Two days later, after a wave of attacks using software extortionate WannaCry French law enforcement officers seized three servers that belong to the French activist Aeris.
Aeris reported the incident to the newsletter Organization Tor by Project May 15 and asked fellow developers to revoke digital certificates seized servers used as Tor exit nodes. According to the activist, the servers were seized due to contamination Networks one of the largest French companies extortionate IN WannaCry on 12 May. The company’s specialists have registered all outbound traffic during the attack and handed over to the police data.
C & C-WannaCry server stored in the shadow part of the web in the blast zone .onion. Aeris suggests that its servers were used as intermediaries by connecting malware to its command-and-control server. However, the police have very little chance to get useful information on the basis of the analysis of the seized servers, since the configuration of the majority of Tor exit nodes requires registration only a very small amount of data.
According to the activist, the same week in France mysteriously disappeared for another 40 Tor output nodes. It is unknown whether this is a coincidence or the servers were seized by law enforcement authorities in connection with the attacks WannaCry.