Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's a "Command-and-Control" server (C&C or C2).

https://en.wikipedia.org/wiki/Command_and_control_%28malware...

I just learned that too. For me, C&C reminds me "Command and Conqueer" (the game).

https://en.wikipedia.org/wiki/Command_%26_Conquer



Thanks, I just realized it after reading Claud Xiao and Jin Chen's analysis, too. Apparently, this ransomware uses Tor to hide its origin.

Analysis: http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-...


I liked the "We have ticket system." (in the screenshot of "README_TO_DECRYPT.txt").

They ask (only) 1 BtC as a ransom.


And they decrypt one file for free, to prove they can do it. Nice touch.

Screenshots of the web UI:

https://twitter.com/moyix/status/706577507965870080/photo/1




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: