Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ransomware Making a Comeback

timothy posted more than 3 years ago | from the please-send-money dept.

Security 202

snydeq writes "Ransomware is back. After a hiatus of more than two years, a variant of the GpCode program has again been released, kidnapping victims' data and demanding $120 for its return, InfoWorld reports. 'Like the ransomware programs before it, GpCode encrypts a victim's files and then demands payment for the decryption key. The new version of GpCode — labeled GpCode.AX by security firm Kaspersky — comes with a bit more nastiness than previous attempts. The program overwrites files with the encrypted data, causing total loss of the original data, and uses stronger crypto algorithms — RSA-1024 and AES-256 — to scramble the information.'"

Sorry! There are no comments related to the filter you selected.

Backups (5, Insightful)

coerciblegerm (1829798) | more than 3 years ago | (#34428324)

Simple solution: Back up your data. In other news, make sure you patch software and operating system vulnerabilities and don't run executables from unknown sources.

Re:Backups (2, Insightful)

Rob Kaper (5960) | more than 3 years ago | (#34428386)

And mark your existing backups read-only. Although that might require an OS which wouldn't run this malware anyway.

Re:Backups (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34428422)

If your backups are simply on the same machine that you're backing up, you're missing at least 1/2 the point.

Re:Backups (4, Interesting)

txoof (553270) | more than 3 years ago | (#34428578)

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution. The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure. An external drive provides absolutely no protection from any kind of malicious attack or catastrophic disaster (flood, fire, theft). The only real backup solution is an off-site backup. Considering how cheap Amazon S3 [amazon.com] is, off-site backups are finally a real solution for the average person.

Apple's Time Machine and Fly Back [flyback-project.org] is a step in the right direction, but without a real off-site backup solution kiss your data goodbye, because when it falls into a river of molten rock, man, it's gone.

Re:Backups (5, Funny)

black_lbi (1107229) | more than 3 years ago | (#34428620)

because when it falls into a river of molten rock, man, it's gone.

Sounds like you learned that from experience. One of the cons of maintaining the data center for Sauron, huh? Hope the pay is good, at least.

Re:Backups (1)

WrongSizeGlass (838941) | more than 3 years ago | (#34429616)

It comes with a great benefits package including shorts & tee-shirt dress code and all the ice tea you can drink!

Re:Backups (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34428638)

I hate to break it to ya buddy, but accidental deletion and hardware failure make up 100% of my data loss causes. Shocking, I know. You see, some people actually do patch their software and ensure their OS is up to date, and some people don't run executables from strange places.

Mounted, active storage is perfectly acceptable for backing up all but the absolute most critical of data.

Re:Backups (1)

RoverDaddy (869116) | more than 3 years ago | (#34429642)

I was going to say the same thing. In over 30 years of dealing with computers, my instances of data loss, sorted by frequency, are 1) Accidental deletion, 2) Hardware failure, 3) there is no #3. The closest I've come to data loss by malware is when I encrypted some data myself and lost the key. I've never had a 'catastrophic disaster', ever.

When I was once responsible for a business computer network, of course we had tape backup and off-site storage, even for the fairly small operation we were. For my own needs, I create DVD backups of the most important data, but have yet to extend the protection to off-site storage (see above).

I think the GP is being a little hard on external drive solutions considering they probably protect against 99% of likely losses (and 100% of mine). And a simple habit like -turning them off- when not in use could extend their ability to protect against malware.

Re:Backups (4, Insightful)

wvmarle (1070040) | more than 3 years ago | (#34428698)

My data set is about 40 GB (gzipped).

Amazon et. al. while cheap and off-site and probably pretty secure would require encryption at least. I don't want unencrypted data there. Makes it a bit more cumbersome.

The killer is going to be the upload. I've 2 Mbit up, uploading my data set to Amazon would saturate my pipe for about 55 hours straight. And that's a show stopper.

I'm slowly looking for 64GB USB drives. They exist but the local shop has only 32 GB, so have to look further. That's a much easier solution than Amazon.

Re:Backups (1)

txoof (553270) | more than 3 years ago | (#34428732)

Jungledisk, one of several S3 clients, offers several encryption options. It's a pretty decent service but lacks robust logging.

Re:Backups (1)

wvmarle (1070040) | more than 3 years ago | (#34428812)

The primary show stopper for me is the upload speed. It's just too long. I had a quick look at it; Amazon is looking at the TB range for storage and the GB range for transfers. Most of the charges are for transfers, not for storage.

