Oh the places you'll go
In part I of our ‘Who’s Behind Ransomware’ series we talked about how commoditized ransomware can be purchased and deployed by criminals with minimal technical skills. As a follow up to that blog post, the kind folks at ID Ransomware / MalwareHunter uncovered a great example of such technical inadequacy. The MalwareHunter team showed that a recent CryptoLite sample was using the same bitcoin wallet address...
...that was used for a really amateur ponzi-scheme being run through a bitcoin chat forum.
The date on the forum was mid 2016. Two years later and the same criminal has graduated to blasting out ransomware - using the same wallet address. Oh the places you’ll go!