We hate and hunted: the dangerous life of a virus cracker who is making powerful enemies

Fabian is known for destroying ransomware programs - viruses that criminal groups send out to extort money. Because of this, he has to lead a secluded lifestyle, and is always one step ahead of cybercriminals. At the end of our interview, he moved to an unknown place.



For a photographer from British Yorkshire, the situation was disastrous. Late at night, he put the finishing touches on his last set of wedding photos that needed to be sent to joyful newlyweds. And then everything changed on the computer screen. Not only the folder with images, but all the work, all the mail and all the receipts disappeared.

A school teacher from Texas (USA) realized the seriousness of the situation only after she remembered what was stored on her computer. A detailed long-term financial education plan. It took him months of work and a lot of energy, and now hackers controlled it all with one click of the mouse.

The senior manager of a large corporation from Hong Kong was covered in cold sweat. He had heard of such computer viruses and how dangerous they could be. But he never thought that he would be deceived by forcing to click on the wrong link. After reading the ransom demand, he panicked. Because of this situation, he could lose his job.

Ransomware[ransomware] is a particularly unpleasant variety of computer viruses. Instead of stealing data or money from victims, such a virus intercepts computer control and encrypts all documents, images, video files and mail. Then a ransom demand is issued. Sometimes it is recorded in a note left on the desktop, sometimes it suddenly appears on the screen.

And in such cases there is always a way out. Pay the hacker a few hundred - and sometimes thousands - dollars, and then he will restore your files.

All the victims mentioned above were overtaken by a ransomware virus of some kind. However, the manager from Hong Kong did not lose his job, and the photographer and teacher were able to restore what they did. No one had to pay money, and when they returned their lives back to normal, they all sent emails with thanks to the same person.

This man dedicated his life while experiencing serious problems, helping victims of ransomware programs around the world. He carefully hides his identity for self-defense, since every message he receives gratefully has a message with insults from hateful cybercriminals.

In general, they hate him so much that they even leave personal threats in the code of their own viruses.



For an untrained person, a computer virus code is a mishmash of letters, numbers, and symbols. But for Fabian Wozar, each line is a clear instruction. He knows and understands every number and every point in the same way that a pianist would understand a page with notes.

About a year ago, looking at the code of the latest ransomware virus in search of hints to help him crack it, he suddenly froze. Green letters looked at him directly from the code, folding into a curse addressed to him personally. By name.

“I was shocked, but at the same time I felt real pride,” said Fabian. “Not even a little bit of arrogance.” I won’t lie, it was nice. It was clear that the programmer was furious. They spent time and energy writing a message, knowing that I would see it, and it is clear that I began to get them. A great motivation is to know that my work annoys some particularly unpleasant groups of cybercriminals. ”

Fabian shows me other messages. It takes me some time to see them while scrolling through endless lines of code. When I find one of them, it stands out like a lighthouse in a sea of ​​unreadable characters.

Almost all of them are obscene, abusive and threatening. Often referred to Fabiana's mother and descriptions of sexual intercourse. Many contain challenges and ridicule against him. One virus was even called Fabiansomware, in an attempt to make victims believe that Fabian was behind it.

But some are more like requests, like this one he found a few months ago:


“Fabian, please don’t crack me! This is my last attempt. If you crack this version, I’ll start taking heroin! ”

“ They tried to make me feel guilty. But, of course, I hacked their virus and laid out the decryptor, ”he said. “And, unsurprisingly, this did not stop them, and they posted the next version.”

Fabian stores all messages found. He has already accumulated a large collection, and this is another motivation that forces him to devote himself to his work, and even excessively get carried away with it.



From the moment you enter Fabian’s house, you understand how this devotion manifests itself in his life. In his unpretentious house on the outskirts of London there are no decorations. No pictures or photos on the walls. No lamps or plants. The shelves are empty, with the exception of a collection of Nintendo games and programming books.

He has one board game called Hacker: The Cyber ​​Security Logic Game, and he says that he is good at it, although he always plays it alone. In short, his house cannot be called cozy, but this cheerful young native of Germany does not suffer from this. He admits that 98% of his time is spent at home, working from an office on the second floor.

