Threat Management, Incident Response, Malware, TDR

Researchers discover ransomware server credentials in source code

Researchers examining a new strain of ransomware discovered credentials of the server within the malware's source code. The authors of SNSLocker ransomware “were either too quick or they aren't investing that much on the operation when they left their credentials out in the open,” Trend Micro stated in a blog post detailing the firm's discovery.

The firm has reported the information to law enforcement agencies. The malware developers used readily available servers and payment systems, according to Trend Micro.

SNSLocker, a new strain of ransomware that surfaced last month, searches infected computers for commonly used file types, such as .bmp, .mp4, .doc, and others and encrypts the files, altering the encrypted file names with a .RSNSLocker extension.

The release of the credentials renders the new malware useless. “Leaving or forgetting the password there means that almost anyone can access the server," researchers wrote. "The data that was publicly accessible also included the decryption key.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.