French Police Suspect French Activists Involvement in WannaCry Ransomware

WannaCry ransomware is one of the largest distributed ransomware attacks that target systems running Microsoft Windows.


Days after WannaCry ransomware broke in over a hundred countries, the French police discovered a server running TOR relays that belonged to an activist, Aeris. The police said these servers were seized due to a “connection” to the WannaCry ransomware.

The French activist highlighted the incident on the Tor Project’s mailing list. There, he stated that users shouldn’t trust the specific relays; that were also special servers credited by the TOR clients as a gateway when entering the TOR environment.

The statement also mentioned how his servers were seized after a major business was infected by WannaCry. The infected organisation logged all outbound traffic during the attack and provided the information to the police.

The French Police march against digital rights management techniques and the DADVSI copyright law.

WannaCry ransomware operates via a command and control server that masks itself using the TOR system. Aeris believes that his servers were used as a door to use the TOR servers.

Many TOR servers are designed to only log minimal information such as status information and uptime. Unless Aeris altered the settings on his machines, the French police have nothing to extract from his servers.

The media was full of news related to the WannaCry ransomware, but this incident was only reported by the local media. The French rebel also tweeted about his property being seized by the local authorities.

Screenshot of the ransom note left on an infected system.

The L’Office Central de Lutte Contre la Criminalité liée aux Technologies de l’Information et de la Communication (OCLCTIC) is the French cybercrime investigation unit working on this case.

Aeris believes there is more to the investigation, believing other TOR servers in France went offline before the incident. The activist also provided a list of servers that he is investigating.

Currently it isn’t confirmed as to how many servers were involved in the WannaCry ransomware. There is very little information about these events, and those in question are reluctant to share information related to the TOR servers.

Anonymous recommends: Click Here To Surf & Download Anonymously, Protect Yourself From Any Hackers Or Spy Agencies And Get Around Censorship Filters

Click here to follow us on, the decentralized social media platform with no censorship and get paid for your posts, likes and comments!



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.