When you have a 100 Mb pipe to the Internet, yes then it's getting interesting. 1 GB then takes you 1 1/2 minutes, instead of over an hour it takes for me. For your average home connection it's worse, for those people it's simply not an option. To me it seems mainly targeting mid sized companies: large enough to produce a lot of data that they want to keep archived really well, not big enough to want to invest in special equipment like tapes, drives, and safe storage facilities (tape safe; preferably off-site increasing cost even more due to physical transport).

Re:Backups (2)

aclarke (307017) | more than 3 years ago | (#34429126)

It seems to me that you're making far too big of a deal of the time to upload your files. I currently back up about 175GB to Amazon S3 via Jungledisk, and I only have a 600kbps uplink. Granted I did a lot of the initial backup from a client's office with a 10Mbps uplink, but that was also 3 years ago and I've been keeping the backup current from my home internet connection ever since.

Jungledisk uses differential copying, so once you have your original data up there it only needs to copy the changed parts of a file. It's very likely that once your data is backed up for the first time you'll never notice the slowdown on your internet connection. You'll be able to pretty much back up all your data within a weekend. I fail to see what the problem is here. It took me probably a month, but JungleDisk handled it just fine. And, it's backed up off-site now.

Re:Backups (1)

Cato (8296) | more than 3 years ago | (#34429544)

Upload time is not a big deal - I have about 30 GB uploaded to Mozy, over a 0.5 Mbps upload link. The main thing is to ensure the upload doesn't completely hog your upstream bandwidth, and that subsequent backups use block-level incremental technology, so only the actual data changed is sent.

Mozy and other online backup services are very effective, in addition to a local full system image (ideally to another server not a USB hard drive.) A USB flash drive is not very useful for backup, as it's far too easy for it to be stolen or damaged compared to an online backup - more useful to get a large hard drive and put that in another PC or server, then do a full system image to that.

Re:Backups (1)

jimicus (737525) | more than 3 years ago | (#34429022)

Virtually any respectable backup application will only ship changes up once the initial backup is complete. It'll saturate your pipe for a few days, but once it's one it's done. After that, it's really not too bad.

Re:Backups (1)

Inda (580031) | more than 3 years ago | (#34429220)

55 hours!?!?!? *heh*

I remember downloading a metric ton of 1.44mb files back in 1998. 56k was fast back then and 55 hours to fill my expensive HDD was the norm.

GOML.

Re:Backups (1)

Opportunist (166417) | more than 3 years ago | (#34429248)

40Gig could be stored on a big USB stick (yeah, yeah, not really a good backup solution... spare me that). And that USB stick could be taken with you, so it won't get any more "offsite". If you should die in a fire, I guess the data loss (because your USB stick is dying in your pocket in the same fire) should be your least problem. :)

Re:Backups (0)

Anonymous Coward | more than 3 years ago | (#34429500)

I currently have around 50GB backed up with Mozy, yes the initial backup took quite awhile, but now it's unnoticable. (Also is smart enough that when I rebuild or buy a new machine, it sees the files that it already has backed up and doesn't try to re-upload them) I've been pretty happy with it, for $5 worth it (mainly for family pictures which largely exist only digitally). Then I use Acronis to image my machine once or twice a year (or sooner if there's some major change to my machine)

Re:Backups (1)

Belial6 (794905) | more than 3 years ago | (#34428720)

So, you want to lecture people on how bad it is to use a simple and inexpensive device to protect against 99.999% of the problems they might need a backup for? Instead you want them to send their data to Amazon over a network connection that may not be fast enough to even keep up with the data changes on their drives.

It doesn't sound like you are doing them any favors.

Re:Backups (4, Insightful)

ArsenneLupin (766289) | more than 3 years ago | (#34428750)

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

You know, malware is not the only threat to data. There's also hard disk failures, and human error. "Always-mounted" external disks protect against both.

WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution.

... and even if you are concerned about "always mounted" being vulnerable to malware, you can always keep your drive securely stashed away, and only connect it once a week to do your backup.

The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure.

Which is already quite useful. Even though we like to scoff at windows users, most malware is not interested in trashing user's data, and anti-virus programs still manage to catch most malware (if one is installed).

...or catastrophic disaster (flood, fire, theft).

... which are quite rare compared to the more usual failure modes (hard disk failures, or accidentally deleted the wrong files).

Considering how cheap Amazon S3 [amazon.com] is, off-site backups are finally a real solution for the average person.

You've got to trust Amazon to respect the privacy of your data.

Re:Backups (0)

Anonymous Coward | more than 3 years ago | (#34429060)

You've got to trust Amazon to respect the privacy of your data.

