Ransomware is something that comes and goes, with the high risk and low reward scenario making it a bad investment for most malicious code writers. Some criminals believe in strength in numbers, however, with apparently the two biggest ransomware Trojans being crafted and pushed by the same group.
Or, at the very least, the same code for the former Trojan was sold or otherwise traded:
“The results indicate that these two Trojans, found in the wild nearly 6 months apart, originated from the same source tree. This could mean that the original authors are actively modifying the code themselves, or they sold/traded the source code to another group who is now in charge of the modifications,” say the authors.
What's bad about these ones is that they actually seem to be fairly effective, at least effective enough to keep the criminals in business. At least 152,000 victims are mentioned, though not how many decided to shell out for retrieving their data. The newer Trojan is weaker than the former, though, with tools available to decrypt files without paying money to thugs.
It would be nice if we saw these groups taken down.