Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

CryptoLocker Gang Earns $30 Million In Just 100 Days

timothy posted about 9 months ago | from the only-need-to-win-a-few dept.

Crime 202

DavidGilbert99 writes "A report from Dell Secureworks earlier this week reported that up to 250,000 systems have been infected with the pernicious ransomware known as CryptoLocker. Digging a little deeper, David Gilbert at IBTimes UK found that the average ransom being paid was $300, and than on a very conservative basis just 0.4% of people paid the ransom. What does this all add up to? $30 million for the gang controlling CryptoLocker — and this could be 'many times bigger.'"

cancel ×

202 comments

Sorry! There are no comments related to the filter you selected.

hey dummies (5, Informative)

Anonymous Coward | about 9 months ago | (#45736097)

The link is wrong

Re:hey dummies (5, Informative)

bondsbw (888959) | about 9 months ago | (#45736269)

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

Re:hey dummies (1)

Anonymous Coward | about 9 months ago | (#45736371)

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

Yup. Maybe it was author of the article who paid the $30 million "second chance ransom"

Re:hey dummies (3, Funny)

girlintraining (1395911) | about 9 months ago | (#45736457)

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

You can't expect journalists to have a grasp of basic math. Or the general public for that matter. Otherwise the headline "Company X settles 'largest lawsuit in history' at Y billion dollars" wouldn't have the impact it does after realizing Company X's revenue was Z trillion dollars. And who knows -- with the instability of bitcoin pricing, it might well be worth $30 million next week... -_-

Re:hey dummies (-1)

Anonymous Coward | about 9 months ago | (#45736619)

After being apprehended by a large angry black man for running past a box of graham crackers, the black man ripped off all of your clothes, and then stared at your ass. The black man's expression became one of complete surprise, and he screamed, "There is no hole!"

"There is no hole!"
"There is no hole!"

Re:hey dummies (1)

Anonymous Coward | about 9 months ago | (#45736719)

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

You can't expect journalists to have a grasp of basic math. Or the general public for that matter. Otherwise the headline "Company X settles 'largest lawsuit in history' at Y billion dollars" wouldn't have the impact it does after realizing Company X's revenue was Z trillion dollars. And who knows -- with the instability of bitcoin pricing, it might well be worth $30 million next week... -_-

Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

http://money.cnn.com/magazines/fortune/fortune500/

Trillions would be the GDP of entire countries. So, yeah, "Y Billion Dollars" is a pretty freaking huge deal, especially when you consider the largest PROFIT in a company is Exxon Mobil with 44.8 billion. Lawsuits affect profit, not revenue.

Re:hey dummies (4, Informative)

girlintraining (1395911) | about 9 months ago | (#45736927)

Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

You seem to be laboring under the delusion that companies only exist, and earn profit, for one year. Then they return to their ancestral home in the profit river, where they lay their nest eggs and golden parachutes for the next generation, and then die.

Alas, companies make revenue year over year... and some of the biggest frauds this country has seen have taken decades before the government acted to stop it. So "Trillions of dollars of revenue" is not an inaccurate statement. At least not if you have more brains than an anonymous coward...

Re:hey dummies (0)

Anonymous Coward | about 9 months ago | (#45737109)

The definition of revenue is a yearly figure. And like I said, profit is the number that companies care about when talking about money. Exxon Mobil would need to hoard all of its profit for 23 years to be able to amass 1 trillion dollars in cash. And besides, what do you think companies DO with their billions? They either reinvest them or pay out to their stock holders (This is the main reason for a public company to exist, after all). Companies (except Apple) don't hold on to cash unless they're looking to make a big acquisition.

So yes, a multi-billion dollar hit to your profit is a big fucking deal, no matter who you are. Stop being dense.

Re:hey dummies (-1, Offtopic)

girlintraining (1395911) | about 9 months ago | (#45736963)

Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

Oh, and P.S., you have no clue what revenue actually means [forbes.com] The largest company on the planet only pulls in $134.77 billion a year. Wal-mark did $469.2 in sales last year [forbes.com] .

