Hugh Pickens writes:
Alina Simone writes in the NYT that her mother received a ransom note on the Tuesday before Thanksgiving.“Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If she failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data would be lost forever. "By the time my mom called to ask for my help, it was already Day 6 and the clock was ticking," writes Simone. "My father had already spent all week trying to convince her that losing six months of files wasn’t the end of the world (she had last backed up her computer in May). It was pointless to argue with her. She had thought through all of her options; she wanted to pay." Simone found that it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them and so she eventually helped her mother through the process of making a cash deposit to the Bitcoin “wallet” provided by her ransomers and she was able to decrypt her files. “From what we can tell, they almost always honor what they say because they want word to get around that they’re trustworthy criminals who’ll give you your files back," says Chester Wisniewski.
The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of “a very mature, well-oiled capitalist machine" says Wisniewski. “I think they like the idea they don’t have to pretend they’re not criminals. By using the fact that they’re criminals to scare you, it’s just a lot easier on them.”
Forgot to AC up. That's... gonna be some karma burn there.
If some day there's gonna be a wikipedia entry for soylentnews trolling phenomena (which is not instantly deleted), I'm gonna buy you a beer, or three. Deal?
Probably no karma penalty, it was on target and mildly funny to boot.
However, that said, I've heard it alleged that there are versions of this encryption virus that can affect linux. Don't know how it works, but you have a running process either in a pdf reader, or a browser, and if you can break the browser's sandbox (not that hard, I've been told), you would be off to the races, at least for that user's directory.
As of 2013 Linux people were claiming not to have heard of anything happening to Linux: http://www.everydaylinuxuser.com/2013/12/16-ways-to-beat-cryptolocker-and.html [everydaylinuxuser.com]
I found this but it's just someone's browser being locked up; mv .mozilla .mozilla.save fixed it: http://forums.linuxmint.com/viewtopic.php?f=90&t=143453 [linuxmint.com]
Well, mainstream badware for Linux has kind of been long in the coming now. It wouldn't surprise me if you're 100% right.
Well, mainstream badware for Linux has kind of been long in the coming now.
Because its harder to do.Its not enough to get the executable on your disk, you have to mark it executable as well.You might be able to do this with a running process in a browser, or a script in a pdf, but, like I mentioned, you have to break the sandbox to do that, all the low hanging fruit has been trapped out.
If you are running Security Enhanced Linux, you can prevent anything in the user's directory from being executed. Same with Mac ACLs.
The problem comes with script languages. With scripts, all you have to do is launch the script handler, and point it at the script. Many of these scripting languages do not require the execute bit set on the script itself:
echo "echo Hello World" > helo sh helo
This kind of thing still relies on browser sanboxing to protect against.
You know, I've done that a million times in python and have never even considered the lack of execution bit before... Surely that part could be facilitated through as much social engineering as getting someone to open a sketchy attachment though.
"To view your invoice in Ubuntu, please follow these easy directions: Save the sh file to your hard drive, type in Terminal from Unity, and then type the command "sh badtimes.sh".
What would be really cool is if you could come up with some sort of single file that could be malicious in both linux and windows. A naughty pdf that had some sort of script embedded at the top of it or something. I'm sure most file types are pretty touchy about their header information, but there's probably at least one out there that would allow it. I know mp3s let you embed all kinds of crazy stuff in them, but I don't know if you can put it at the top of the file.