1 min read

AstraLocker Gang Abandons Ransomware, Switches to Cryptojacking

Vlad CONSTANTINESCU

July 05, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
AstraLocker Gang Abandons Ransomware, Switches to Cryptojacking

AstraLocker ransomware operators recently announced they’re shutting shop and plan to focus on cryptojacking. The malicious operation’s developer also bundled decryptors for its ransomware in a ZIP archive and uploaded it on a popular malware-analysis platform.

AstraLocker members shared details of its shutdown with Bleeping Computer, who checked the contents of the decryptor archive, confirmed their legitimacy, and tested their functionality against files encrypted by the ransomware.

It’s worth mentioning that they only tested a decryptor for files locked as part of a recent campaign. However, the ZIP archive holds several decryption tools, so they likely work for a broader range of AstraLocker campaigns.

"It was fun, and fun things always end sometime. I'm closing the operation, decryptors are in zip files, clean. I will come back," reads AstraLocker's developer’s message. "I'm done with ransomware for now. I'm going in cryptojaking lol."

The developer left out the reason behind AstraLocker’s sudden shutdown. The consensus is that the actors behind the operation garnered unwanted attention from law enforcement and want to fly under the radar for a while.

While not as notorious as ransomware operations such as LockBit, REvil and Conti, AstraLocker made its mark in the cybercrime underground with a rather atypical encryption technique. It preferred a direct approach and deployed payloads straight from email attachments instead of initially compromising the device as similar operations do.

The threat actors would disguise the payloads in malicious OLE objects inside decoy Microsoft Word documents. For an attack to succeed, victims needed to confirm their actions by clicking the Run button inside a warning prompt after opening the document.

Before starting to encrypt documents on the compromised device, AstraLocker performed a series of actions, including:

  • Checking if it’s running inside a virtual machine
  • Stop backup processes to prevent victims from recovering their files
  • Killed AV services and processes that would impede the ransomware from running properly

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns America’s Emergency Alert System Is Vulnerable to Hacker Attacks, DHS Warns
Filip TRUȚĂ

August 05, 2022

2 min read
Keeping Your PayPal Account Safe: A Brief Guide Keeping Your PayPal Account Safe: A Brief Guide
Vlad CONSTANTINESCU

August 05, 2022

3 min read
35,000 GitHub Repository Clones Tainted with Malware 35,000 GitHub Repository Clones Tainted with Malware
Vlad CONSTANTINESCU

August 04, 2022

2 min read