Or TrueCrypt

Re:Backups (4, Informative)

Cato (8296) | more than 3 years ago | (#34429602)

Antiviruses catch only a declining percentage of malware, so you can't rely on them - see http://en.wikipedia.org/wiki/Antivirus_software#Effectiveness [wikipedia.org] which shows that even in 2007 the average percentage caught was about 50%. Various independent tests confirm this, particularly for zero-day viruses (i.e. you must rely on heuristics in the AV product, not signatures). In 2007, 23% of infected PCs had up to date antivirus: http://www.pandasecurity.com/infected_or_not/ [pandasecurity.com] and http://www.pandasecurity.com/infected_or_not/panda_security_research/ [pandasecurity.com]

Even when there is coverage for a specific virus/trojan, highly polymorphic ones are often not caught - for example the Zeus banking trojan, which steals from bank accounts while hiding the illicit transactions and resulting balance from the user, is missed in 77% of cases - http://www.darkreading.com/security/article/220000718/index.html [darkreading.com]

Re:Backups (1)

hairyfeet (841228) | more than 3 years ago | (#34428786)

Actually I'm in one of the "test markets" for the new caps which will be 36GB for home and 76GB for business, so S3 won't be an option for anyone but businesses much longer. For my customers that need reliable backup on the cheap I actually recommend the WD Essentials, but I recommend TWO drives, one for home and one for work. Once a week they switch them, so at the absolute worst they are looking at a two week loss max instead of a complete loss.

As much as I'd like to be able to have backups all sent to Stone Mountain daily, many folks just don't have that kind of money. So the WD drives or even a couple of flash drives backing up their work is better than nothing. It would be nice to just shoot everything on to S3, but at $1.50 a GB when you go over it simply isn't a valid solution for those of us living with caps.

Re:Backups (1)

txoof (553270) | more than 3 years ago | (#34429184)

Any realistically reliable backup process for home users can't depend on the user doing something daily/weekly such as swapping media. That's a realistic option for people that are very process oriented, or for a business situation where it's your job to swap media. For home users, it's unrealistic to expect people to swap media when they're hardly motivated to install regular system updates.

A solution that maintains its self and is off site is by far the best option. As far as the complaints about slow connections, a few days of saturated connection is hardly a large price to pay for having your data off site. Once the initial backup is done, incremental backups are typically trivial. My daily average is about 4MB. Occasionally I have to jam up a few gigs of photos and it takes all day, but I'm willing to suffer that by scheduling the backup for 3:00am.

Re:Backups (2)

the_womble (580291) | more than 3 years ago | (#34428846)

If your PC gets stolen or destroyed and you have a backup on an external hard drive that is stored safely off-site, how are you not protected?

Re:Backups (1)

imakemusic (1164993) | more than 3 years ago | (#34429086)

My brother bought a large external hard disk and moved all of his data on to it in order to re-format his computer. He then stood up, walked away from his desk, caught the cable around his foot and launched the disk at the opposite wall. Bye bye data.

Re:Backups (1)

Bert64 (520050) | more than 3 years ago | (#34429224)

The problem with remote backup, is the bandwidth requirements...
Most home users have extremely poor upstream connectivity, so uploading all your data to a remote server is not a terribly practical idea.

I use an external (wireless) networked drive to backup my laptop, so whenever i'm at home it gets backed up automatically... This has saved me from hardware failure and would potentially save me from theft if someone stole my laptop (they are less likely to find the wireless drive which is hidden away in the loft, plus the laptop is more likely to be stolen when its not at home).

Even offsite backup is not foolproof against malicious attack, your machine has to send the data to the offsite system which is storing the backups, a malicious attacker could modify the backup process to write garbage without you noticing..
Also with many remote backup setups, you will typically administer the service from the same machine so again a malicious attacker could steal your login details to the backup service and remove/corrupt the data you have stored there.

Re:Backups (1)

Opportunist (166417) | more than 3 years ago | (#34429236)

Most of "real life" data loss is due to, you guessed it, accidental deletion and hardware breakdown. At least in my experience. Granted, it's been a while since I was employed as helpdesk, but there has not been a single case of malicious deletion, malware related data corruption or other intentional data tampering that would have affected locally accessible and write enabled backups.

Of course offsite backups and the like are important for companies who would be very liable for it if their data was gone. Their data goes poof, they go poof. If for nothing else than because they'd be shut down. So they invest in offsite backups, because even the insignificantly tiny chance of disaster striking (fire, flood, a river of molten lava carving its path through your office...) is big enough that you do NOT risk your company's existance because you can save a few bucks.

But for Joe Average and his porn collection?

Re:Backups (2)

LordSnooty (853791) | more than 3 years ago | (#34429288)

The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure.

