Crypto Ransomware Attack Turns Into a Battle of Wits Between Opposing Parties Author: Jimmy Aki Last Updated: 12 June 2020 Cryptocurrency ransomware has been a tad too regular in the past few years, with criminals hoping that they can bait their victims into paying off in exchange for renewed access to some of their information. However, while the ransomware trick has proven to be efficient and highly lucrative for many criminals, it would seem that certain victims are beginning to develop something of an immunity. The latest of these “stubborn victims” is an auto arts shop located out of Florida, which is refusing to acquiesce to the demands of its ransomware attacker. According to documents filed with a local court, XPort Auto Parts Inc., an automobile repair and parts sales shop, has had its website unavailable since August 15. The documents revealed that the attacker hijacked the company’s website on the day, while also closing down the account of its hosting service provider. The website, xautoparts.com, was initially hosted on popular web hosting service Go Daddy. However, in the wake of the attack, the website was transferred to Reg.ru, a hosting provider and domain name registrar based in Russia, by the attacker. While the domain name is currently located in Russia, the original owner of the website is looking to use every tool at its disposal to fight this. Hence, the document, which shows a temporary restraining order on the domain name transfer. It would also seem that the hacker did a little digging on the website before hacking it, suggesting that they had been hatching the plan for a while now. In the Bitcoin ransom note that was submitted, the hacker showed that the company had gotten up to $400,000 in revenues between February and August 2019. The hacker opined that since the company seemed to be this flush with cash, the owners will have no issues with ponying up the 10 BTC (about $100,000, considering the Bitcoin trading price at the time of the theft) that they needed to pay to get back control of their site. The hacker also seemed to know that this particular victim was crypto savvy, and they went as far as pointing out the cryptocurrency exchanges account of the shop as well. In the ransom note, the hacker wrote, “I am sure you know what Bitcoin is. I got all your information and every account. You got Binance (firstname.lastname@example.org:Jorge59****), so you should be familiar with crypto.” However, in a surprising turn of events, the hacker failed to comply with the attacker’s demands, choosing instead to contact the hosting service provider, and subsequently, getting the hosting account back. However, the domain name itself is still in possession of the attacker. Sensing some resolve, the attacker went on to reduce the victim’s time frame, while also threatening to double the ransom payable if the new requests weren’t met. The resolute victim has yet to pay the ransom till now, and the attacker is getting visibly frustrated. The outcome of this confrontation will be an interesting one indeed, particularly as it could shed new light on crypto-ransomware attacks from now on.