Re:hey dummies (0)

Anonymous Coward | about 9 months ago | (#45737145)

Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

Oh, and P.S., you have no clue what revenue actually means [forbes.com] The largest company on the planet only pulls in $134.77 billion a year. Wal-mark did $469.2 in sales last year [forbes.com] .

I'm well aware of what revenue is (I work in sales for a fortune 100, surprise!)

I assumed (naively, I must admit) that CNN would also know what revenue is. However, you just made my original point even more. Nobody has "trillions in revenue."

Re:hey dummies (0)

Anonymous Coward | about 9 months ago | (#45736783)

What did you expect? Those that can't do math well but seek a profession usually major in Journalism, Sociology, El. Ed., etc. That is FUD math taught to them by the Federal Protection Racket and the MAFIAA.

Re:hey dummies (1)

GameboyRMH (1153867) | about 9 months ago | (#45736817)

Things Slashdot editors aren't so good with: Junior-high level math, URLs.

Re:hey dummies (1)

Dynedain (141758) | about 9 months ago | (#45736843)

So the author confused .4% with 0.4 (aka 40%) to get the $30M figure. So much for editors in publishing.

Re:hey dummies (1)

Stan92057 (737634) | about 9 months ago | (#45737207)

So? what do you want for free ?lol Ya get what ya pay for.

Re:hey dummies (0)

Anonymous Coward | about 9 months ago | (#45736993)

The actual link [ibtimes.co.uk] , has "30-million" in the URL, but does, in fact say $300,000 in the article. I guess this is a case where only the URL was "read", not the story, while "composing" the summary...

Re:hey dummies (1)

bondsbw (888959) | about 9 months ago | (#45737055)

The author changed the article. You can tell because the link is "www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607" but the headline now says "CryptoLocker Gang Earns Millions in Just 100 Days" (changing from "$30 million" to just "millions").

Where before the headline was based on bad math, the new headline is based on fuzzy math because someone indicated that the earnings could be many times more than what was reported.

Re:hey dummies (0)

Anonymous Coward | about 9 months ago | (#45737171)

Yes, the figure you have mentioned is correct PER DAY as it is in 100 days.

Broken article link (2)

KublaiKhan (522918) | about 9 months ago | (#45736103)

Or was this meant to trick us into reading about Zuckerberg?

Re:Broken article link (3, Funny)

stewsters (1406737) | about 9 months ago | (#45736127)

Or is Mark Zuckerburg the gang behind cryptolocker, and this was a Freudian slip?

Re:Broken article link (0)

Anonymous Coward | about 9 months ago | (#45736199)

A broken link is a link that is just that. Broken. It's a valid link, just the wrong one.

So, Zuckerberg is behind cryptolocker???? (5, Informative)

wbr1 (2538558) | about 9 months ago | (#45736117)

Re:So, Zuckerberg is behind cryptolocker???? (4, Funny)

war4peace (1628283) | about 9 months ago | (#45737067)

...And it's a fun read, too:

"English is not the CryptoLocker Group's first language" - apparently it's not IB Times's, either, as seen in the article: "CryptoLocker is not currently being sold to anyone other criminal gangs".
"it was being distributed by the Gameover Zeus malware, in some cases via the renowned Cutwail bonnet."
"malware is typical among cyber-criminals in Russia and easter Europe,"
"this was quickly cut to 1 bitcoin, 0.5 bitcoin and at the time of publication, 0.5 bitcoin." - yes, there's a deep cut from 0.5 to 0.5, for sure. We should all rejoice!

Re:So, Zuckerberg is behind cryptolocker???? (0)

Anonymous Coward | about 9 months ago | (#45737345)

Ahh! So "Easter bonnet" must be the codeword for the forthcoming attack on[No Carrier]

Error (0)

Anonymous Coward | about 9 months ago | (#45736119)

Link points to unrelated article about Mark Zuckerberg.

Re:Error (4, Funny)

Drethon (1445051) | about 9 months ago | (#45736461)

Are you sure it is unrelated? Facebook seems to be asking a lot of money for nothing tangible too...

Re:Error (2)

JWW (79176) | about 9 months ago | (#45736969)

Maybe this technology is related to Facebook.

