Hacker News new | past | comments | ask | show | jobs | submit login

Thanks, I just realized it after reading Claud Xiao and Jin Chen's analysis, too. Apparently, this ransomware uses Tor to hide its origin.

Analysis: http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-...

I liked the "We have ticket system." (in the screenshot of "README_TO_DECRYPT.txt").

They ask (only) 1 BtC as a ransom.

And they decrypt one file for free, to prove they can do it. Nice touch.

Screenshots of the web UI:


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact