A Security Researcher Got a Ransomware Version Named After Him

The Emsisoft security expert, Fabian Wosar, who kept cracking the Apocalypse ransomware over and over again, now has it named after him. The criminal gang behind the Apocalypse got sick and tired of constantly being sabotaged and decided to use another tactic for their product, renaming it after its cracker – Fabiansomware.

The Apocalypse, or, since now, the Fabiansomware, first appeared on the malware stage in April this year. Cybercriminals used it to brutally force RDP connections in order to get access to the target`s PC or network. On each different computer, the ransomware authors installed Apocalypse manually.

At that time, the Apocalypse ransomware followed the steps of a trendy wave of ransomware families that used the RDP brute-forcing techniques, such as Smrss32, Bucbi or the ransomware distributed by a group named the Julian Assange Corporation.

The researcher, Fabian Wosar, is famous for creating lots of free ransomware decryptors during the past year and he has been cracking the Apocalypse gang`s hard work for months.

Fortunately, the Apocalypse`s code wasn’t so hard to crack and Wosar managed to create a decryption tool for almost each different version of the ransomware which has been released, including the Apocalypse and ApocalypseVM branches.

Understandably, the ransomware authors weren’t so psyched about being sabotaged over and over again so they added (not so) subtle clues in the Apocalypse`s source code, which Wosar found and tweeted.

ransomware code

And now, even six months later, the Apocalypse gang still can`t get rid of Wosar so they tried to ruin his reputation by changing the ransomware name to Fabiansomware. All ransom notes show the Wosar`s name and the crooks are even using the fabiansomware@mail.ru to request payments.

fabian vs crook

It is clear that all this effort is aimed at making people believe that Wosar had something to do with the ransomware creation. However, this attempt is quite lame given the fact that the Wosar`s name is associated with numerous free decryptors, which helped many users, fallen victims to different pieces of ransomware, to recover their files for free.

Some of the Wosar`s tweets about this ransomware and the crooks` latest rebranding attempt you can see below. Moreover, if you are one of the Fabiansomware`s victims, please follow the link: Emsisoft’s Apocalypse decryption tool.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.