Imagine, Facebook's users are generating unique, pithy, substantive and deep posts to put on Facebook, but this crypto locker stuff is just converting those awesome posts into worthless drivel about piddly silly details about the Facebook breakfast or exercise routine.

Wow! (0)

Anonymous Coward | about 9 months ago | (#45736139)

That's amazing! Though I am not sure what Mark Zuckerburg has to do with this though...

Wrong link? (0)

Anonymous Coward | about 9 months ago | (#45736143)

The link in the article points to a Mark Zuckerberg article.

Wrong link (0)

Anonymous Coward | about 9 months ago | (#45736149)

The link goes to the Zuckerberg story.

Zuckerberg (-1)

Anonymous Coward | about 9 months ago | (#45736155)

Why does the link point to an article about Zuckerberg?? Are you suggesting that he is behind Cryptolocker?
http://www.ibtimes.co.uk/mark-zuckerberg-sell-facebook-shares-worth-2-3-billion-1429600

Is execution enough? (0)

Anonymous Coward | about 9 months ago | (#45736167)

With this level of evil, I think execution by prolonged torture may be appropriate for this scum. All these Russian brains being wasted on criminality.

If Caught... (0)

Anonymous Coward | about 9 months ago | (#45736177)

These guys really do deserve the death penalty.

Re:If Caught... (0)

Anonymous Coward | about 9 months ago | (#45736337)

Who, Zuckerberg?

Re:If Caught... (1)

houstonbofh (602064) | about 9 months ago | (#45736823)

Who, Zuckerberg?

I am still deciding...

Correct Link (2, Informative)

DavidGilbert99 (2607235) | about 9 months ago | (#45736187)

Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607 [ibtimes.co.uk]

Re:Correct Link (3, Insightful)

bondsbw (888959) | about 9 months ago | (#45736941)

Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607 [ibtimes.co.uk]

DavidGilbert99, please fix your damn article. You wrote the article, you wrote the summary, both with attention-getting headlines. And they both passed different sets of editors (assuming the editors even exist) and they are both incorrect with the $30M figure.

The only story behind this is how little they netted, not how much.

Re:Correct Link (1)

bondsbw (888959) | about 9 months ago | (#45737031)

Ok, you fixed the numbers in the article but have decided that with a bit of fuzzy math it's alright to keep perpetuating the attention-grabbing headline.

Better Than Commercial Software? (2, Funny)

Anonymous Coward | about 9 months ago | (#45736197)

Does CryptoLocker actually do what it says when a person pays? That's better than a lot of commercial software I've used. The gaming, media, and high-level engineering software industries are particularly bad on this point.

Re:Better Than Commercial Software? (2)

SJHillman (1966756) | about 9 months ago | (#45736343)

We got hit by CryptoLocker twice back in November (in one case, it wreaked havoc on network shares because the user had way more permissions than necessary due to office politics). We didn't pay the ransom, but we worked with a vendor who was very familiar with CryptoLocker. According to them, every time people paid, they got the key as promised.

Re:Better Than Commercial Software? (1)

cjjjer (530715) | about 9 months ago | (#45736641)

So in other words you may have been working with the CryptoLocker gang? Would make sense that members pose as a vendor who can "fix" the issue. I am sure it would be just as lucrative...

Re:Better Than Commercial Software? (1)

SJHillman (1966756) | about 9 months ago | (#45736917)

That seems unlikely, as this vendor has a long-term support contract with us and gained nothing extra from giving us help with it. But make sure you know who you can trust ahead of time.

Re:Better Than Commercial Software? (4, Interesting)

ekgringo (693136) | about 9 months ago | (#45736699)

We knew someone at a sister company that was infected with CryptoLocker. He had no backups (they have no IT infrastructure) so he paid the ransom to recover his files. It appeared to start decryption, but the machine was old and we had to let it run over the weekend to complete. Windows Security Essentials had to be disabled in order for the decryption to work, but it re-enabled itself and blocked the decryption. By the time Monday rolled around, the decryption sever had been shut down or his ransom window had expired and so he ended up losing his data anyway.

Re:Better Than Commercial Software? (1)

Anonymous Coward | about 9 months ago | (#45736903)

So, uh, what good is Windows Security Essentials at all if it allows this shit in the first place?

