14 DAY TRIAL // After Emsisoft security researcher Fabian Wosar cracked the Apocalypse ransomware time and time again, its creator decided to switch strategy and renamed the ransomware after the researcher, from Apocalypse to Fabiansomware.
The Apocalypse ransomware appeared around April 2016, and crooks used it by brute-forcing RDP connections in order to gain access to the victim's computer/network, where they installed the ransomware by hand, manually on each computer.
At that time, Apocalypse followed a trendy wave of ransomware families that employed RDP brute-forcing, such as Smrss32, Bucbi or the ransomware distributed by a group called the Julian Assange Corporation.
Wosar has p0wned the Apocalypse gang for months
Wosar has a reputation in the ransomware scene after he created many ransomware decrypters in the past year.
Luckily for the rest of us, Apocalypse wasn't a well-coded product, which allowed Fabian Wosar to create a free decrypted for almost all versions the ransomware's author(s) released. This included both ransomware branches, Apocalypse and ApocalypseVM.
The Apocalypse crooks didn't like the idea of having their hard work cracked time and time again and added (not so) subtle clues in the Apocalypse source code, which Wosar found and tweeted.
Apocalypse rebrand is just a lame attempt to ruin Wosar's reputation
Now, half a year later, the Apocalypse crew has just had enough of Wosar's meddling.
In an attempt to ruin Wosar's reputation, they've renamed their ransomware to Fabiansomware and started using the [email protected] to request payments. Additionally, all ransom notes feature Wosar's name, in a lame attempt to pin the ransomware on the researcher.
Of course, any person with half a brain who googles Wosar's name will soon understand he's one of the most prolific ransomware crackers around, helping countless victims recover ransomware-encrypted files without having to pay the ransom.
Below are some of Wosar's tweets regarding the ongoing saga with the Apocalypse gang, and their latest rebranding attempt (NSFW language). If you're somehow infected by this ransomware, then bookmark this link for Emsisoft's Apocalypse decryption tool.
So looks like the Apocalypse degenerates decided to rename their project to Fabiansomware. They fell hard for me. pic.twitter.com/pYkXp1vEap — Fabian Wosar (@fwosar) August 29, 2016
@DanielGallagher Yes. If they weren't so horrible developers I would almost be flattered ... — Fabian Wosar (@fwosar) August 29, 2016
Looks like I was wrong and the statement that I have nothing to do with Apocalypse is necessary after all ... pic.twitter.com/2GStcJASMh — Fabian Wosar (@fwosar) August 19, 2016
So apparently the Apocalypse degenerates use "[email protected]" now. Doubt it's necessary to say it, but I am not involved with them. — Fabian Wosar (@fwosar) August 16, 2016
So apparently the Apocalypse degenerates left some new messages. Guess they got gooked then: https://t.co/iCOQXyPahY pic.twitter.com/AD9Oa4K8wc — Fabian Wosar (@fwosar) August 16, 2016
@fwosar String in binary says I would break my "dickhead" before I crack their new encryption. Let's just say I was thoroughly disappointed. — Fabian Wosar (@fwosar) August 16, 2016
You always wanted to be insulted by a ransomware degenerate? Reply and get your own insult just like @Amigo_A_ pic.twitter.com/xIgXNrd0uW — Fabian Wosar (@fwosar) August 8, 2016
I have a new friend now! :D Sad though that they butchered the name again :( pic.twitter.com/OnJs6W8GJ8 — Fabian Wosar (@fwosar) June 24, 2016