Stories
Slash Boxes
Comments

SoylentNews is people

FBI: "Just pay the ransom."

posted by martyb on Thursday October 29 2015, @10:41AM   Printer-friendly
from the backups-just-do-it dept.

Runaway1956 writes:

There is a particularly devious type of malicious software that locks users out of their own computer systems until an individual agrees to pay a ransom to the hackers. In these cases, the FBI has surprisingly suggested just ponying up the dough.

It's not the type of advice one would typically expected from the FBI, but that's exactly what was recommended by Joseph Bonavolonta, the assistant special agent in charge of the FBI's CYBER and Counterintelligence Program Boston office.

"The ransomware is that good," said Bonavolonta at the 2015 Cyber Security Summit in Boston, as quoted by Security Ledger. "To be honest, we often advise people just to pay the ransom."

https://www.rt.com/usa/319913-fbi-pay-ransomware-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=RSS

Yeah, it's RT, but I did a search, and that or similar headlines popped up on dozens of news sites. I clicked a couple of them, and the stories match. Try this one,
https://thehackernews.com/2015/10/fbi-ransomware-malware.html

Personally, I can almost certainly afford to nuke and reinstall, unless they get my RAID array. Then - I'd have to think hard.

Original Submission

 
This discussion has been archived. No new comments can be posted.
FBI: "Just pay the ransom." | Log In/Create an Account | Top | 81 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by jimshatt on Thursday October 29 2015, @02:20PM

    by jimshatt (978) on Thursday October 29 2015, @02:20PM (#256031) Journal
    Does knowing the unencrypted data, or parts of it, make it possible or easier to decrypt the encrypted data?
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Informative) by Anonymous Coward on Thursday October 29 2015, @02:36PM

    by Anonymous Coward on Thursday October 29 2015, @02:36PM (#256037)

    If you know the full unencrypted data, "decryption" is trivial: Just write the unencrypted data back to its original place.

    Otherwise, I'd expect them to use encryption algorithms where no known-plaintext attacks are known, so your partial knowledge probably won't help you.

    • (Score: 0) by Anonymous Coward on Thursday October 29 2015, @05:58PM

      by Anonymous Coward on Thursday October 29 2015, @05:58PM (#256137)

      Theoretically let say you had one file that was the same as the stuff that had been encrypted. Could you encrypt that one file with every possible key and then compare it to the encrypted version to find the correct key?

      • (Score: 0) by Anonymous Coward on Thursday October 29 2015, @11:04PM

        by Anonymous Coward on Thursday October 29 2015, @11:04PM (#256261)

        Related question -- theoretically
        What if my backups weren't current, but were good for everything a month old or older. In that month I might have changed a hundred important files. Given that I have unencrypted versions of nearly all my files (many thousands...), could that help to decrypt the recent ones that were hit by ransom ware?

        Separate question -- is there any type of "inoculation" available that could run in the background and watch for (and kill) any process that was encrypting files? I don't normally encrypt any of my local files...

      • (Score: 2) by darkfeline on Friday October 30 2015, @12:29AM

        by darkfeline (1030) on Friday October 30 2015, @12:29AM (#256290) Homepage

        >theoretically
        >every possible key
        Yes, you'll just need to wait for the heat death of the universe, and having any number of non-encrypted files makes no difference, you need a known-plaintext vulnerability for that.

        --
        Join the SDF Public Access UNIX System today!