Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday January 06 2020, @04:49AM   Printer-friendly
from the how-kind-of-them dept.

Ransomware Attackers Offer Holiday Discounts and Greetings:

As ransomware operators look at their organizations as a business, it is not surprising to see them offering discounts or season's greetings to their victims.

Such is the case with the Sodinokibi Ransomware (REvil) who MalwareHunterTeam noticed had changed their ransom note over the holidays to include a new message wishing the victims a "Merry Christmas and Happy Holidays".

The REvil ransom note goes on to suggest that instead of being stressed over the holidays, victims should pay the ransom so that they "have a great opportunity to enter the new year, leaving all the bad in the outgoing year. I advise you to write to us as soon as possible and not waste your precious time that you can spend with your family."

I am not sure this will have much effect on getting a victim to pay, but it does add a psychological impact to those who have to deal with them during the holidays.

The Maze operators took it a step further with their holiday celebrations by offering a discount to victims.

In a message to BleepingComputer, the Maze operators stated that they were offering a 25% discount if victims paid between December 25th and December 31st.

"We give 25% discount from 25-th december til 31-th [sic] December (included) for those who pays in this period of time. Merry christmas."

It is not known if they applied this discount retroactively to all of their victims, contacted them via the chat service, or some other means.

As part of a "new year celebration", the Maze operators have also told BleepingComputer that they are discounting the City of Pensacola's ransom to $500,000 and will no longer share their documents.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by anubi on Monday January 06 2020, @05:07AM (4 children)

    by anubi (2828) on Monday January 06 2020, @05:07AM (#940081) Journal

    A lot of us who grew up with computers and know them at the microcode, machine language, and assembler level have cried out for years against mixing code and data. Embedded executables in data. Can be just as toxic to the machine as dusting anthrax into your paper mail is to you.

    We were ignored.

    And the chickens are coming home to roost.

    It's gonna be pretty damm expensive to back out of this predicament now. We should have never embraced this kind of "let's control the users machine behind his back" technology in the first place.

    People like me were not the "Top Talent" retained by corporate. We just got in the way.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 0) by Anonymous Coward on Monday January 06 2020, @07:11AM

      by Anonymous Coward on Monday January 06 2020, @07:11AM (#940102)

      have cried out for years against mixing code and data

      But it's still common to push/pass parameters into the address/call stack: https://cs.nyu.edu/courses/fall03/V22.0201-003/c_param.html [nyu.edu]

      parameters = data
      return addresses = code

      With the zillions of transistors CPUs have nowadays can't they come up with a way to do parameter passing more safely?

    • (Score: 2) by c0lo on Monday January 06 2020, @07:35AM (1 child)

      by c0lo (156) Subscriber Badge on Monday January 06 2020, @07:35AM (#940110) Journal

      We were ignored.

      (sigh)... I know.
      If they just listened to us, the graybeards, and just used LISP!
      (very large grin)

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 2) by hendrikboom on Monday January 06 2020, @11:22PM

        by hendrikboom (1125) Subscriber Badge on Monday January 06 2020, @11:22PM (#940421) Homepage Journal

        Current versions of Scheme have a kind of code/data separation. There is macro-time and run-time. At macro time, code is treated as data. But at run time all that is over and only data is (normally) treated as data.

        Of course there are situations where you need to mix this up, and there are ways to do that. But normal usage separates code from data ... somewhat.

        -- hendrik

    • (Score: 2) by Mojibake Tengu on Monday January 06 2020, @08:48AM

      by Mojibake Tengu (8598) on Monday January 06 2020, @08:48AM (#940127) Journal

      You forgot the old saying of the ancients: data is code and code is data.

      But if common people could truly understand the concept of separability taken from classic topology, they could not be herded by politics anymore. And that's unacceptable.

      --
      Respect Authorities. Know your social status. Woke responsibly.
  • (Score: 2) by inertnet on Monday January 06 2020, @10:29AM

    by inertnet (4071) on Monday January 06 2020, @10:29AM (#940139) Journal

    University of Maastricht [observantonline.nl] has just paid their ransomware attackers. The observant website is the university's own magazine.

  • (Score: 1, Insightful) by Anonymous Coward on Monday January 06 2020, @02:34PM (3 children)

    by Anonymous Coward on Monday January 06 2020, @02:34PM (#940188)

    My first thought to this was to wonder why there is not a reward for these folks with an expected kinetic response.
    But the heads on a pole plan, while fun to think about, misses two major points.

    First the state of computer security is really sad. Starting with we don't need no stinking offline backups, and ending with what seems intentionally bad by design for short term profit.

    The second thing is that state of humanity is really encouraging. Even in this sad state of security, things seem to mostly work because folks are generally not focused on evil.

