Tech support scammers mess with hacker's mother, so he retaliated with ransomware

Net scum fall hook, line and sinker for infected .ZIP file

'Mother' tattoo

Vengeful security boffin Ivan Kwiatkowski has infected the computer of an Indian tech support scammer with the Locky ransomware.

Kwiatkowski inflicted the virus on the scammers after they attempted to fleece his parents.

The retaliatory strike was easy for the French malware analyst; during a phone call with the scammers he sent through what he claimed was an image of his credit card which, when opened by the scammer, unleashed the Locky ransomware.

While his ability to watch the bloodbath ended with the scammer hanging up, it is likely that Locky, rated the world's most prolific email-borne threat, ripped through the scammer's machine encrypting large swathes of files and possibly travelling through the network to encrypt other machines and connected local and cloud drives.

Kwiatkowski (@JusticeRage) set sights on the scammers after his concerned parents phoned bearing reports that their computer was apparently infected with Zeus, according to a fake virus infection advertisement.

The researcher spun up a virtual machine and dropped the net scum a call. They logged into his machine in a remote desktop session and typed in random crap in a command prompt pretending it was a sign of infection.

Kwiatkowski offered to buy the scammers' security software with some fake random credit card numbers, then sent a would-be photo of his credit card for payment.

"And while a background process quietly encrypts his files, we try paying a couple more times with those random CC numbers and he finally gives up, suggesting that I contact my bank and promising to call me back next Monday," Kwiatkowski says.

"So if you're a French speaker, you should definitely take 15 minutes of your time, call them at +339 75 18 77 63 and try to social engineer them into doing something funny."

This reporter has heard many tales of researchers hacking back against web scum unfortunate enough to target capable hackers. Some claimed to have infected web scammer machines with remote access trojans, taking photos of operators with web cams, and formatting hard disks. ®


Biting the hand that feeds IT © 1998–2017