Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Sunday January 04 2015, @11:28PM   Printer-friendly
from the drive-by-crypto dept.

Alina Simone writes in the NYT that her mother received a ransom note on the Tuesday before Thanksgiving.“Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If she failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data would be lost forever. "By the time my mom called to ask for my help, it was already Day 6 and the clock was ticking," writes Simone. "My father had already spent all week trying to convince her that losing six months of files wasn’t the end of the world (she had last backed up her computer in May). It was pointless to argue with her. She had thought through all of her options; she wanted to pay." Simone found that it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them and so she eventually helped her mother through the process of making a cash deposit to the Bitcoin “wallet” provided by her ransomers and she was able to decrypt her files. “From what we can tell, they almost always honor what they say because they want word to get around that they’re trustworthy criminals who’ll give you your files back," says Chester Wisniewski.

The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of “a very mature, well-oiled capitalist machine" says Wisniewski. “I think they like the idea they don’t have to pretend they’re not criminals. By using the fact that they’re criminals to scare you, it’s just a lot easier on them.”

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by dyingtolive on Sunday January 04 2015, @11:59PM

    by dyingtolive (952) on Sunday January 04 2015, @11:59PM (#131705)

    Forgot to AC up. That's... gonna be some karma burn there.

    :)

    --
    Don't blame me, I voted for moose wang!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Wednesday January 07 2015, @03:01PM

    by Anonymous Coward on Wednesday January 07 2015, @03:01PM (#132583)

    If some day there's gonna be a wikipedia entry for soylentnews trolling phenomena (which is not instantly deleted), I'm gonna buy you a beer, or three. Deal?

  • (Score: 2) by frojack on Monday January 05 2015, @12:23AM

    by frojack (1554) Subscriber Badge on Monday January 05 2015, @12:23AM (#131708) Journal

    Probably no karma penalty, it was on target and mildly funny to boot.

    However, that said, I've heard it alleged that there are versions of this encryption virus that can affect linux. Don't know how it works, but you have a running process either in a pdf reader, or a browser, and if you can break the browser's sandbox (not that hard, I've been told), you would be off to the races, at least for that user's directory.

    --
    No, you are mistaken. I've always had this sig.
  • (Score: 1) by linuxrocks123 on Monday January 05 2015, @06:07AM

    by linuxrocks123 (2557) on Monday January 05 2015, @06:07AM (#131775) Journal

    As of 2013 Linux people were claiming not to have heard of anything happening to Linux: http://www.everydaylinuxuser.com/2013/12/16-ways-to-beat-cryptolocker-and.html [everydaylinuxuser.com]

    I found this but it's just someone's browser being locked up; mv .mozilla .mozilla.save fixed it: http://forums.linuxmint.com/viewtopic.php?f=90&t=143453 [linuxmint.com]

  • (Score: 2) by dyingtolive on Monday January 05 2015, @03:47AM

    by dyingtolive (952) on Monday January 05 2015, @03:47AM (#131743)

    Well, mainstream badware for Linux has kind of been long in the coming now. It wouldn't surprise me if you're 100% right.

    --
    Don't blame me, I voted for moose wang!
  • (Score: 2) by frojack on Monday January 05 2015, @07:17AM

    by frojack (1554) Subscriber Badge on Monday January 05 2015, @07:17AM (#131785) Journal

    Well, mainstream badware for Linux has kind of been long in the coming now.

    Because its harder to do.
    Its not enough to get the executable on your disk, you have to mark it executable as well.
    You might be able to do this with a running process in a browser, or a script in a pdf, but, like I mentioned, you have to break the sandbox to do that, all the low hanging fruit has been trapped out.

    If you are running Security Enhanced Linux, you can prevent anything in the user's directory from being executed. Same with Mac ACLs.

    The problem comes with script languages. With scripts, all you have to do is launch the script handler, and point it at the script. Many of these scripting languages do not require the execute bit set on the script itself:

    echo "echo Hello World" > helo
    sh helo

    This kind of thing still relies on browser sanboxing to protect against.

    --
    No, you are mistaken. I've always had this sig.
  • (Score: 2) by dyingtolive on Monday January 05 2015, @06:38PM

    by dyingtolive (952) on Monday January 05 2015, @06:38PM (#131923)

    You know, I've done that a million times in python and have never even considered the lack of execution bit before... Surely that part could be facilitated through as much social engineering as getting someone to open a sketchy attachment though.

    "To view your invoice in Ubuntu, please follow these easy directions: Save the sh file to your hard drive, type in Terminal from Unity, and then type the command "sh badtimes.sh".

    What would be really cool is if you could come up with some sort of single file that could be malicious in both linux and windows. A naughty pdf that had some sort of script embedded at the top of it or something. I'm sure most file types are pretty touchy about their header information, but there's probably at least one out there that would allow it. I know mp3s let you embed all kinds of crazy stuff in them, but I don't know if you can put it at the top of the file.

    --
    Don't blame me, I voted for moose wang!