Re:Better Than Commercial Software? (3, Insightful)

i kan reed (749298) | about 9 months ago | (#45736971)

So, you made a donation to organized crime. How charitable.

Re:Better Than Commercial Software? (1)

wbr1 (2538558) | about 9 months ago | (#45736803)

No one can -fix- cryptolocker. It is pay and hope the key is delivered and works of have a recent backup. Otherwise you and all your attached storage are fucked.

Alright NSA, why is this going on? (3, Insightful)

Anonymous Coward | about 9 months ago | (#45736237)

You're in every goddamn device on the planet but you can't shut this sort of shit down?

Another reason to execute y'all for treason.

Re:Alright NSA, why is this going on? (4, Funny)

Anonymous Coward | about 9 months ago | (#45736415)

oh, you've just made cold fjord sad, you insensitive clod

Re:Alright NSA, why is this going on? (0)

Anonymous Coward | about 9 months ago | (#45737337)

Anyone care to explain the joke for those who don't read everything cold fjord writes?

Windows (0)

Anonymous Coward | about 9 months ago | (#45736245)

Microsoft security at work once again.

Why would anyone install this? (0)

Anonymous Coward | about 9 months ago | (#45736265)

I don't understand what a user gets for their $300. It sounds like even after you pay, you're basically just back to where you were, before you installed the software. So why bother using it at all? Is this company just feeding on NSA paranoia?

Re:Why would anyone install this? (1)

SJHillman (1966756) | about 9 months ago | (#45736361)

I can't tell if you're a troll or just an average AC....

Re:Why would anyone install this? (1)

tibit (1762298) | about 9 months ago | (#45736379)

You must be so confused. It's ransomware: it encrypts your files with a public key. The private key is controlled by the gang. You don't pay, you end up with a bunch of random-looking data substituted for your files, since the gang destroys the unique private key after the time is up. Yes, you're basically just back to where you were, before you "installed" the software. The "bother" is with the software being ransomware. It's malware. It installs itself when you don't pay attention, like most people out there...

Re:Why would anyone install this? (1)

temcat (873475) | about 9 months ago | (#45736671)

Come on, that was sarcasm.

See? Business model entirely without DRM. (3, Interesting)

Erikderzweite (1146485) | about 9 months ago | (#45736299)

Just look at those guys: they don't need to take our freedoms with draconian DRMs and bought legislation. Their programs can be freely copied, in fact, their whole business model depends on the software being copied at no cost!

What do they earn their money with, you ask? With high-quality cryptographic security service! Truly, a business model of the future.

They are not blaming pesky pirates for their losses, they don't whine that someone uses their work without permission. They work harder, are creative and produce high-quality product. And that is their key to success!

Re:See? Business model entirely without DRM. (1)

tibit (1762298) | about 9 months ago | (#45736383)

That's what makes it even sadder. True but oh so sad...

Re:See? Business model entirely without DRM. (0)

Anonymous Coward | about 9 months ago | (#45736581)

These guys are clearly job creators and so I think we need to give them some tax cuts immediately or they might stop innovating!

Re:See? Business model entirely without DRM. (2)

wvmarle (1070040) | about 9 months ago | (#45736833)

I would say this malware IS DRM. Because what it does is it encrypts the content, and then demands money to have it decrypted. Sounds very much like your average DRM scheme.

A key difference appears to be that this one actually works - at least there is no mention in the article of it having been broken yet.

Re:See? Business model entirely without DRM. (1)

mrchaotica (681592) | about 9 months ago | (#45736943)

Nah, it's just regular cryptography. The definition of DRM requires that the owner of the data and the attacker be the same entity.

Re:See? Business model entirely without DRM. (1)

mlts (1038732) | about 9 months ago | (#45737033)

Don't forget highly reliable, dependable software coupled with (as per previous postings) top tier customer support.

Math? (0)

Anonymous Coward | about 9 months ago | (#45736305)

250,000 x 300 x .004 = 300,000, not $30M. Or do I have something wrong?

Zuckerberg (1)

Frankie70 (803801) | about 9 months ago | (#45736391)

That's where the Mark Zuckerberg Link comes in. Zuckerberg will sell FB stock worth 2.3 billion$ & give the CryptoLocker guys 30 million $ from that.

