Stories
Slash Boxes
Comments

SoylentNews is people

posted by LaminatorX on Sunday January 04 2015, @11:28PM   Printer-friendly
from the drive-by-crypto dept.

Alina Simone writes in the NYT that her mother received a ransom note on the Tuesday before Thanksgiving.“Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If she failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data would be lost forever. "By the time my mom called to ask for my help, it was already Day 6 and the clock was ticking," writes Simone. "My father had already spent all week trying to convince her that losing six months of files wasn’t the end of the world (she had last backed up her computer in May). It was pointless to argue with her. She had thought through all of her options; she wanted to pay." Simone found that it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them and so she eventually helped her mother through the process of making a cash deposit to the Bitcoin “wallet” provided by her ransomers and she was able to decrypt her files. “From what we can tell, they almost always honor what they say because they want word to get around that they’re trustworthy criminals who’ll give you your files back," says Chester Wisniewski.

The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of “a very mature, well-oiled capitalist machine" says Wisniewski. “I think they like the idea they don’t have to pretend they’re not criminals. By using the fact that they’re criminals to scare you, it’s just a lot easier on them.”

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by acharax on Monday January 05 2015, @02:56AM

    by acharax (4264) on Monday January 05 2015, @02:56AM (#131733)

    By paying the ransom you've show these folks that their buisness model does indeed work and have further contributed to its continued prevlance, ensuring that many more will fall victim to this very sham in the future. Godspeed to you people.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   2  
  • (Score: 2) by kaszz on Monday January 05 2015, @04:08AM

    by kaszz (4211) on Monday January 05 2015, @04:08AM (#131750) Journal

    Taint the money?

  • (Score: 2) by etherscythe on Monday January 05 2015, @09:21PM

    by etherscythe (937) on Monday January 05 2015, @09:21PM (#131974) Journal

    Were it only so simple. They typically require you to go down to your local grocer/convenience store and buy MoneyPak or similar product for the stated dollar amount and enter the numbers you get on the paperwork. It's probably even less traceable than Bitcoin, although I haven't researched that angle.

    --
    "Fake News: anything reported outside of my own personally chosen echo chamber"
  • (Score: 2) by kaszz on Tuesday January 06 2015, @01:34AM

    by kaszz (4211) on Tuesday January 06 2015, @01:34AM (#132053) Journal

    And if the terminal that process that prepaid card says [Call police!] then together with a security camera they have lost their anonymous presence?

  • (Score: 2) by wonkey_monkey on Monday January 05 2015, @08:15AM

    by wonkey_monkey (279) on Monday January 05 2015, @08:15AM (#131795) Homepage

    Tisn't it?

    --
    systemd is Roko's Basilisk
  • (Score: 0) by Anonymous Coward on Monday January 05 2015, @03:48AM

    by Anonymous Coward on Monday January 05 2015, @03:48AM (#131744)

    So victims should sacrifice for the greater good? Easy to say when your ass isn't on the line.

  • (Score: 1) by acharax on Monday January 05 2015, @04:18AM

    by acharax (4264) on Monday January 05 2015, @04:18AM (#131756)

    I'll give that an unanimous yes. Reality isn't always a nice place, for that matter it usually is anything but. People should learn their lesson, practice safe computing or perish (computers are almost inseparable from real life nowadays, and people should begin treating them as such). If I were to get burned due to my own incompetence or neglect I wouldn't expect quarter from anybody either - because it's my fault at the end of the day.

  • (Score: 2) by q.kontinuum on Monday January 05 2015, @01:58PM

    by q.kontinuum (532) on Monday January 05 2015, @01:58PM (#131842) Journal

    I don't think it will help much if she resists paying. Maybe it's cynical, but by paying she makes the loss through insecure systems quantifiable. We just need a hotline to collect information of victims and how much they actually paid. Consider following headlines:

    1. Three billion dollar extorted from computer users by ransom-ware
    2. Several users lost their private data, they think they might have an equivalent of five billion dollar

    To me the first headline sounds like a credible reason to increase spending on security-improvements, the second sounds like some people whining and exaggerating. Maybe it has to get worse before it gets better. (I don't like the criminals earning money either, but I also don't think it's the mothers task to heal the world.)

    --
    Registered IRC nick on chat.soylentnews.org: qkontinuum
  • (Score: 1) by acharax on Monday January 05 2015, @02:49PM

    by acharax (4264) on Monday January 05 2015, @02:49PM (#131852)

    An interesting angle to view the matter from. I agree that the former would provide some valuable insight into just how effective ransomware actually is, it's definitively preferable to the security sensationalism that plagued many tech sites in recent years.

    I'm not so sure that the situation getting worse would in itself lead to an improvement though, no matter how bad things could get - taking into account just how humble most malware was just 20 years ago (it was usually much more destructive, I'll give it that) to the BIOS-patching, HDD sector masking incarnations of TDSS that're out there today.

  • (Score: 0) by Anonymous Coward on Monday January 05 2015, @08:21AM

    by Anonymous Coward on Monday January 05 2015, @08:21AM (#131796)

    I missed the part where the mother was expecting someone else to pay.
    The mother made a decision to pay the ransom so she would not lose her files.
    Why should she care about any future victims when they have no reason to care about her? "Reality isn't always a nice place" so fuck the future victims. They can learn from their own mistakes.
    What makes you so sure that you would sacrifice so that others' incompetence isn't taken advantage of?

  • (Score: 1) by acharax on Monday January 05 2015, @09:34AM

    by acharax (4264) on Monday January 05 2015, @09:34AM (#131803)

    She paid as to not face the consequences of her (in)actions, will heed some advice for a few month and then promptly fall back to past behavior patterns. The cycle will eventually repeat anew and she'll more than likely get burned again, perhaps even by the same chaps once they cook up their next little scheme.

    What makes you so sure that you would sacrifice so that others' incompetence isn't taken advantage of?

    Good and old fashioned defiance, mostly.

  • (Score: 0) by Anonymous Coward on Monday January 05 2015, @05:19PM

    by Anonymous Coward on Monday January 05 2015, @05:19PM (#131900)

    I guess you are a lot better off than me. I would call $525 plus the stress of the situation a consequence and I'm not sure you can assume that the mother will not change her (in)actions.

    Not paying out of spite is not the same as sacrificing for others.