Fortunately these are by FAR the most common data loss ailments that will hit your average clueless user. Off-site is just overkill for most. Fire is not something that most people experience in their lives. A hard disk crash, however, is. And accidental deletion most certainly is.

Re:Backups (0)

Anonymous Coward | more than 3 years ago | (#34429454)

Believe it or not, I just came to the same realization the other week.

I keep multiple backups on two separate memory sticks and three separate laptops. And the other night I realized: all five copies of my data were in the same building.

So I've started spreading data between my apartment, my remote server, and other locations. I just felt like such an idiot.

Re:Backups (0)

Anonymous Coward | more than 3 years ago | (#34429488)

Simple: Backup to external drive, take drive to off-site location. Next trip, backup to 2nd external drive & take to off-site location. Take 1st drive back on return trip. Repeat.

Re:Backups (1)

McTickles (1812316) | more than 3 years ago | (#34429502)

Amazon S3 isn't cheap, it comes at the cost of your freedom.

Re:Backups (1)

sco08y (615665) | more than 3 years ago | (#34429574)

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution. The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure. An external drive provides absolutely no protection from any kind of malicious attack or catastrophic disaster (flood, fire, theft). The only real backup solution is an off-site backup. Considering how cheap Amazon S3 [amazon.com] is, off-site backups are finally a real solution for the average person.

Apple's Time Machine and Fly Back [flyback-project.org] is a step in the right direction, but without a real off-site backup solution kiss your data goodbye, because when it falls into a river of molten rock, man, it's gone.

They're cheap enough to buy several of them and swap them out periodically.

If you have enough crap to justify using public storage, it makes a lot of sense. And, frankly, no amount of encryption can beat simply not transmitting that data.

Re:Backups (1)

CFBMoo1 (157453) | more than 3 years ago | (#34429582)

There's an easy solution to the always on thing. Show them where the power button is after they're done with a backup/restore. External hard drives make great backup mediums, its just how they are used after pushing/pulling data that can make or break the backup.

CrashPlan (1)

gottabeme (590848) | more than 3 years ago | (#34429678)

CrashPlan is excellent. $50/year for one computer and unlimited space, indefinitely-kept versioning and deleted files, and a daemon that runs in the background all the time, with a separate GUI frontend.

I wish there were a referral plan so I could get something from this plug, but as of now, there's not. :/ haha Anyway, check it out. For a long time I used Duplicity to a web hosting account, but CrashPlan is easier and more reliable.

Re:Backups (0)

Anonymous Coward | more than 3 years ago | (#34428936)

Provided that (okay, far fetched):

* the OS security works and attacker can't get root/admin rights.
* you actually take advantage of that and your normal account doesn't own the backups.
* your computer has two physical drives and the backups are not on the same one where the data is.

Then, where's the missing 1/2?

Re:Backups (1)

arndawg (1468629) | more than 3 years ago | (#34429206)

Flame much? NTFS permissions is far better than standard unix-modes and is very flexible. Most linux distros require you to manually install ACL to get something like that working. And then you might have to recompile applications so that they will be aware of the ACL feature.
ALSO: Backups should be offline and in multiple locations.

Re:Backups (1)

vistapwns (1103935) | more than 3 years ago | (#34428626)

On top of that, I would add, run an OS with modern security features like ASLR and sandboxed web browser. Vista or Win 7, for Windows users.

Re:Backups (2)

wvmarle (1070040) | more than 3 years ago | (#34428674)

Exactly.

It makes me wonder how come this kind of scams still work, I mean everyone is backing up their data on off-line media, right? Right? Oh, wait...

Re:Backups (1)

starsky51 (959750) | more than 3 years ago | (#34428908)

That's more of a preventative measure than a solution. Try telling some student that has lost all of his college work that the solution is to go back in time and backup his files.
Unfortunately, the only solution in this event is to pay $120 to the crooks.

Re:Backups? You're missing the point (1)

Anonymous Coward | more than 3 years ago | (#34429068)

It's not enough to back up your data! You'll only end up with encrypted backups, at least if the author did the smart thing and covertly encrypted the data over a period of time (until all unencrypted backups have been deleted). This has happened in many companies.

What you really need to do is to manually verify which files have changed since last backup, and whether that change was legitimate. Easily done using hashes. This approach also prevents general file corruption, which is at least as big of an issue.

Re:Backups? You're missing the point (1)

Opportunist (166417) | more than 3 years ago | (#34429278)

Or teach your backups to be smart and warn you if they notice a significantly larger number of files changing.

