Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/bontchev/statuses/111841806296816629">VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:24 JST</a><a href="https://infosec.exchange/@bontchev" title="bontchev@infosec.exchange"><img src="https://gnusocial.jp/avatar/202699-48-20240116104255.webp" width="48" height="48" alt="VessOnSecurity" style="position: absolute; left: 0; top: 0;">VessOnSecurity</a><div><a href="https://infosec.exchange/@malwaretech/111841620356666918" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/157854" title="mttaggart@infosec.town">Taggart :donor:</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@malwaretech">@malwaretech</a> <a href="https://infosec.town/@mttaggart">@mttaggart</a> It was a *very* sloppy job. If they were pros and wanted to *disguise* a destructive attack as ransomware, they would have made a real ransomware and just not deliver the keys once ransom was paid.</p><p>No, it was some retarded guy patching incompetently known ransomware. And only part of it; there was also a different, file-encrypting part that wasn't destructive - meaning you could decrypt, if you had the key. The only explanation for both parts to exist (i.e., it was neither obviously destructive, nor real ransomware) is that whoever did it, didn't know what they were doing.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2650227#notice-5257436">In conversation</a><time datetime="2024-01-30T08:37:24+09:00" title="Tuesday, 30-Jan-2024 08:37:24 JST">about 10 months ago</time> <span>from <span><a href="https://infosec.exchange/@bontchev/111841806296816629" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@bontchev/111841806296816629">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: paid.No</div><h5><a href="http://paid.No/">paid.no is parked</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
VessOnSecurity (bontchev@infosec.exchange)'s status on Tuesday, 30-Jan-2024 08:37:24 JSTVessOnSecurity
in reply to
- Marcus Hutchins :verified:
- Taggart :donor:
@malwaretech @mttaggart It was a *very* sloppy job. If they were pros and wanted to *disguise* a destructive attack as ransomware, they would have made a real ransomware and just not deliver the keys once ransom was paid.
No, it was some retarded guy patching incompetently known ransomware. And only part of it; there was also a different, file-encrypting part that wasn't destructive - meaning you could decrypt, if you had the key. The only explanation for both parts to exist (i.e., it was neither obviously destructive, nor real ransomware) is that whoever did it, didn't know what they were doing.
In conversationabout 10 months ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: paid.No
  paid.no is parked

Public

Embed Notice

HTML Code

Corresponding Notice