AstraLocker ransomware ceases operations

AstraLocker ransomware has announced ending its operations as it plans a pivot to cryptojacking, BleepingComputer reports. Ransomware decryptors have been released by AstraLocker along with the announced shutdown of the operation, one of which has already been confirmed by BleepingComputer to work for files that have been encrypted in a recent AstraLocker campaign. However, Emsisoft is poised to release a universal decryptor for the ransomware strain. Increased law enforcement attention may have prompted the end of AstraLocker, even if the ransomware developer did not confirm the reason behind the shutdown. ReversingLabs researchers earlier reported that AstraLocker facilitated device encryption through email attachment payloads in malicious Microsoft Word documents instead of direct device compromise. AstraLocker was also discovered by ReversingLabs to be developed using the leaked source code for Babuk Locker ransomware, while one of the operation's Monero wallet addresses listed on its ransom note was found to be associated with Chaos ransomware operators.