Hackers take revenge: ID Ransomware servers hit by DDoS attacks

by Jake Doevan - - 2017-03-14

Battling ransomware^[1] is a perilous business and often turns against the ones who attempt to immobilize these file-encrypting parasites. Unfortunately, this is exactly what recently happened to the cyber security expert’s Michael Gillespie’s website ID Ransomware.

ID Ransomware is an online ransomware recognition service which, at the moment of writing, is capable of identifying over 330 different types^[2] of ransomware by automatically analyzing the ransom note and a copy of an encrypted file that the visitors are asked to submit on the site. This helpful project was launched nearly a year ago and has already achieved recognition among the specialists and home users alike. We should point out though that ID Ransomware is not the only anti-ransomware project Gillespie is working on. This malware researcher has personally decrypted or contributed to the decryption of many ransomware^[3], allowing thousands of users reclaim their encrypted files free of charge. One of Gillespie’s latest breakthroughs was the decryption of Enjey ransomware, and this seems to have made the virus creators go off the deep end. Eventually, cyber-criminals have decided to take revenge and take down Michael Gillespie’s website with a series of DDoS attacks.

ID Ransomware hit by DDoS attack

DDoS, otherwise known as Denial-of-service attack^[4], is a process meant to disrupt the operation of a device or online server. It is done by sending continuous requests that flood and paralyze the system. Over the two days, ID Ransomware has undergone two waves of such attacks. In both instances, the hackers were using C-Sharp programing language and set two files called Hi from enJey.txt and Hi from enJey.exe to continuously upload to the ID Ransomware’s server for hours at a time. During the first wave, which made the server go down, the experts have counted around 200,000 of such upload requests per hour. The second wave was much smaller — only 20,000 requests were received over the period of 30 minutes^[5].

Luckily, site administrators managed to handle the situation, and the site was revived four hours later.
This event is yet another reminder why ransomware stand among ranks of the most dangerous parasites and that there are often serious criminals working behind them. Thus, if you ever get infected with Enjey, Osiris, Cerber or any other ransomware — do not collaborate with the extortionists! Do not pay the ransom and delete the virus from your computer as soon as you possibly can.

About the author

Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

References

^ Ransomware: Q&A. NoMoreRansom. The No More Ransom Project.
^ ID-ransomware official website. ID Ransomware. Ransomware identification service.
^ Michael Gillespie's profile. BleepingComputer blog.
^ What is a DDoS attack?. DigitalAttackMap. DDoS attacks around the globe.
^ Catalin Cimpanu. Embittered Enjey ransomware developer launches DDoS attack on ID Ransomware. BleepingComputer blog.