Virus Hold Computer Files 'Hostage' for $200

dwayner79 sent in a story about a new virus making the rounds- this one is unique because it locks your files and then demands a $200 ransom to get them back. It seems to me that this might leave some sort of tracable money trail. They don't have much information on any particular transmission mechanism, they just talk about web pages giving it up.

a fix

[MankyD]

Assuming this virus is telling the truth (and I highly highly highly doubt it is), doesn't that mean that there's a simple command you can send to it to fix the problem? What's to prevent anti-virus companies from figuring this out and providing a quick fix?

Finally!

[Apreche]

What the hell took so long for this to happen? There are thousands of viruses all around and most of them are so benign. They just eat system resources, send spam, show ads and other bs. It took way too long for someone to make a virus that actually compromises data. I hope soon someone makes one that takes important data files and uploads them to a web server for public view. And another one that overwrites the hard drives 3 or 4 times to prevent data recovery.

Maybe when this happens people will actually pay more attention to computer security, instead of just putting up with the inconvenience.

Don't give in to the demands of terrorists

[saskboy]

However, people have been installing and paying spyware removal fees of less than $200, so I won't be surprised when people pay off viruses like this.

interesting attack

[rayde]

this is interesting. if a virus did this on a large scale, there would be loads of people who would be desperate to recover their data, and likely no feasible way to do it on a large scale without key recovery. but really, does the h4xx0r expect to be able to collect a sizeable amount of money without it being traced?

yet another reason to do regular backups, so you are never solely dependent on your local copies.

Re:a fix

[pentalive]

A simple command to fix this? try
"restore backup"

Re:I call hoax

[saskboy]

I call RTFA ;-)

"The FBI said the scheme, which appears isolated, was unlike other Internet extortion crimes.

Leading security and anti-virus firms this week were updating protective software for companies and consumers to guard against this type of attack, which experts dubbed "ransom-ware"."

Getting away with it...

[NCraig]

"The problem is getting away with it - you've got to send the money somewhere," Stewart said. "If it involves some sort of monetary transaction, it's far easier to trace than an email account."

These guys won't get caught as long as they operate internationally and keep their ransom demands relatively low. As we've seen with the Nigerian Scam, there will be little impetus to apprehend these worthless criminals.

Re:Finally!

[i.r.id10t]

You've not been around computers for long have you? We used to have all these nasty viruses, before Visual Basic and script kiddies, back when AOL wasn't on the Internet and dial up was mostly BBSes. Boot sector viruses, trashing hard drive controllers, etc.

Or....

[spotmonk]

you could just spend the change on a blank cd and back up your data before spending 200 dollars to get it back.

Re:Finally!

[meringuoid]

Maybe when this happens people will actually pay more attention to computer security, instead of just putting up with the inconvenience.

What will do that is a virus that replaces all .jpg files found with goatse, tubgirl and lemonparty.

So many people have stored their digital camera photos on vulnerable Windows PCs. The only thing that will get them to secure those boxes is the threat that little Sophie's birthday photos, or the last time they went on holiday with Grandma before the illness, might be replaced with hideous porn by some virus...

I send program to your email... Give me Money!

[stanleypane]

Is it just me, or does this seem a little elementary? FTA:

"I send program to your email," the hacker wrote.

And only demanding $200.00 from a business? Sounds like one of the following must be true:

a) person is stupid enough to demand only $200.00 for a crime most likely punishable as extortion.
b) person is testing the effectiveness of their program.
c) person is too short sighted to think of either a or b.

This is just pathetic.

Comment removed

[account_deleted]

Comment removed based on user account deletion

If a smart crook were behind this ...

[Y2]

If a smart crook were behind this, he'd not worry much about collecting the supposed ransom, but would pop his head up as a good guy saying he'd cracked the virus and would sell you a fix-it kit for $50.

Of course, this means any honest white knight is going to learn the hard way about 20 feds and a flashlight.

And computer criminals everywhere cringe

[grasshoppa]

Not that I particularly apprecaite idiot crackers making my work harder, but you gotta figure they'll be cringing at this rather blunt and clumsy attempt at extortion{sp}.

I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.

Idiots. If they do try to collect on this, they'll be caught, we'll find it's a couple of dumb as fuck kids who thought it'd be cool to "have a couple hundred bucks".

And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.

Fill in the blank....

[ZerocarboN]

Can you find out where to put the word "Explorer" in the following quote?

In the recent case, computer users could be infected by viewing a vandalised website with vulnerable Internet _____________ browser software

Re:Finally!

[EnglishTim]

Yes, I'd never heard of lemonparty before either.

'course, I've got the sense not to look it up...

Subtlely (?) destructive viruses

[mgkimsal2]

I've written about this before, but I'm *so* waiting for a virus to do one or more of the following:

* alter scheduled appointments in outlook/exchange
* alter contact information in outlook/exchange
* alter information in ms word and ms excel documents

The key to all this is to do it in small doses - change a 3 to a 4, alter appointments by 1 hour, etc, introduce a few wrong spellings into ms word documents, etc.

People have this view that viruses are horribly destructive, and it decreases the estimation of Windows in some. Others stick by Windows, content to use anti-virus stuff because a virus just generally uses up resources indiscriminately or 'steals' data.

