AstraLocker, a lesser-known ransomware group that’s purported to be formed from Babuk’s source code, is now shutting down operations.

Instead, the developer of AstraLocker said he’d be moving to cryptojacking – a form of mining cryptocurrencies illegally from others’ system resources. While he didn’t mention the exact reason for closure, it’s likely due to the increased focus by law enforcement agencies on ransomware groups.

Moving to Another Cybercrime Operation

In the last couple of years due to COVID-19, everyone was restricted at home and relied heavily on computers for almost every need. This led threat actors like ransomware groups to rise sharply, and prey on unsuspecting people and companies with weak protections.

All this resulted in some groups hitting prominent companies and government agencies, where millions of dollars were demanded as ransom. This attracted law enforcement agencies around the world, who pledged to convict ransomware groups, and even arrested some of the operators too.

May this have triggered other ransomware groups like AstraLocker, who announced a voluntary shutdown of operations this week. Talking to BleepingComputer, the developer of AstraLocker ransomware said;

“It was fun, and fun things always end sometime. I’m closing the operation, decryptors are in zip files, clean. I will come back. I’m done with ransomware for now. I’m going in cryptojaking lol.”

He then submitted a ZIP archive to the VirusTotal – a malware analysis platform – that contained all the AstraLocker decryptors.

BleepingComputer confirmed the decryptors to be legitimate, after testing one of them against files encrypted in a recent AstroLocker campaign. The remaining decryptors are expected to work as well.

And soon, we may see a universal decryptor for AstraLocker coming from Emsisoft, who earlier released free decryptors for various ransomware operations. This isn’t the first time a ransomware group voluntarily shut down operations.

We’ve seen Avaddon, Ragnarok, SynAck, TeslaCrypt, Maze, Crysis, AES-NI, Shade, FilesLocker, Ziggy, and FonixLocker doing the same and sharing their decryptors for free right after closure.


Please enter your comment!
Please enter your name here