Math Fail? (0)

Anonymous Coward | about 9 months ago | (#45736313)

According to my math, wouldn't this only be $300,000?
250,000 * 0.004 = 1,000
1,000 * $300 = $300,000

The only way to get $30 mill is to multiply by 0.4 when calculating 0.4%

NSA etc (2)

RichMan (8097) | about 9 months ago | (#45736319)

Where are the vaunted security agencies in providing protection for citizens? Should not the government have a hand in protecting its citizens?

Re:NSA etc (2)

SJHillman (1966756) | about 9 months ago | (#45736387)

Get this labeled as "cyber-terrorism" (which is basically is) and they'll be all over it.

Re:NSA etc (2)

KiloByte (825081) | about 9 months ago | (#45736495)

You got it wrong: the NSA does cyber-terrorism, it doesn't fight it. Just like the PATRIOTUSA act was 100% promoting terrorism (spreading fear for political gain) rather than combatting it.

Re:NSA etc (0)

Anonymous Coward | about 9 months ago | (#45737091)

From Webster's Dictionary:
terrorism noun \ter-r-i-zm\
: the use of violent acts to frighten the people in an area as a way of trying to achieve a political goal
: the systematic use of terror especially as a means of coercion

terror noun \ter-r, te-rr\
: a very strong feeling of fear

I'm coerced into not flying because I'm filled with a strong feeling of fear of being groped by a TSA agent.* I'm coerced into driving the speed limit due to the systematic use of fear of detention and harassment by the police.

In my experience, those who make the most noise about an enemy are typically guilty of the deeds they accuse the other of.

*I have only flown once since 2001, and will never fly again while the TSA is still in charge of airport security. Without any exaggeration, I was abused as a child and am filled with a very strong feeling of fear of being groped again.

Math? (1, Interesting)

nmoore (22729) | about 9 months ago | (#45736321)

250,000 * .004 * $300 = $300,000, not $30 million. I think someone confused 0.4% with 40%.

Re:Math? (0)

Anonymous Coward | about 9 months ago | (#45736395)

250,000 * .004 * $300 = $300,000, not $30 million. I think someone confused 0.4% with 40%.

I think you mean .04 not .004

250,000 * .04 * $300 = $3,000,000

Re:Math? (0)

Anonymous Coward | about 9 months ago | (#45736503)

"0.4% of people paid the ransom"

0.4 / 100 (0.4% / 100%) = .004

Re: Math? (0)

Anonymous Coward | about 9 months ago | (#45736505)

.04 = 4%.... Article says .4%...

Re:Math? (0)

Anonymous Coward | about 9 months ago | (#45736553)

No.

Re:Math? (0)

Anonymous Coward | about 9 months ago | (#45736635)

250,000 * .004 * $300 = $300,000, not $30 million. I think someone confused 0.4% with 40%.

I think you mean .04 not .004

250,000 * .04 * $300 = $3,000,000

No, he means .004. Apparently the writers of this article aren't the only ones bad at math.

0.4 = 40%, 0.04 = 4%, 0.004 = 0.4%.

Re:Math? (1)

wile_e_wonka (934864) | about 9 months ago | (#45736825)

I wish I had some mod points to mod this side conversation about .4% as "funny." Like, who exactly has infiltrated /. that doesn't understand this? Soon, they're going to need to remove "News for Nerds" as false.

Re:Math? (0)

Anonymous Coward | about 9 months ago | (#45736865)

Now if we can only determine the connection between Zuckerberg and Verizon, we can blow this CryptoLocker thing wide open.
http://verizonmath.blogspot.ca/2006/12/verizon-doesnt-know-dollars-from-cents.html

Re:Math? (0)

Anonymous Coward | about 9 months ago | (#45737197)

you are 10.0% correct

Where's the money going? (1)

dysmal (3361085) | about 9 months ago | (#45736377)

My guess is a government alphabet soup (KGB/CIA/NSA/whatever) agency. Seriously. Times are tough. Governments around the world are strapped for cash. How else is a government agency going have an operations budget? More importantly, why wouldn't an agency do this?

