Poor SNSLocker Code Reveals C&C Server Credentials

An epic fail has happened in the world of infosecurity recently. The creator of the SNSLocker ransomware forgot the access credentials to his C&C (command and control) server in the ransomware’s code, Trend Micro reported.

Thanks to the credentials, the experts of Trend Micro were provided with full access to the master server and recovered the private encryption keys needed to unlock the files of all users infected with this type of ransomware.

The oustanding mistake lead researchers to the conclusion that they were dealing with a less skilled malware coder, who didn’t ever bother buying a VPS (Virtual Private Server), but kept his C&C server on a shared hosting provider, where it was susceptible to easy takedown requests.

SNSLocker came out towards the end of May, and it closely followed the pattern of all modern-day crypto-ransomware families.

There is the same dual AES-RSA encryption model, the classical lock-screen threat, the ransom note timer, and even the same ransom amount, SNSLocker requesting $300, which is about the average payment demand.

According to security researchers, the ransomware is coded in the .NET Framework 2.0 framework and it managed to infect users all over the world, with a third of its victims in the US.

The clues point to a new ransomware actor which is just entering the market, and he may have just botched his entry.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.