In a company (or with you at home), there is usually a fairly stable number of documents getting modified per day and thus their backups need modification. So unless that malware does it REALLY slowly (read: a handful of files per day, tops), you do notice a significant spike of changes.

first post (0)

Anonymous Coward | more than 3 years ago | (#34428330)

You can have your first post unencrypted if you pay $110 to me

Or I'll do it for free (0)

Anonymous Coward | more than 3 years ago | (#34428342)

Simple solution: Back up your data. In other news, make sure you patch software and operating system vulnerabilities and don't run executables from unknown sources.

Re:Or I'll do it for free (1)

Bert64 (520050) | more than 3 years ago | (#34429262)

Not running executables from unknown sources is perfectly practical advice on linux systems where your downloading cryptographically signed packages from the vendor of the distro you already have installed (and therefore already trust)...
Similarly on most modern phones which have integrated app stores..

But what about on osx and windows where no such repository exists, and where the default installs are severely lacking in useful applications?

chanel bags 2011 (-1)

Anonymous Coward | more than 3 years ago | (#34428364)

Ransomware sounds good, but I am not very familiar with it!
Chanel bags 2011 http://www.mywebbags.com

Re:chanel bags 2011 (0)

antifoidulus (807088) | more than 3 years ago | (#34428384)

Slashdot really needs to add a spam moderation that gives 2x the negative karma of normal downmods.

Re:chanel bags 2011 (1)

FuckingNickName (1362625) | more than 3 years ago | (#34428530)

That won't be abused.

Re:chanel bags 2011 (2)

ikkonoishi (674762) | more than 3 years ago | (#34428646)

Maybe it could rot13 the text of the comment, and then have a javascript autotranslate on click thing. That way it would be worthless for SEO type stuff.

If it got any positive mods whatsoever it wouldn't do it to avoid it being used as a "I disagree" option on otherwise decent posts.

Re:chanel bags 2011 (1)

91degrees (207121) | more than 3 years ago | (#34428920)

It gets swooped on pretty damn quick.

I have to say I find it kind of funny. As though we're going to read the comment and think "Gosh - that's an insightful comment and not spam at all. Now I must buy a Chanel bag because that would be the perfect accessory for my think geek T-shirt"

My... (2)

MrQuacker (1938262) | more than 3 years ago | (#34428394)

You sure have some nice data here. Would be a shame if something were to happen to it now wouldn't it?

Re:My... (0)

Anonymous Coward | more than 3 years ago | (#34428718)

AT&T... is that you?!

Encryption (3, Funny)

flyingfsck (986395) | more than 3 years ago | (#34428400)

All my data is already encrypted you insensitive clod!

Re:Encryption (2)

Opportunist (166417) | more than 3 years ago | (#34429294)

But we'll encrypt it again for you! For free!

(What's really scary is that I am tempted now to write ransomware that displays that and an "I agree" button, and only actually encrypts and locks the user out if he clicks that "I agree" button. Just to see how many morons will fall for it)

Allright, bring back the Slot Machines of DOS! (5, Funny)

Anonymous Coward | more than 3 years ago | (#34428408)

I remember back when I was running MSDOS 5, and at first Bootup it cut to a screen with a Slot Machine that said it was a Virus holding my MBR and File Allocation Table ransom until I get such and such combination after I pull the Arm. It also said if I tried to turn-off the computer, then all my data is already gone unless I got the sequence in this game to restore my MBR and FAT.

Needless to say, I left the computer on all day and drove to my grandmother's Insanitarium/Old-Folk's home and said I didn't come visit these past 10 years because I've always given her bad luck and now I need her more than ever. She stopped taking her pills, said goodbye to the trees and bushes and pigeons as I walked her to my car, and upon arriving at my desk she knew exactly what to do: she pulled-out her vile of lipstick, puckered some on her mouth, and gave the computer screen a kiss. She was insane again.

Fuck you Slot Machine! I pulled the Arm, and I won back my MBR and FAT. I told my grandmother she could walk back home, and so I gave her $10 to buy some cigarettes and lunch, and I and her Retired-Living Facility have never seen her since.

Preemptive strike (1)

DigitAl56K (805623) | more than 3 years ago | (#34428426)

Kaspersky might have labeled it, but only running AVG ensures there's no chance of catching it ;)

Re:Preemptive strike (2)

underqualified (1318035) | more than 3 years ago | (#34428476)

That last AVG update encrypts your whole OS.

Re:Preemptive strike (1)

tacarat (696339) | more than 3 years ago | (#34428584)

Which only proves that they can compete with McAfee. [slashdot.org]

Re:Preemptive strike (1)

pinkushun (1467193) | more than 3 years ago | (#34429108)

Re:Preemptive strike (0)

Anonymous Coward | more than 3 years ago | (#34429588)

*whoosh*

Ok, a question or two (5, Interesting)

Weaselmancer (533834) | more than 3 years ago | (#34428436)

The whole point of these malware authors is to ransom data for cash, right?