Re:Where's the money going? (1)

TheloniousToady (3343045) | about 9 months ago | (#45736821)

You're right, it must be one of those. But they're actually doing you a service if you think about it. You see, all conspiracies exist solely to feed the paranoia of conspiracy theorists. Otherwise, there would be nothing for us to be afraid of. And what fun would that be?

Like roads and bridges, government conspiracies actually are built for the public good, but not for the obvious reasons: not for charitable reasons such as gathering data to protect The People, and not even for the cynical reasons of wielding power, making money, or even the sheer fun of doing evil. It's all about entertaining the public by feeding their paranoia. And all of us on Slashdot can be particularly thankful for that in this season of giving.

(Note to humor-challenged moderators: it's a joke, not a troll)

Justice (0)

Anonymous Coward | about 9 months ago | (#45736385)

When they find these guys I hope they get a fair trail.. .. After which they're thrown in to a locked room with everyone who's lost data to their twisted scheme.

No sysadmins, though. You should know better. If a system you've been overseeing looses more than a day's worth of data to cryptolocker it means you had inadequate backups and and you should be ashamed.

Cryptolocker has been a wakeup call to everyone. It's a worst case nightmare. A hostile program targeting end-user systems with important data, intentionally destroying data.(And really good spear-phishing/social engineering work to help it find it's target!) It's made everyone re-evaluate backup plans, user privileges and privilege separation. Even things like shadow copies will keep you safe. (What's that called? File system versioning?)

Usually everyone thinks about accidental data loss, system failure, and data theft. Hostile, intentional data destruction is usually not even considered.

Re:Justice (2)

SJHillman (1966756) | about 9 months ago | (#45736489)

We got hammered by CryptoLocker twice in November. Unfortunately, the backups of one of our affected fileservers crashed the same day, but we still lost very little data (none critical). The worst part is that it hits every mapped drive that the user has write-access to, and some of our legacy accounting and payroll systems require exactly those permissions. It's a real eye-opener, but what really gets you going is when you realize that CryptoLocker is actually pretty tame compared to what it could be - it only targets certain extensions, is easy to remove, is easy to block, and doesn't touch Windows.

Re:Justice (2)

stewsters (1406737) | about 9 months ago | (#45736729)

Your data is far more important to most people that windows. You could just re-install if that is the case (which you probably should consider if you were hit with this). One issue I have with security is that almost everyone stores their most valuable files in a location that any program they start can edit. Its really easy for users, but means things like this are so much worse.

They should popularize a system where you can choose what programs have access to particular directories. I would imagine it would work something like the permissions for android, where when installing it says that it needs access to these particular permissions and your music library. For instance, I could have a documents folder that only my word processor can access, I could have a video folder that only vlc can access, and I could set it so my browser could not access anything but its configuration directory. Browsers already try to do this, but it would be nice to force it from the system. It doesn't stop a stupid user from downloading bad programs, but it should help reduce the effect of application bugs being exploited.

Re:Justice (1)

SJHillman (1966756) | about 9 months ago | (#45736859)

One issue is that it doesn't just affect the infected machine, but also every mapped drive. Reinstalling all of those systems would have been a nightmare's worth of downtime. Unfortunately, most of the mapped drives are a result of legacy systems with very finicky requirements that we can't move off of yet for one reason or another. I agree, your access control system would be nice (although I imagine the initial implementations would be a minor nightmare as proprietary apps try to lock out other programs that could otherwise read that data).

Re:Justice (1)

JaredOfEuropa (526365) | about 9 months ago | (#45736791)

This. I found this bit of info on Bitlocker surprising as well: "When first run, the payload installs itself in the Documents and Settings folder with a random name, and adds a key to the registry that causes it to run on startup." Is this still even possible on modern (ish) operating systems (Windows 7 / Windows 8). Windows seems to ask for permission whenever an .exe is executed, and you'd certainly think it would ask for permission when a program modifies that part of the registry.

Re:Justice (1)

SJHillman (1966756) | about 9 months ago | (#45736901)

It requires the user to run it in the first place, usually as an email attachment. And users have long since been conditioned to click Yes/Run/Continue on every pop-up box that gets between them and their perceived goal. As annoying as it is, I like the things that ask "Block? Yes/No" rather than "Allow? Yes/No" because it helps stop some of this click-yes-without-reading behavior.

