{"id":53538,"date":"2016-06-06T16:41:11","date_gmt":"2016-06-06T16:41:11","guid":{"rendered":"https:\/\/www.pcmatic.com\/blog\/?p=53538"},"modified":"2016-06-06T16:41:11","modified_gmt":"2016-06-06T16:41:11","slug":"sloppy-ransomware-authors-leave-digital-crumbs-behind","status":"publish","type":"post","link":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/","title":{"rendered":"BlackShades Ransomware Authors Leave Digital Crumbs Behind"},"content":{"rendered":"<p><span style=\"color: #000000; font-family: Calibri;\">I recently analyzed a new ransomware, called <\/span><a href=\"https:\/\/www.virustotal.com\/en\/file\/fc2ad7ae3d6d4bd08d77443942ebb7fe219bace7c7beb8e837672da412baca11\/analysis\/\"><span style=\"color: #0563c1; font-family: Calibri;\">BlackShades<\/span><\/a><span style=\"color: #000000; font-family: Calibri;\">, which left me scratching my head, as to why the author was leaving digital evidence of who they actually are&#8230;<\/span><!--more--><\/p>\n<p><span style=\"color: #000000; font-family: Calibri;\">BlackShades is a ransomware, which currently charges $30 USD to decrypt the files it encrypts.\u00a0 It has been seen targeting Russian and US based computers.<\/span><\/p>\n<p><span style=\"color: #000000; font-family: Calibri;\">One of the mistakes that the author made was accepting ransomware via PayPal. PayPal can directly tie the individual to their bank account, and can identify the person behind the screen, based off of personally identifiable information.<\/span><\/p>\n<p><a href=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone wp-image-53539 size-full\" src=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades.png\" alt=\"blackshades\" width=\"772\" height=\"191\" srcset=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades.png 772w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades-300x74.png 300w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades-768x190.png 768w\" sizes=\"(max-width: 772px) 100vw, 772px\" \/><\/a><\/p>\n<p><span style=\"color: #000000; font-family: Calibri;\">When you create an account with PayPal, they ask for some personally identifiable information, such as your name and where you live. However, that information can be easily faked. I create an account for \u201cBob Jones\u201d, added some fake information, and was soon granted access to Paypal.com. <\/span><\/p>\n<p><a href=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades1.png\"><img decoding=\"async\" class=\"alignnone wp-image-53540 size-full\" src=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades1.png\" alt=\"blackshades1\" width=\"570\" height=\"772\" srcset=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades1.png 570w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades1-222x300.png 222w\" sizes=\"(max-width: 570px) 100vw, 570px\" \/><\/a><\/p>\n<p><span style=\"color: #000000; font-family: Calibri;\">However, this only gets me so far. If I want to transfer money out of PayPal, I need to tell them where I want the money to go to. In this case, I need to provide them information to my bank account. This information can also be tracked back to the owner of the account.<\/span><\/p>\n<p><a href=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades2.png\"><img decoding=\"async\" class=\"alignnone wp-image-53541 size-full\" src=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades2.png\" alt=\"blackshades2\" width=\"1009\" height=\"470\" srcset=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades2.png 1009w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades2-300x140.png 300w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades2-768x358.png 768w\" sizes=\"(max-width: 1009px) 100vw, 1009px\" \/><\/a><\/p>\n<p><span style=\"color: #000000; font-family: Calibri;\">As if this wasn\u2019t a bad enough choice in designing the ransomware, the author also hosted the decrypter service on a US based network, HostWinds. Due to the laws in the US, it would be very easy for someone in law enforcement to get a warrant for HostWinds to inspect the server, to see who is connecting to it, etc. <\/span><\/p>\n<p><a href=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-53542 size-full\" src=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades3.png\" alt=\"blackshades3\" width=\"705\" height=\"341\" srcset=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades3.png 705w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades3-300x145.png 300w\" sizes=\"(max-width: 705px) 100vw, 705px\" \/><\/a><\/p>\n<p><span style=\"color: #000000; font-family: Calibri;\">It also seems that the author of this ransomware is taunting security researchers. While this isn\u2019t something we haven\u2019t seen in the past, it does make the security researchers want to put a bit more time and effort into not only disrupting the attack, but also attributing it to a specific person. The idiom \u201cdon\u2019t stir up the hornets\u2019 nest\u201d is true in this case.<\/span><\/p>\n<p><span style=\"color: #000000; font-family: Calibri;\">Lastly, we know from the poor Russian translation and the poorly written English instructions that the person is not a native Russian or English speaker. It seems that they\u2019ve used some online translations to come up with the instructions for how to pay them, to decrypt the files.<\/span><\/p>\n<p><a href=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-53543 \" src=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades4.png\" alt=\"blackshades4\" width=\"1533\" height=\"588\" srcset=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades4.png 1533w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades4-300x115.png 300w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades4-768x295.png 768w, https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/blackshades4-1024x393.png 1024w\" sizes=\"(max-width: 1533px) 100vw, 1533px\" \/><\/a><\/p>\n<p><span style=\"color: #000000; font-family: Calibri;\">If you\u2019d like more information about BlackShades, you can see a well written write-up by Lawrence Abrams on <\/span><a href=\"http:\/\/www.bleepingcomputer.com\/news\/security\/black-shades-ransomware-encrypts-your-pc-and-taunts-security-researchers\/\"><span style=\"color: #0563c1; font-family: Calibri;\">Bleeping Computer<\/span><\/a><span style=\"color: #000000; font-family: Calibri;\">.<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I recently analyzed a new ransomware, called BlackShades, which left me scratching my head, as to why the author was leaving digital evidence of who they actually are&#8230;<\/p>\n","protected":false},"author":55,"featured_media":53359,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[7,4949],"tags":[4670,4363],"class_list":["post-53538","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-newsletter","category-ransomware","tag-blackshades","tag-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BlackShades Ransomware Authors Leave Digital Crumbs Behind<\/title>\n<meta name=\"description\" content=\"Creators of BlackShades ransomware got rather sloppy, making us question why the author was leaving digital evidence of who they actually are...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BlackShades Ransomware Authors Leave Digital Crumbs Behind\" \/>\n<meta property=\"og:description\" content=\"Creators of BlackShades ransomware got rather sloppy, making us question why the author was leaving digital evidence of who they actually are...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/\" \/>\n<meta property=\"og:site_name\" content=\"PC Matic Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/pcmatic\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-06T16:41:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/thU7MY6KQD.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"299\" \/>\n\t<meta property=\"og:image:height\" content=\"225\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dodi Glenn\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@pcmatic\" \/>\n<meta name=\"twitter:site\" content=\"@pcmatic\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dodi Glenn\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/\"},\"author\":{\"name\":\"Dodi Glenn\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/person\\\/48ddc92048489e51436331f82e991e37\"},\"headline\":\"BlackShades Ransomware Authors Leave Digital Crumbs Behind\",\"datePublished\":\"2016-06-06T16:41:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/\"},\"wordCount\":399,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/thU7MY6KQD.jpg\",\"keywords\":[\"blackshades\",\"ransomware\"],\"articleSection\":[\"Newsletter\",\"Ransomware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/\",\"name\":\"BlackShades Ransomware Authors Leave Digital Crumbs Behind\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/thU7MY6KQD.jpg\",\"datePublished\":\"2016-06-06T16:41:11+00:00\",\"description\":\"Creators of BlackShades ransomware got rather sloppy, making us question why the author was leaving digital evidence of who they actually are...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/thU7MY6KQD.jpg\",\"contentUrl\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/wp-content\\\/uploads\\\/thU7MY6KQD.jpg\",\"width\":299,\"height\":225},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/sloppy-ransomware-authors-leave-digital-crumbs-behind\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BlackShades Ransomware Authors Leave Digital Crumbs Behind\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\",\"name\":\"PC Matic Blog\",\"description\":\"Tech Tips and Tricks\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#organization\",\"name\":\"PC Matic - Top Antivirus Company in the USA.\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/techtalk.pcmatic.com\\\/wp-content\\\/uploads\\\/PC-MaticLogo-e1472689639222.png\",\"contentUrl\":\"https:\\\/\\\/techtalk.pcmatic.com\\\/wp-content\\\/uploads\\\/PC-MaticLogo-e1472689639222.png\",\"width\":1535,\"height\":483,\"caption\":\"PC Matic - Top Antivirus Company in the USA.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/pcmatic\",\"https:\\\/\\\/x.com\\\/pcmatic\",\"https:\\\/\\\/www.instagram.com\\\/pcmaticusa\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/pcmatic\",\"https:\\\/\\\/www.youtube.com\\\/c\\\/PCMaticVideo\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/#\\\/schema\\\/person\\\/48ddc92048489e51436331f82e991e37\",\"name\":\"Dodi Glenn\",\"url\":\"https:\\\/\\\/www.pcmatic.com\\\/blog\\\/author\\\/dodig\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BlackShades Ransomware Authors Leave Digital Crumbs Behind","description":"Creators of BlackShades ransomware got rather sloppy, making us question why the author was leaving digital evidence of who they actually are...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/","og_locale":"en_US","og_type":"article","og_title":"BlackShades Ransomware Authors Leave Digital Crumbs Behind","og_description":"Creators of BlackShades ransomware got rather sloppy, making us question why the author was leaving digital evidence of who they actually are...","og_url":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/","og_site_name":"PC Matic Blog","article_publisher":"https:\/\/www.facebook.com\/pcmatic","article_published_time":"2016-06-06T16:41:11+00:00","og_image":[{"width":299,"height":225,"url":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/thU7MY6KQD.jpg","type":"image\/jpeg"}],"author":"Dodi Glenn","twitter_card":"summary_large_image","twitter_creator":"@pcmatic","twitter_site":"@pcmatic","twitter_misc":{"Written by":"Dodi Glenn","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/#article","isPartOf":{"@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/"},"author":{"name":"Dodi Glenn","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/person\/48ddc92048489e51436331f82e991e37"},"headline":"BlackShades Ransomware Authors Leave Digital Crumbs Behind","datePublished":"2016-06-06T16:41:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/"},"wordCount":399,"commentCount":0,"publisher":{"@id":"https:\/\/www.pcmatic.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/thU7MY6KQD.jpg","keywords":["blackshades","ransomware"],"articleSection":["Newsletter","Ransomware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/","url":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/","name":"BlackShades Ransomware Authors Leave Digital Crumbs Behind","isPartOf":{"@id":"https:\/\/www.pcmatic.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/#primaryimage"},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/thU7MY6KQD.jpg","datePublished":"2016-06-06T16:41:11+00:00","description":"Creators of BlackShades ransomware got rather sloppy, making us question why the author was leaving digital evidence of who they actually are...","breadcrumb":{"@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/#primaryimage","url":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/thU7MY6KQD.jpg","contentUrl":"https:\/\/www.pcmatic.com\/blog\/wp-content\/uploads\/thU7MY6KQD.jpg","width":299,"height":225},{"@type":"BreadcrumbList","@id":"https:\/\/www.pcmatic.com\/blog\/sloppy-ransomware-authors-leave-digital-crumbs-behind\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pcmatic.com\/blog\/"},{"@type":"ListItem","position":2,"name":"BlackShades Ransomware Authors Leave Digital Crumbs Behind"}]},{"@type":"WebSite","@id":"https:\/\/www.pcmatic.com\/blog\/#website","url":"https:\/\/www.pcmatic.com\/blog\/","name":"PC Matic Blog","description":"Tech Tips and Tricks","publisher":{"@id":"https:\/\/www.pcmatic.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pcmatic.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.pcmatic.com\/blog\/#organization","name":"PC Matic - Top Antivirus Company in the USA.","url":"https:\/\/www.pcmatic.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/techtalk.pcmatic.com\/wp-content\/uploads\/PC-MaticLogo-e1472689639222.png","contentUrl":"https:\/\/techtalk.pcmatic.com\/wp-content\/uploads\/PC-MaticLogo-e1472689639222.png","width":1535,"height":483,"caption":"PC Matic - Top Antivirus Company in the USA."},"image":{"@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/pcmatic","https:\/\/x.com\/pcmatic","https:\/\/www.instagram.com\/pcmaticusa\/","https:\/\/www.linkedin.com\/company\/pcmatic","https:\/\/www.youtube.com\/c\/PCMaticVideo"]},{"@type":"Person","@id":"https:\/\/www.pcmatic.com\/blog\/#\/schema\/person\/48ddc92048489e51436331f82e991e37","name":"Dodi Glenn","url":"https:\/\/www.pcmatic.com\/blog\/author\/dodig\/"}]}},"_links":{"self":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts\/53538","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/comments?post=53538"}],"version-history":[{"count":0,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/posts\/53538\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/media\/53359"}],"wp:attachment":[{"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/media?parent=53538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/categories?post=53538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pcmatic.com\/blog\/wp-json\/wp\/v2\/tags?post=53538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}