Ransomware author recants, posts decryption keys

A ransomware writer has taken the unusual step of publicly apologising for releasing the malware on the internet, offering up decryption keys for victims to use.

Going by the name "Poka Brightminds", the author of the Locker ransomware apologised via a Pastebin post and claimed they had never intended to release the program publicly.

"Poka Brightminds" also provided a technical description of the file structure of the encrypted data and a method to decrypt them. The files would also be automatically decrypted on June 2, the ransomware author said.

The person whose identity remains unknown also posted a database dump on the Mega cloud storage site cotaining the encryption keys.

Locker appears to have spread via cracked copies of the popular Minecraft game, which are infected with Trojan.Downloader malware.

The Trojan.Downloader malware would install Locker on victims' computers and scramble a range of files with the 256-bit Advanced Encryption Standard (AES) algorithm. It would then present four screens to the victim, explaining what had happened and demanding a payment of 0.1 Bitcoin (approximately A$25 as of writing).

Although Locker threatens to delete the key used to encrypt the files after 72 hours, it doesn't do so. Instead, it increments the ransom by 0.1 Bitcoin.

The ransomware author did not say if the money from the blackmail would be returned to the victims.

While it's not known how many people have paid "Poka Brightminds", the database dump contains almost 63,000 rows, providing an indication how many computer systems were infected with Locker.