How the hell do they get paid? And if that is an answerable question, that brings question number two.

Why the hell can't the law find them?

There would be a money trail of some sort. The money has to go from victim to the criminal. That is traceable.

Isn't this really just a gigantic "kick me" sign?

Re:Ok, a question or two (1)

Anonymous Coward | more than 3 years ago | (#34428462)

Your just pointing out why your not creative enough to think of an operate such a scheme. Its very easy to move and collect money anonymously without getting caught, I won't go into specifics but it can be done via nominee structures.

Re:Ok, a question or two (1)

Weaselmancer (533834) | more than 3 years ago | (#34428484)

Ok, great. I'm like the guys in Office Space who don't know how to launder money.

So. Wanna illuminate me or are you satisfied with being merely cryptic? Because if you make that kind of info public maybe The Community can figure out a way to bring these assholes to justice.

Re:Ok, a question or two (1)

FuckingNickName (1362625) | more than 3 years ago | (#34428558)

I was going to link to an auditing web site via 2 URL shorteners, but it wouldn't let me.

Re:Ok, a question or two (1)

Chrisq (894406) | more than 3 years ago | (#34428714)

Your just pointing out why your not creative enough to think of an operate such a scheme. Its very easy to move and collect money anonymously without getting caught, I won't go into specifics but it can be done via nominee structures.

I can vouch for that. Uncle Osama knows what he's talking about on these matters. By the way hows the cave Ossie?

Re:Ok, a question or two (0)

Anonymous Coward | more than 3 years ago | (#34428990)

I've heard of money laundering being done by playing internet poker against oneself. The casinos usually reside in a tax haven, so it's hard to get them to cooperate.

Re:Ok, a question or two (0)

Anonymous Coward | more than 3 years ago | (#34428470)

I imagine the culprits are either stupid or in a country that doesn't care...

Re:Ok, a question or two (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34428540)

If the money ends up going to a country like Somalia what are you going to do?

Ask for the Somali government's help to get your 100 bucks back?

Good luck with that.

Re:Ok, a question or two (1)

wvmarle (1070040) | more than 3 years ago | (#34428704)

How are you going to make a payment to Somalia?

I doubt they have a working banking system.

Making overseas payments of such small amounts is anyway an issue: bank charges can literally make half that amount disappear en route.

Re:Ok, a question or two (2)

rsmith-mac (639075) | more than 3 years ago | (#34429468)

While Western Union doesn't cover Somalia, it does cover practically everywhere else. Nigeria (or most of sub-Saharan Africa for that matter) is a good place to get lost.

Re:Ok, a question or two (1, Funny)

Anonymous Coward | more than 3 years ago | (#34428724)

If the money ends up going to a country like Somalia what are you going to do?

Ask for the Somali government's help to get your 100 bucks back?

Good luck with that.

What Somali government??

Somalia is freedom unlimited: no taxes, no government. Somalia is eagerly awaiting rich US emigrants, with special low rates for Tea Party members!

Re:Ok, a question or two (1)

ultranova (717540) | more than 3 years ago | (#34429240)

If the money ends up going to a country like Somalia what are you going to do?

Talk the RIAA into funding a full-scale invasion of Somalia? They're all pirates, you know :).

Re:Ok, a question or two (2)

igreaterthanu (1942456) | more than 3 years ago | (#34428740)

Just an example method of payment, there are exchanges from PayPal US$ to BitCoin [slashdot.org] (and back). It would be easy enough to set this up to ask for credit card details and automate the payment, funds could then be converted back into real money (anonymously) at a later date.

Although I doubt that they are smart enough to do this.

Re:Ok, a question or two (3, Insightful)

ArsenneLupin (766289) | more than 3 years ago | (#34428758)

How the hell do they get paid?

... and this is the Achilles heel of just about every ransom ploy. Most kidnappings for ransom fail at the "money handover" stage.

Re:Ok, a question or two (2)

QuantumG (50515) | more than 3 years ago | (#34428766)

suckers. Usually there's money mules who transfer the money around.. sometimes they're given the job of buying goods and sending those goods to someone else who sells them, etc, etc. It's all traditional money laundering techniques being done by "work from home" saps.

Re:Ok, a question or two (1)

will_die (586523) | more than 3 years ago | (#34428774)

Since they are not asking for a cash drop there are plenty of ways. For simple ways Western Union or just a standard bank transfer or wire. They are ususally in a different country and for low amounts of money so you have problems getting police involved. Then if you look at the email scammers and see how many of them make money you see that alot of people will just send in the money and not call the police about it.