The bright side of CryptoLocker's registry access is that it leaves a list of every file that it hit, which helped a lot when restoring from backups as we didn't need to test or restore absolutely every file.

Re:Justice (4, Interesting)

mlts (1038732) | about 9 months ago | (#45737117)

IMHO, CryptoLocker is just the first shot across the bow.

Long term, maybe it will be a good thing, similar to the old PC days where BIOS killing viruses finally got people to actually care about average security or else keep buying new computers.

Of course, malware like this pretty much trashes almost every single backup system known to man. The enterprise is less affected because of programs like NetBackup that pull data, so malicious software is unable to touch previous backups. However, the main form of backups people do (if they bother to do anything) is copying to a secondary hard disk, which allows the backups to be accessed by malware and destroyed. Services like Mozy sort of help, but they might not keep a previous version of a file that hasn't been corrupted by ransomware, especially if the software is relatively slow and encrypts files over a long period of time to escape detection.

What I am waiting to see is Cryptolocker's descendant. This software will install itself through a hole in a Web browser or add-ons. It will install a low level Windows driver. It will then generate a private key and keep it local to the machine, sending a backup to the ransomware's servers. The software will gradually encrypt files over time. However, when an encrypted file is accessed, it will decrypt it on the fly... for a time.

Then, once it completes encrypting files, it will stop decrypting on the fly, purges the private keys it used, then demand ransom. Since this was done over a period of weeks to months, even backups stored on Mozy or other places will be locked out.

Good job with the quality control guys! (0)

Anonymous Coward | about 9 months ago | (#45736409)

Subject speaks for itself. Slashdot loses crediibility for every irrelevant article that gets published.

motive always equals results (0)

Anonymous Coward | about 9 months ago | (#45736437)

free the innocent stem cells

Not computers, but Windows. (0)

Anonymous Coward | about 9 months ago | (#45736453)

Huge difference.

Reamde? (0)

Anonymous Coward | about 9 months ago | (#45736465)

This is straight out of a freaking Neal Stephenson novel!

Said every IT person. Ever. (4, Insightful)

girlintraining (1395911) | about 9 months ago | (#45736501)

"So, do you have a current backup?"
-- Every tech support number you'll call, anywhere. Ever.

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?

Re:Said every IT person. Ever. (3, Insightful)

thebes (663586) | about 9 months ago | (#45736609)

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive".

And how many people that do use an external drive actually unplug it after the fact?

Re:Said every IT person. Ever. (2, Interesting)

Anonymous Coward | about 9 months ago | (#45736777)

your forgetting that almost no one changes their own oil any more, people are just too lazy and that's the only answer. that is why certain companies have stopped including dip sticks with their engines and instead require you to go to a service center to check your oil levels. one failed sensor and your engine is toast..

and you expect people to perform their own backups? your analogy is correct but you miss the fact that you are not the average person as you have the common sense not to run your car for 15,000 miles with out thinking to change your oil. for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster

Re:Said every IT person. Ever. (1)

girlintraining (1395911) | about 9 months ago | (#45737083)

for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster

I don't agree. A toaster can be abused and run into the ground without hurting your wallet too much. People tend to sit up and take notice when you start talking about dropping half their yearly net income on something. Now, that doesn't mean they have common sense -- plenty of people have all the sense of a turnip, but to suggest they put a car in the same category as a toaster is absurd.

As for those sensors... no, it takes more than one failed sensor to blow up your engine. There is an oil pressure sensor, and an oil level sensor, at minimum, in the vehicles you mention. But let's ignore that and say they both simply give up the digital ghost without warning... the car's onboard computer will still trip out when you exceed the odometer tracking the miles since last oil change. But even if all of that technology fails, there is still one thing left to save your engine from mechanical oblivion: Your own eyes and ears.

Engines that are low on oil tend to run hot, and they tend to run hard. They don't accelerate, they feel like they're losing power, and dear god do they make noise as they die. All that overheating metal is going rat-a-tak-tak and war-warrrrr-waaaaahhhhhrrrrr.... as it dies, smoking and belching steam. If you fail to notice all of these signs, you don't deserve a car.