    The problem with this state of affairs is that the network is a force multiplier allowing just a little evil (or more likely stupidity) to take down the whole.

    Perhaps, heads on a pole accountability might be a good path forward, but it should be applied to those designing the mess?

    • (Score: 3, Insightful) by anubi on Tuesday January 07 2020, @01:57AM (2 children)

      by anubi (2828) on Tuesday January 07 2020, @01:57AM (#940475) Journal

      We are all forged by experiences.

      My first interest in software reversing was fomented by Electronic Arts, by repeatedly banging my very expensive floppy drive's head against the stop. At that point I learned how to use a disassembler, find the annoyance, and remove it.

      Then I graduated to a PC, 300 baud telephone modem, and BBS, where I was promptly nailed with an ANSI bomb. No real harm done, it just took out a kid with a modem on a BBS. But the lesson was taught. Never to be forgotten. That computer could have been controlling some critical machinery.

      Later, on the job, I got nailed with the "Concept" virus spread via "Macros" in Microsoft Business products.

      Sure is an expensive way to learn again the same lesson about embedded executables. The programmers hired by Microsoft obviously did not have the earlier experience I got with the ANSI bomb.

      I hate to think anyone could be that dumb. Must be just plain old inexperience. I had backups. Recovery just took time.

      Then I got nailed again. Circuit City DIVX disks and player. They sold me all these disks along with a player that came with a "Business Promise" that anytime I want to view the content of my purchased disks, my purchased player would contact their server over the phone and get permission to play and bill my CC. Then they turned their server off, leaving me with stacks of useless disks and a useless player.

      Well, that taught me a lot about how meaningful "Business Promises" are. And the risks I take by not having possession of my stuff in machines I control.

      Now, having this experience, I find myself in a corporate environment, where the people I am subordinate to have not had the same. They can neither relate or understand. Their expertise is all about maximizing profit and "Leadership".

      They are not aware of the risks of running arbitrary code injected into their machines by GodKnowsWho.

      Or backups. Or revision creep that renders older documentation unreadable, or the risks one takes by not understanding exactly how their stuff works.

      These are rich people, well insulated from reality, by ample financial resources to buy someone else to fix it.

      I and others have relentlessly whined about this for fifty years now. And feel the futility of say, a metallurgical engineer trying to explain to a PHB why one should not use brass bolts to fasten steel playing on a ship.

      Ok, now the ships are made. In service, and experiencing severe corrosion problems.

      And now, you PHB are finally becoming aware of this?

      And you want US to fix it?

      By God, I am 70 years old! So are all the others who lived through all this. We were trained in the days before it was illegal under DMCA to share how stuff works.

      You PHBs and MIC and Congressmen have made one helluva mess. Thank goodness the authority to screw up the American engineer is mostly limited to the USA. Other sovereigns are free to take what we have and build on it, no different than what we used to do.

      My hopes are with the open source movement to keep the majority of the human race from being subordinated to machines they are coerced to purchase and maintain.

      It's also why have devoted so much effort to Arduinos. Those are the only machines I can design both hardware and software for, and trust it.

      I have ways of getting Arduinos to do the damndest things.

      This was a long post, probably will be seen by very few, but want to leave it for posterity.

      Yes, many of us saw this train wreck in the making, tried our damndest to stop it, and we're about as effective at stopping it as placing a precision spectrum analyzer on the track of an incoming freight train. It's almost impossible to guide governments, investors, and bankers, all considered too big to fail.

      I had to take my whammies personally. They don't.

      Their private jet awaits to take them to their next clusterfuck. While our Congresses pay for golden parachutes.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 2) by hendrikboom on Tuesday January 07 2020, @01:22PM (1 child)

        by hendrikboom (1125) Subscriber Badge on Tuesday January 07 2020, @01:22PM (#940612) Homepage Journal

        I prefer a modern English translation.

        "Test all things; hold fast that which is good."

        The meaning of "Prove" has changed somewhat in the last half millennium.
        I guess that's an instance of the documentation rot you mention.

        -- hendrik

        • (Score: 0) by Anonymous Coward on Wednesday January 08 2020, @02:33AM

          by Anonymous Coward on Wednesday January 08 2020, @02:33AM (#940880)

          To me, that verse tells me God says it's OK for me to run anything anyone tells me through my bullshit detector.

  • (Score: 4, Funny) by All Your Lawn Are Belong To Us on Monday January 06 2020, @03:40PM

    by All Your Lawn Are Belong To Us (6553) on Monday January 06 2020, @03:40PM (#940218) Journal

    We wish you a merry hijack
    We wish you a merry hijack
    We wish you a merry hijack
    With encrypted data fear!

    Bad tidings we bring
    your drives we will win
    You'll pay us some bitcoin
    Or lose your data oh dear!

    --
    This sig for rent.
(1)