The author of the infamous ransomware virus has finally been identified. The virus began hitting computers in July and used a Trojan called Delf.ctk which encrypted all the files on the infected computer, rendering them inaccessible, then demanded victims call a 900 number and pay $35 to get them back. The payment processor used is also used by various porn sites.
The author is believed to be a Russian national, and security experts think he’s probably behind similar ransomware attacks on 2006 and 2007. The latter demanded $300, so this new attack was somewhat of a bargain. Sources close to the authorities investigating the hacker say he also tried to profit from his malware by attempting to sell a tool that will restore access to files on infected computers to at least one security company.
Security experts tracked down the author by resolving the proxied IPs used in the attacks to their real addresses, which turned out to be zombie computers. Locating the owners of those zombie systems proved difficult when Yahoo refused to cooperate. Foreign police have been notified, however, and appear to be continuing the investigation.