Security Researchers Puzzled by Demise of TeslaCrypt Ransomware
Cyber-criminals have already shifted to another ransomware program, CryptXXX, but researchers continue to puzzle over why TeslaCrypt's operators gave up their encryption keys.In early May, Igor Kabina, a researcher with security firm ESET, noticed that the group behind the third most prevalent ransomware operation, TeslaCrypt, had seemingly taken a breather. Following the April release of version 4 of its data-encryption malware, the group's development efforts slowed. Wondering if the group was closing up shop, Kabina pretended to be a victim and used the group’s support service to ask if it would release the master key. "On April 27th, a version that later turned out to be the very last version of TeslaCrypt was compiled," he stated in a company interview. "Soon after that, I noticed that the people behind it had stopped spreading this version and that all the links they used were slowly dying. So I tried my luck, pretended to be one of their victims and asked them if they would be so kind as to release all four of the private keys they had been using since TeslaCrypt started." To the surprise of everyone at the security firm, a few days later, on May 18, the ransomware group announced it was shutting down and publicly released its private key.
The reason for the abrupt halt of the criminal operation, however, remains a mystery. Although the group ended its brief goodbye note with an apology—"we are sorry!"—researchers doubt that shame led the group to cease operations. The criminals behind TeslaCrypt sometimes allowed lesser payments and even decrypted for free, but the group did not generally show remorse in dealing with victims.