Re:Ok, a question or two (2)

aix tom (902140) | more than 3 years ago | (#34428914)

I could imagine (but I usually over-estimate peoples intelligence) that the virus might also look for the presence of the right content.

Someone might be reluctant to go to the police with "Officer, Officer, someone encrypted my 100MB of important business data and my 600GB collection of pirated movies and illegal stuff!!!!!"

Re:Ok, a question or two (0)

AlphaWolf_HK (692722) | more than 3 years ago | (#34428922)

Well western union, moneygram, and other cash wiring services are typically used for all sorts of scams where the victims money can never be recovered. I'd imagine they could demand payment that way.

Re:Ok, a question or two (1)

91degrees (207121) | more than 3 years ago | (#34428942)

Others have mentioned wiring it to another country.

Alternatively BBC's "The Real Hustle" did something like this. They simply give the victim 30 minutes to find the cash, put it in an envelope and give it to a "courier". The courier is part of the scam team so once it's in his hands, the money's gone.

Re:Ok, a question or two (1)

Opportunist (166417) | more than 3 years ago | (#34429334)

That's something that usually does NOT work, because banks (of course not in self interest of cashing in on the lost interest, only for the added security and safety of the money transfer) usually hold the money for a few days before forwarding it to a country where getting it back is near impossible. And in every other case, you may rest assured that the police is already waiting for the person whose account this money should have been sent to and asks him ... well, why.

Western Digital is the way. You deposit the money and get an ID. You tell that ID your kidnapper. He hires a bum for 5 bucks to go to WD somewhere on this planet (for a while, London was very much in fashion) and cash in. No way to avoid or catch the culprit. He can go into any WD office on this planet (no way to preemptively put surveillance up), and even after you know where they picked it up, all you get from the WD employee is a description of some hobo.

Re:Ok, a question or two (2)

imsabbel (611519) | more than 3 years ago | (#34429124)

I can tell you an example: I was victim to credit card fraud a couple of years ago (I think it was skimmed at a parking lot acception credit cards as a pass).

I went to the police after an unautorized payment was made.
They came back to me a few months later with what happened: Somebody in Germany got the credit card data from somebody in california to buy stuff to be delivered to moscow (1 Playstation and a Gameboy). I never understood how such an tranaction was accepted for payment with credit card...). The woman in germany stated to the police that she was doing one of those "easy money from home! Just need a computer and an account!" jobs, getting lists of what to buy for whom.

Some comcept here: Get a few idiots that take the fall, lose a part of the money in the process, but be clean at the end.
Just as in that case: The value was too low for anybody really to have consequences.

Re:Ok, a question or two (1)

Bert64 (520050) | more than 3 years ago | (#34429272)

Criminal gangs often have mules to collect and launder money for them, these mules are often unsuspecting victims of scams too.

The criminals behind the scams are also often located in countries with very lax law enforcement that either doesn't care about the crimes taking place, or only care that they get their bribes from the criminals.

No data is actually encrypted..... (5, Informative)

Skellbasher (896203) | more than 3 years ago | (#34428492)

Fortinet did an analysis of this. http://blog.fortinet.com/all-your-drives-are-belong-to-us/ [fortinet.com] It simply backs up the partiton table and rewrites the MBR. It's fixable without paying the ransom.

Fixable possibly, but be careful anyway... (4, Interesting)

SuperKendall (25149) | more than 3 years ago | (#34428548)

I'd feel a little better about the proposed solution (let a disk utility recover the partitions) if they had actually tried a disk utility to see if it could in fact find the partitions and restore them. It does seem like it should work... and copying that thing back by hand is not a task I'd take on lightly with anyone's data but my own.

Also wouldn't the thing that messed up the MBR in the first place still be in your Windows installation? I didn't see that they tried to boot from that drive after repairing the MBR. It could be the ransomware is just waiting for you to reboot and will do something nasty if you've not entered the password. It seems like even after a recovery you should take the drive to a different system and back it up immediately before you tried to boot from it again, but they do not mention that.

Re:Fixable possibly, but be careful anyway... (1)

PeterKraus (1244558) | more than 3 years ago | (#34429150)

Gpart should be able to do it.

Re:No data is actually encrypted..... (1)

wgibson (1345509) | more than 3 years ago | (#34428564)

See also this post from Prevx: http://www.prevx.com/blog/163/Ransomware-lands-on-the-MBR.html [prevx.com]

All the data inside the hard drive is claimed to be encrypted, though this isn't actually true. The only thing that has been overwritten is the MBR.

