An interesting story happened with the Locker Trojan that was recently activated and encrypted files on thousands of users’ computers. Locker was deactivated and have been hiding on users’ computers and waiting for command. Suddenly it was activated on all infected computers simultaneously. This is a very smart tactic which allows an attacker to increase the success rate of attack.
Recently, Locker was activated and demanded from every infected user the amount of 0,1 Bitcoin (around $24). But on May 30th on the Pastebin website a message appeared saying “I am the author of Locker Trojan and I am very sorry for what happened. I never wanted to release it”.
The author gave a link to Mega file hosting where he uploaded a file with 127,5Mb size with dump of the entire database. There are various Bitcoin addresses, public and private keys of each victim. So, the infected user can find on his computer the address where the ransom should be sent, after that he can find the corresponding key in that database dump file and use it to decrypt files and unlock his computer. Moreover, the author has promised to launch the automatic procedure that will unlock and decrypt files on every infected computer.
Experts find it difficult to explain this behavior of repentant hacker. They think that the author could be under the pressure of law enforcement agencies.