This week, the threat actor behind the lesser-known AstraLocker ransomware has reported telling the technology news outlet, BleepingComputer that they are shutting down the operation and plan to switch to cryptojacking. As well as shutting down the operation, the developer also submitted a ZIP archive which contained AstraLocker decryptors to the VirusTotal malware analysis platform.
The decryptors have been confirmed as legitimate by BleepingComputer after they downloaded the archive and tested one of them against files encrypted in a recent AstroLocker campaign.
“It was fun, and fun things always end sometime. I’m closing the operation, decryptors are in zip files, clean. I will come back,” The AstraLocker developer was quoted as saying. “I’m done with ransomware for now. I’m going in cryptojaking lol.”
Even though the threat actor did not reveal the reason behind the shutdown, there is a high possibility that it is due to the sudden publicity brought by the law enforcement operations.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.