Re:Said every IT person. Ever. (5, Informative)

wbr1 (2538558) | about 9 months ago | (#45736841)

Unfortunately, an external drive backup using your scheme is of little to no use against this threat. It will encrypt all attached drives, network, USB or otherwise, so long as the user has permissions. It will start with commonly needed file extensions first.

Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.

Re:Said every IT person. Ever. (2)

swb (14022) | about 9 months ago | (#45736939)

And you also need enough of the right kind of backups.

Basic drag-and-drop copy backups for desktop users where they keep the backup device connected and online for convenience or scheduling would be of limited value due to the fact that they do could be crypto-lockered. Your backup needs to be of a type that can't be compromised by cryptolocker, either in a format it doesn't attack or on a system/media that is isolated from a desktop infection.

Further, you need enough retention in your backup so that you can restore the data to a state prior to the infection. A client I work with that got hit but didn't report it until days later. A short retention cycle backup where only a few copies are kept might prevent the backup from even containing useful information. Fortunately for my client, we had 21 days of online retention and were easily able to restore files to a pre-modified state.

I also like to advise that data access be restricted so that the totality of information stored isn't vulnerable to one person's computer going haywire. It always amazes me how many places find the "dumping ground" method of organization useful, where all data is accessible by all users. Unfortunately once you get there, it's hard to change because there's little coherency to the information, making it difficult to segment and often represents organizational challenges in trying to establish limits.

Re:Said every IT person. Ever. (0)

Anonymous Coward | about 9 months ago | (#45737003)

Because of multiple persistent and well-funded ad campaigns with the goal to convince the average user that they are too stupid to use a computer.

Re:Said every IT person. Ever. (0)

Anonymous Coward | about 9 months ago | (#45737097)

I hate to break it to you but the average worker does not want to know how to use a computer...it gives them an excuse to do nothing and/or call the IT department and sit around drinking coffee. Nothing more pathetic than some asshole going "well, gosh, i'm just not that good with computers *shrug*" then turning around and twiddling his phone like a maniac. Excuse me, fucko, but that phone is a fucking computer and you seem to be using it just fine.

Re:Said every IT person. Ever. (1)

tlhIngan (30335) | about 9 months ago | (#45737351)

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?

Because it's dull and boring. Do you vacuum the floor of your house weekly? Or change the bedsheets? Clean the toilet? Dust (even just cleaning the dust out of your PC)?

The problem is it's a chore. A huge PITA to go and plug stuff in, drag and drop, and then unplug it.

The funny thing is that companies have been doing it the convenient way for ages - backups happen at night and all that stuff, with no intervention from the admin or users.

I happen to have current backups because all my PCs back themselves up over the network at night automatically. I don't do a single thing - it just happens. Once in a while they miss a backup because of an error, but it usually resolves itself in a couple of days. No muss, no fuss, it just works.

The real irony is Microsoft discontinued the software - Windows Home Server was perhaps the single most easy to use backup solution ever - once you install the connector software, the backups happen automatically overnight. And even better, it backs up network and disk drivers so as long as you have access to the backup via another system, you can copy the drivers so even if your PC is too new for the restore DVD, you can still instruct it to load the saved drivers (off USB key) and perform a network restore.

And it also was a de-dupe full image backup - you could restore to a blank hard drive and get back your system as it was, OS and all (and you can of course, browse a image backup by date and use Explorer to copy files off the backup if you only need to restore a few files or folders).

Honestly, one of the most slick backup solutions around for home use, and it's discontinued now.

on a side note (1)

die standing (2626663) | about 9 months ago | (#45736721)

Crypto-Smasher V3.10 was used by Gary and Wyatt to make Lisa... just sayin.

Correct the headline please (0)

Anonymous Coward | about 9 months ago | (#45736797)

Why not correct the blatantly false headline? Slashdot has editors, please edit! $30 million is 100 times more than the math actually adds up to. On Slashdot, I would expect simple math to be verified!

Good for them... (0)

Anonymous Coward | about 9 months ago | (#45736875)

... I make 50 million every 2 days in eve online.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?