EvilZone

Other => Found it on the Webs => : chris_kzn December 08, 2015, 08:42:47 PM

: EvilZone makes Fortinet News
: chris_kzn December 08, 2015, 08:42:47 PM

EvilZone makes Fortinet News:

https://blog.fortinet.com/post/keeping-an-eye-on-encryptor-raas

: Re: EvilZone makes Fortinet News
: 0E 800 December 08, 2015, 09:34:24 PM

More specifically:


Who is behind Encryptor RaaS?

The TOR- and Bitcoin-based operation of Encryptor RaaS makes it hard to track the author behind this ransomware. On top of that, the author uses the dark web mail service SIGAINT to talk to clients.

We found that a thread was created in the forum evilzone.org regarding our previous Encryptor RaaS post. A user with the handle jeiphoos has replied to the thread and identified himself as the author of Encryptor RaaS. One of his replies to the thread suggests that he has been or is around many German-speaking people:
(https://blog.fortinet.com/uploads/images/jeiphoos2.png)
_{Figure 7. Forum post of jeiphoos on evilzone.org}

Additionally, his forum profile shows that his local timezone is Central European Time, which is Germany's timezone. Therefore, it is possible that the author is located in Germany or in one of the countries under the CET timezone.

: Re: EvilZone makes Fortinet News
: KOR December 12, 2015, 08:20:47 PM

Well, this is interesting. RaaS as a new platform for affiliates? That's the last time I click a link that says I've been referred by a friend.

: Re: EvilZone makes Fortinet News
: iTpHo3NiX December 12, 2015, 08:46:48 PM

I love how queery is in the screenshot xD

: Re: EvilZone makes Fortinet News
: jeiphoos December 20, 2015, 03:40:03 AM

Hello Roland,

First, my RaaS isn't written in Java. The references to
"libgcj.dll"/"libgcj-12.dll" are even included when Java support isn't
compiled into MingW GCC.

Second, the filenames 'wallet.dat' and 'electrum.dat' aren't exempted from
the encryption. What it's actually doing is a homework for you.

Third, CET is the default timezone on the evilzone.org board. I just
didn't felt to change it, so I left it to it's default value.

Fourth, as it seems, that you weren't able to find out which encryption
algorithm I'm using, it's RC6.


Kind regards,
jeiphoos

PS:
Can you ask someone at Microsoft, why they've called my RaaS "Sarento"?

That's what I wrote him, he didn't answered it by now.
Apparently he hates to be reminded on his mistakes.

PS:
CET were at least shown to me as the default timezone.