Full Disclosure mailing list archives
Re: Who's Behind the GPcode Ransomware?
From: kat <lists () grospolina org>
Date: Tue, 10 Jun 2008 16:37:04 +0200
Hoi, but in fact their businessmodel will fail, if one would resell the decryptor. alternatively (if got to much money) buy it and allow free download. greets, kat orginal message: Hello, The following is an OSINT analysis aiming to assist in tracking down the malware authors behind GPcode who seem be to be building custom decryptors, next to issuing a universal one which can be used to decrypt anything ever encrypted by them. Who's behind the GPcode ransomware? It's Russian teens with pimples, using E-gold and Liberty Reserve accounts, running three different GPcode campaigns, two of which request either $100 or $200 for the decryptor, and communicating from Chinese IPs. Here are all the details regarding the emails they use, the email responses they sent back, the currency accounts, as well their most recent IPs used in the communication. http://ddanchev.blogspot.com/2008/06/whos-behind-gpcode-ransomware.html http://blogs.zdnet.com/security/?p=1259 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://blogs.zdnet.com/security http://windowsecurity.com/Dancho_Danchev _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Who's Behind the GPcode Ransomware? Dancho Danchev (Jun 10)
- Re: Who's Behind the GPcode Ransomware? kat (Jun 10)