Outwitted by the virus researcher – Philadelphia ransomware is now decrypted

Quite recently, a new sensation appeared on the dark net – Philadelphia ransomware – a variation of Stampado file-encrypting virus. For a while, the creator was in his highest spirits by boasting about the invincibility of the virus on a darknet. However, it did not take too long for a virus researcher to notice this bustle. Fabian Wosar gets credit not only for dragging this virus into daylight, but he can be praised for the decryption key – the code which the victims of Philadelphia ransomware have been waiting for – as well. So is this it? Has the virus been completely taken down?

Usually, the silence is one of the key factors guaranteeing the success of a cyber threat. With little information about its operation peculiarities, it is a hard task to stop it. Therefore, the author committed a fatal mistake. He publicly introduced the virus and its explicit operation details on a black market. The hacker planned to make even a bigger profit by giving away the permission to the ransomware modification to anyone. Any user, who had sympathized the ransomware business, was able to distribute the malware and earn a delicate amount of money. Indeed, the virus was a novelty among existing ransomware. One of the main feature – Philadelphia Headquarter. Using this application, the hacker may give mercy to his victims by simply clicking the button and decoding the files. On the other hand, a cyber-villain might delete the files on specific intervals. The software also enables to track the transmission of ransomware and victims’ IT addresses. Moreover, it helps to determine whether a victim remitted the payment as well. Likewise, the virus might have shared popularity on the black market.

Fortunately, the ransomware has lasted only a couple of days. Fabian Wosar, the same virus researcher, who has been confronting Apocalypse authors and decrypting their virus, found a way out. Soon after he detected the virus, he managed to create the decryption key. One of the key weakness of the malware – “bridges.” They are proxy servers which send important data about the virus operation to its parent server. The names of these servers are deeply rooted in the code of the ransomware. Likewise, the IT expert managed to track the virus down and cease its operation. This time, the justice prevailed, and the virus was stopped before wreaking more havoc. Unfortunately, there are still many ransomware threats roaming around which do not have a cyber antidote. Thus, you, an ordinary user, should exercise cautiousness: stay away from file-sharing domains and update your security applications every day.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

Read in other languages