The eager-but-pwned net menace behind the JigSaw ransomware has been found targeting Reddit users with multiple malware in a bid to snare victims.
The VXer is thought to be behind three ransomware variants, including the well-known Jigsaw which sports iconography from the Saw film, each lurking behind websites that foist the malware to visitors.
The actor using the handle minercount on a forum had built and sold ransomware on crime forums and deploy it themselves in a successful bid to infect victims.
Attribution is difficult at best, but the Cisco Talos intelligence boffins have laid out their chains of evidence that indicate one scumbag is behind Jigsaw, Ranscam, and the AnonPop ransomware forms.
Scores of low-ranking posts were made to the Bitcoin and related subreddits pointing those who click to the sites which downloaded an AutoIT executable that deployed their ransomware.
One post was made purporting to be a cache of online anonymity tools, including the Tor browser. It contained the actor’s ransomware along a guide to the darknet.
The joker even posted a poisoned link to a cryptowallremoval subreddit dedicated to help victims. The irony is that re-encrypting already encrypted files would be a fruitless effort.
Talos blackhat terminators Edmund Brumaghin and Warren Mercer pointed intelligence