[...]

Attempt by most users and technicians to fix the infection will be to run “fixmbr” to restore the MBR with a clean copy. Sadly it is not possible, because the rootkit wipes out the whole partition table section from the first sector of the hard drive - it is copied out to the fifth sector along with whole original MBR.

Re:No data is actually encrypted..... (1)

icebraining (1313345) | more than 3 years ago | (#34429134)

I'd use TestDisk [wikipedia.org] , it actually searches the whole disk for the filesystems. Helped me when a friend brought me a disk with a corrupted partition table.

1) 2) 2) -- They can't count to three (3, Funny)

PatPending (953482) | more than 3 years ago | (#34428572)

Funny how these crooks can write ransomware but they can't count to three: 1) 2) 2) [fortinet.com]

Re:1) 2) 2) -- They can't count to three (1)

PolygamousRanchKid (1290638) | more than 3 years ago | (#34428688)

And the LORD spoke, saying, "First shalt thou take out the Holy Pin, then shalt thou count to three, no more, no less. Three shall be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out. Once the number three, being the third number, be reached, then lobbest thou thy Holy Hand Grenade of Antioch towards thy foe, who being naughty in My sight, shall snuff it." Amen

Re:1) 2) 2) -- They can't count to three (1)

sco08y (615665) | more than 3 years ago | (#34429516)

Funny how these crooks can write ransomware but they can't count to three: 1) 2) 2) [fortinet.com]

You've obviously never interviewed people for a programming position.

Re:No data is actually encrypted..... (2)

jonwil (467024) | more than 3 years ago | (#34428604)

TFA says its a new varient of this virus (which means it may actually encrypt the data)

Re:No data is actually encrypted..... (1)

pinkushun (1467193) | more than 3 years ago | (#34429166)

Kaspersky's Kamluk says that "Pushing [the] reset/power button on your desktop may save a significant amount of your valuable data!"

Such insightful precautions from teh [sic] professionals! Their advice goes completely against the fact that no data is encrypted.

Reading and writing a 512 byte MBR obviously takes less time than encrypting all your user documents. That is smaller than the size of a new, blank word doc (in the new compressed .docx format!)

Nobody would hit that power button fast enough.

Re:No data is actually encrypted..... (1)

pinkushun (1467193) | more than 3 years ago | (#34429178)

32 blank word .docx's to be exact - 16,384 / 512 = 32

Re:No data is actually encrypted..... (0)

Anonymous Coward | more than 3 years ago | (#34429306)

It's sometimes a good idea to read the actual blogpost: "...and comes off the heels of recent GpCode activity. GpCode is ransomware that employs rigid encryption to corrupt documents on hard drives until they are decrypted ($120 USD). So far, RBNCrypter does not seem to be doing this..."

Yes, it's a completely unrelated piece of malware. The only common factor is presence of "AES"; which in one case corresponds to an encryption algorithm, while in the other it's just part of the scare-tactics.

Who would trust them? (3, Insightful)

kasperd (592156) | more than 3 years ago | (#34428798)

Who would actually trust those people to give access to the data after receiving payment? What is the most profitable thing to do after somebody have paid? Give them their data back or demand more money. Granted, very few people would be stupid enough to pay twice. But even if one person would fall for that, it would mean more money to them. And people are more likely to pay more money if they can make it look like the sucker was just unlucky and they didn't intentionally fail to give the data back. For example make the browser crash at the point where it "should" have shown the password.

Re:Who would trust them? (0)

Anonymous Coward | more than 3 years ago | (#34428906)

This is exactly what I was thinking, if they fell for it once, they will probably fall for it again.

Re:Who would trust them? (3, Insightful)

Opportunist (166417) | more than 3 years ago | (#34429352)

Unless word gets out that you don't get your data back after paying.

And this is the internet. The first thing people will do after this happens is painting it all across facebook and twitter.

Re:Who would trust them? (0)

Anonymous Coward | more than 3 years ago | (#34429596)

Publicly admitting they are too stupid to use a computer and fall for the most obvious scams? I don't think so.

Plus I doubt the people who fall for his are capable of looking anything up on the Internet. If they were, they wouldn't have paid in the first place.

Kaspersky (1)

roman_mir (125474) | more than 3 years ago | (#34429458)

I have an uneasy feeling about Kaspersky in all sorts of situations, including this one. Just saying that the 3 ways to gain from this activity is either to be building the virus or to be building and selling the antivirus.

The third possibility is left to the imagination and that's the one that makes me uneasy.

Microsoft Ransomware is back (0)

Anonymous Coward | more than 3 years ago | (#34429550)

There, corrected the title ...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?