“I'm one of those people who don't leave home without a good reason,” he says. “I don't particularly like to leave home unnecessarily.” I make almost all purchases through the Internet, and they deliver everything to me. I don’t like to keep a lot of things, and I spend most of my time at work. ”

Oddly enough, Fabian equipped the smallest room in the house under the office. It was there, behind closed curtains, that he spent most of his life gaining a base of grateful fans and dangerous hatred enemies from around the world.

He works remotely for a cybersecurity company, and often works for several hours in a row with colleagues from around the world.

When he “enters the zone”, the outside world becomes even less important, and his whole being concentrates on the code on the screen. Once he woke up with traces of buttons on his face, falling asleep after 35 hours of continuous work.

And all this is done to create anti-extortion programs that he and his company usually give out for free. Victims download a tool for a specific virus, follow the instructions and receive files back. It’s clear where he got so many vengeful enemies from among cybercriminals.



“You can never be sure who you are running into, but I think I have pissed off or upset about 100 different cybercriminal gangs over the past few years,” says Fabian. - The code is like the text of a story. You can find out the style. You can understand that you are dealing with the same people. It's also pretty easy to track money. Studying bitcoin wallets that criminals require to transfer money to, you can see who is responsible for which version of the ransomware program and how much they earn. ” He says that one group, "which he was very angry with," earned about $ 250,000 three months before he discovered their virus and stopped it.

Ransomware is one of the most profitable ways to make money for cybercriminals. You can steal data, but you need to find a buyer on it. And in these attacks, the victim is the buyer. People rarely have backups of valuable family photos, so they are likely to pay a couple hundred bucks to save them.

Organizations often pay without involving law enforcement and without upsetting shareholders. In some cases, local law enforcement agencies pay money by evaluating the cost of replacing their systems with taxpayer money. In March, Jackson County officials Georgia (USA) paid $ 400,000 to criminals to get rid of the ransomware virus and restore access to its IT infrastructure. It is reported that, according to their estimates, replacing a computer network would cost millions.

The most successful cyber groups are similar to the mafia, have a special structure and division of labor. There are virus coders, money laundering specialists, defenders and bosses who choose victims and sometimes invest in more serious criminal enterprises.

And catching these criminals is extremely difficult. One of the most fruitful extortion groups, responsible for the two main families of such viruses, CTB-Locker and Cerber, is estimated to have earned about $ 27 million and not come across the police for years. To close it, it was necessary to combine the efforts of the American FBI, the British NCA and investigators from Romania and the Netherlands. In December 2017, five people were arrested in Romania.

According to Emsisoft, which Fabian works for, another computer is attacked every two seconds. Over the past 60 days, the company's network has managed to prevent 2,584,105 infections - and this is just one of the dozens of anti-virus companies that exist around the world.



Some of the most devastating cyber attacks in recent years have been carried out using ransomware. In May 2017, hundreds of British hospitals plunged into chaos due to the WannaCry virus spreading through a network of medical facilities like wildfire. About 70,000 devices — including computers, MRI scanners, blood storage refrigerators, and operating room equipment — were disconnected due to a virus that encrypted all data and required payment in bitcoins to decrypt them. Doctors and nurses had to return to the practice of manual recording, and thousands of appointments and operations were canceled or postponed. Worldwide, this virus has infected 300,000 computers in 150 countries, most of all - in Ukraine, Russia, Taiwan and India. Experts quickly enough accused North Korea of ​​this attack, the damage from which cost hundreds of millions of dollars.

Another version of the ransomware, Not Petya, is responsible for what is often called the most destructive cyber attack of all time. It is believed that the damage from it amounted to about $ 10 billion, of which $ 300 million was lost by one company.

Infection began in June 2017. It went from a completely harmless accounting program, popular among Ukrainian companies, and spread throughout the country, encrypting computers in energy companies, transportation networks, airports and banks. Then the virus quickly began to encrypt computers in Germany, France, Italy, Poland and Britain.

The cynical cruelty of the Not Petya virus was that, although it looked and behaved like a ransomware, in fact, even if you paid the ransom (and many paid), the files could not be restored.

Maersk, the world's largest logistics and container carrier, was hit hardest. The business almost stopped, and in the ten days it took to recover thousands of computers connected to the network, the cost of goods such as bananas jumped sharply when store shelves started to empty.

