Published in early 2016 on GitHub project extortion software with open source for more than a year serves as the basis for the emergence of new extortion programs. A project written in PHP called Ransomware is the handiwork of the Indonesian hacker ShorTcut (or Shor7cut), who is a member of the cybercrime groups Bug7sec and Indonesia Defacer Tersakiti.

Over the past year, the project has been used to create three different extortion programs for web servers. The first family was discovered in October 2016 by experts from Fortinet and named JapanLocker.

The second family, Lalabitch, appeared in July 2017 and got its name due to the extension added to the encrypted files. The third, the newest family, was also discovered last month. The extortion added an extension to the encrypted files. Ev, so it was called EV Ransomware.

Is it worth it for the creation of malware itself ShorTcut, or their author is another hacker or hacker, is unknown. However, all three programs contain an error that makes it impossible to recover encrypted files even if the victim repays the purchase and receives the key for decryption.