SNSLocker Author Leaves C&C Server Credentials in Ransomware’s Source Code
Security Update : Epic fails happen all the time, but in the world of infosec, there are very few that can top this one. As Trend Micro reported today, the author of the SNSLocker ransomware forgot the access credentials to his C&C (command and control) server in the ransomware’s code.
The credentials provided Trend Micro researchers with full access to his master server, where they were able to recover the private encryption keys needed to unlock the files of all users infected with this ransomware variant.
While initially the mistake took researchers by surprise, in the end, they realized they were dealing with a less skilled malware coder, who didn’t ever bother buying a VPS (Virtual Private Server), but kept his C&C server on a shared hosting provider, where it was susceptible to easy takedown requests.
SNSLocker appeared towards the end o… (read more)