Some believe that the attack was a political act against Ukraine, but no one really knows who was behind it. “This is essentially an arms race,” says Fabian. “They are releasing a new ransomware virus, I find a flaw in its code and create a decryption tool to help return files to people.” Then the criminals release a new version, hoping that I will not crack it. Sometimes they understand what they did wrong and correct the program, but more often than not they see flaws in their code. Once this round-trip game with one cyber group lasted six to seven months. And the passions were heating up, while they were getting more and more angry with me. ”



Fabian admits that being carried away by an arms race with anonymous criminals, it becomes difficult to perform such simple actions as eating, drinking, and taking care of yourself on time.

Among the mess of programming books and documents on his desk, I notice two boxes of pills. Labeled containers for each day of the week talk about health problems that, he acknowledged, were due to his lifestyle.

“I have a lot of excess weight, problems with pressure, so I take medication. I also have problems with hyperthyroidism, ”he says. - It's all because of my work and lifestyle. I’m thinking about getting a puppy so that I have to leave the house for walks. Yes, and the company would be useful to me. "

It was the message regarding his excess weight that prompted him to flee from Germany and settle in Britain. About a year ago, he stumbled upon a hidden message that, unlike many, was frighteningly personal:


“Fabian, tie with cheeseburgers, you're bold!”

He could not ignore this. Not because it offended him, but because it demonstrated that cybercriminals knew something about him. Until that moment, he kept everything except his name in the strictest confidence. Even his boss and employees did not know exactly where he lived in eastern Germany in his hometown, and now, apparently, the criminals were getting closer to him.


“Fabian, stop eating hamburgers, dude, seriously.”

“It really got me through. Not because of the weight - I obviously weigh a lot - but because I realized that people track me down on the Internet, ”he says. Fabian described this time as a period of fear. He cleared social media accounts and web forums of all photos or links to his appearance. He discovered that many years ago he mentioned a keto diet in a tweet. “Then I deleted my birthday and everything else from everywhere so as not to give out a lot of information,” he says. “I remember thinking about the need to leave Germany, where you can easily find a person from scraps of information.”

"This was really scary. I don’t think they would kill me, but these guys are very dangerous. I know how much they earn, and for them it would not cost anything to pay 10-20 thousand to some Russian who would come to my house and beat him half to death. I moved to Britain as quickly as I could. Here you can hide, there is no registration and all that, and you can live anonymously. ”



Fabian still has not told his colleagues where he lives in Britain. He agreed that I would come to him only because I was going to move to another place, and did not begin to tell me where. He understands that the constant travel and restrictions of his life and circle of friends are part of the sacrifices he makes for his hobby, which has turned into a profession.

He first discovered a passion for computers at the age of seven when he was playing on his father's working computer. His family from East Germany was poor, and the fulfillment of his dreams depended only on himself. For three years he saved money on his first computer, collecting and handing over bottles and cans.

At 10, he saved up enough money to buy a computer and start experimenting with it. It all happened when he first came across a computer virus. “It was called TEQUILA-B, it ruined my whole system, and terribly interested me. I went to the library, and they found a couple of books about computer viruses. I got carried away with this and wrote my own antivirus program. ”

By the age of 14, he was already known in his area as an enikeyschik, and managed to save enough money to help his family move to a better house in a good area. By 18, without any formal education, he got a job at Emsisoft, a cyber-security firm, where he earned his reputation and became known as one of the best ransomware experts in the industry.

With such skills and a reputation, Fabian could become one of the largest names in the cyber world, but he chose a more modest existence. He earns very well, but looking at his house and how he lives, it is difficult to understand what he spends money on. “And I especially do not spend them. I like to play board games online [as it is written - apparently, the author mixed up something / approx. perev.], but it costs a little, he says. - I sent a lot of money to my sister, who has a small daughter. I like to make sure she has everything she needs. ”

He is constantly offered rewards and rewards, but he does not like to accept them. But he liked one gift - it was a drawing from one grateful artist who tried to imagine how Fabian might look. It depicts a burly man in a hat depicting a polar bear. Oddly enough, the artist managed to convey the essence (and love of polar bears), even without a portrait resemblance.



He uses this picture as an avatar on the Internet, rejoicing that he received it from the person whom he helped, and at the same time knowing that it is safe to use it.

Leaving him after the interview, I feel flattered that I was invited to his house and became one of the few people who were entrusted with his location, albeit temporarily. I wished him good luck with the move and with the search for a puppy companion with whom he could share his strange life.