A FireEye researcher told Vice’s Motherboard that spam campaigns for both malware types has seemingly stopped since June 1 and that they cannot confirm how the botnet was brought down.
In an odd twist the botnets removal could mean victims who are willing to pay the ransom may no longer be able to do so, the researchers said.
“Victims of the Locky ransomware in the past have been able to pay to get their data back, but now with the infrastructure being taken offline it is unclear whether the crypto keys have been preserved or if there is anyone to distribute them,” Tripwire security researcher Craig Young told SCMagazien.com via email comments.
On June 1, Russian authorities arrested 50 hackers who allegedly stole the equivalent of more than $25 million (U.S.) from various Russian financial institutions, Reuters reported, and that has been offered up, but not confirmed, as one explanation why the botnet disappeared.
Group-IB, a Russian cybersecurity firm that works with law enforcement, told Motherboard it doesn’t think the two instances are connected.
Young feels there may be another explanation.
“It is entirely possible that its operators have been spooked by law enforcement (or other) actions and have simply wiped all of the systems they used for running the criminal campaign,” he said.