No one paid. The company restored from backups six weeks later. But on January 15, 2025—exactly ten years after the infection—the decryption keys spontaneously appeared on a public pastebin, and every locked file unlocked simultaneously. The message attached read: “We keep our word. Even the cold ones.” Who is SiberiaProg today? Speculation runs rampant. Some say Nikolai V. died in a climbing accident in the Altai Mountains in 2018. Others claim the collective was absorbed by a state actor—either the GRU or the FSB, given their operational brilliance. A few romanticists insist they remain independent, living off bounties and selling bespoke “cryo-kits” to journalists and dissidents.
It was absurd. It was brilliant. It was pure SiberiaProg.
What is verifiable is their legacy. Elements of the SiberiaProg Toolchain have been repurposed into legitimate software: ultra-secure backup systems, anti-forensic tools for human rights workers, and even the firmware for several “indestructible” IoT routers.
What shocked investigators wasn't the ransom—it was the method. The malware had spread not through phishing or zero-days, but through a flaw in the company’s heating system’s control unit , which had been connected to the corporate LAN. The attackers had identified a thermal overrun vulnerability, causing the HVAC system to cycle erratically, which in turn triggered a firmware glitch in the network switches.