WannaCry Investigation: French Police Seize 6 Tor Relay Servers
 |
| This Post is powered by The Hacker News |
The biggest ransomware attack in the history, named WannaCry, gained prominence very rapidly in the media globally, and why not... This ransomware infected more than 300,000 computers in over 150 countries within just 72 hours.
Government, intelligence agencies and law enforcement have already started their investigations around the world and are working closely with the affected companies to track hackers responsible for the global cyber attacks launched on Friday, May 12.
Some researchers traced back WannaCry to a state-sponsored hacking group in North Korea, while others believed that perpetrators might be Chinese. (Not clear till now)
According to The Hacker News,
Just yesterday, we came to know that French authorities had seized at least 6 Tor's entry guard node servers, hosted on France-based hosting providers, just two days after the outbreak of ransomware attack while investigating the WannaCry incident.
On 15th may, a French hacktivist informed Tor community that the official from Central Office for Combating Crime Related to Information and Communication Technologies (OCLCTIC) have raided a hosting provider named Online.net and have seized there "Kitten1" and "Kitten2" (torguard and fallback directory) servers on 14th of May.
The Hacker News contacted The French hacktivist who uses online screen name ‘Aeris,’ and he told,
"Cops raided OVH, Online.net and FirstHeberg hosting providers on the basis of a complaint filed by French Renault company that was one of the victims of the WannaCry infection,"
"I went to court to have access to information about the seizer of my servers, but it refused to provide me with any information, and even the providers are under gag order."
Well, no one was aware about this takedown until the author of Deepdotweb first reported about this incident on Saturday.
According to Aeris, the French authorities had taken this action after a victim company (possibly Renault, a France-based multinational automobile manufacturer, according to, THN) contacted the agency for help and provided network traffic logs to assist the investigation.
Since tor nodes have been implemented safely to protect the users' privacy and no actual data is kept on them, law enforcement officials will not find any proof related to the WannaCry gang.
Aeris warned,
"Private key are under encrypted volume and may be protected, but please revoke immediately kitten1 & kitten2 tor node. Those nodes are also fallback directory."
Although most affected organizations are now back in general, law enforcement agencies are on the hunt all over the world.
No comments: