- Jun 9, 2013
- 6,720
Two days after the WannaCry ransomware outbreak wreaked havoc across the world, French police seized a server running two Tor relays belonging to French activist Aeris, who said the server was confiscated in connection to the WannaCry attacks.
Aeris reported the incident on the Tor Project mailing list last month, on May 15, where he asked fellow operators to revoke trust in two of his relays, who were also Tor entry guard nodes, special servers trusted by Tor clients as the first hop when connecting to the Tor network.
Big French company got infected, filed complaint
The activist said police seized his server because a big French company was infected with WannaCry two days earlier, on May 12. The company logged all outgoing traffic during the attacks and provided the data to police.
WannaCry communicates with a command and control server hosted on the Dark Web, on a .onion address. Aeris suspects his servers were used as first hops in this connection, hence the reason police seized his property, hosted via French hosting provider Online SAS.
Full Article. French Police Seize Two Tor Relays in WannaCry Investigation
Aeris reported the incident on the Tor Project mailing list last month, on May 15, where he asked fellow operators to revoke trust in two of his relays, who were also Tor entry guard nodes, special servers trusted by Tor clients as the first hop when connecting to the Tor network.
Big French company got infected, filed complaint
The activist said police seized his server because a big French company was infected with WannaCry two days earlier, on May 12. The company logged all outgoing traffic during the attacks and provided the data to police.
WannaCry communicates with a command and control server hosted on the Dark Web, on a .onion address. Aeris suspects his servers were used as first hops in this connection, hence the reason police seized his property, hosted via French hosting provider Online SAS.
Full Article. French Police Seize Two Tor Relays in WannaCry Investigation