If viruses started attacking the integrity of core MS Office products, not 'just' the operating system itself, more damage would be done to MS' hold on corporate america than any attack on the 'operating system' level by viruses.

Put more simply, most people really don't understand the ins and outs of operating systems, nor the potential damage than can be done to them. Everyone can understand the damage that could be done by having your spreadsheets altered without your knowledge.

Well, at least I *think* everyone could understand that.

not my pr0n!!!

[Anonymous Coward]

No!!!! Not my 200GB archive of pr0n!! :(
That'll that forever to redownload and organize...

Where do I send the money?

Re:Retro

[HyperBlazer]

Sounds like the first computer virus from what I remember. The one where some repair shop in India had the virus lock the user out of the system. It kindly displayed an ad for the repair shop that said they could fix it though.

I think you mean the Pakistani Brain Virus [wikipedia.org].

Software writers, not repair shop. Pakistan, not India. Not the first virus [wikipedia.org]. It was intended to prevent piracy, and wasn't at all intended to be a "ransom."

That's the short version of the story [brain.net.pk]. "Welcome to the Dungeon. Beware of the VIRUS." ;-)

web services, baby!

[abulafia]

The ransomware could phone home to a cracked server which provides the key. Or public key crypto could be used.

Gender Descrimination?

[Anonymous Coward]

Oh yeah. Fuck those gender-descriminating Jedi.

Anakin: "Padme, you're pregnant. I'm afraid-for the good of the baby-you can't go lightsaber dueling or starfigher riding. You can resume such activities when they are safe for you again, mmkay?"

Padme: "Okay. I don't want to lose my child, so I'll sit down for this particular strech of 9 months. It's not like I wasn't involved in lots of gunfights before this, so I think I can deal."

God, some people just try too hard. Your stupid little digression about "sie" and "hir" is almost longer than your entire point.

Re:interesting attack

[mwood]

What the virus author should be asking himself is: "should I worry more about the FBI tracing the thing back to me, or the minions of some mobster who just had his, uh, business records zapped by this indiscriminate attack?"

Re:They and Their

[croddy]

language derives its meaning from mutual consent. you can't "evolve a new shade of meaning" by yourself. before new forms enter a language, many people must use them for quite a while. we've formalized the lexicon and grammar so that people can actually use language to communicate predictably.

Re:Subtlely (?) destructive viruses

[GaryPatterson]

Hmm... Subtle damage could indeed be more crippling than overt damage.

Deleting a file will cause staff to notice, and after the virus is removed, the file will be restored.

Changing a few random values in a spreadsheet will likely not be noticed as quickly, and when it is, there may not be any way to work out which daily backup to restore from.

Then there's the effect.

Deleting a file causes irritation, but has no lasting effect.

Altering the file subtly will potentially damage a forecast, change the meaning of data or cause an employee to be held in lower regard.

I've sometimes wondered why virus writers seem little more than children, preferring to see their name writ large than actually do anything malicious. I've come to think it's human nature not to cause damage just for the hell of it.

I've been waiting for really damaging viruses to appear. This one won't herald the start of them - people will just purge the virus and then restore from backups.

Re:Finally!

[mrchaotica]

Yeah, that's exactly why we don't see really destructive viruses anymore: they've evolved. Just like biological viruses, computer virus writers have learned that your virus will spread farther if it doesn't completely kill the host, or generate an overwhelming immune response.

Re:Finally!

[mrchaotica]

Have you ever heard the phrase "curiosity killed the cat?" It's like a siren's call -- they know it's bad, but they can't help themselves.

Re:laundering the money

[team99parody]

In fact, Symantec does this to me (at work) all the time. I bought their product once; and every 6 months or however long it takes that license to expire; they keep spamming me with more emails that say if I want to keep my computer safe from all the stuff infectig it I need to pay them more protection money.

At home, I don't have the problem; since more honorable vendors that distribute their software via apt-get don't run these kinds of protection rackets.

Re:It won't get a penny from me...

[GauteL]

If it uses the same key, but a very long one, all the computers in the world would be very unlikely to break the key in a decent amount of time.

Remember the RC5 challenge? It took 1757 days worth of massive collaboration effort to break a 64 bit key, showing that 64 bits RC5 is not enough for data that is still sensitive after several years.

Now they are trying to break a 72 bit version of the same algorithm. It should take 2^8=256 times more computational effort or over 1000 years with current processing power.

Processing power increases, but you can imagine that something encrypted with a public key algorithm that requires as much effort as 80 bit RC5, could be impossible to break in the time-frame where the data is still valuable, even with a combined world-wide effort.

Money Agents

[gone.fishing]

I wonder if this (or some other) extortion attempt is why my bank recently sent it's customers a warning about a new scam that asks you if you would be willing to become a "money agent" for someone in another country. Supposedly, you would allow money to be deposited in your account and then you would send 90% of it along to a Western Union account. According to the scam, this is supposed to be faster, safer, and cheaper for people in forigen countries.

Seems like a great way of breaking the money trail and it only costs 10%!

Crooks are pretty inventive.

Re:a fix

[frankvl]

What's to prevent anti-virus companies from figuring this out and providing a quick fix?

Such a virus is the best marketing they can have

Re:Ransom

[Brian Boitano]

I was thinking more along the lines of "Please insert coin to continue".

Re:Money Agents

[djrogers]

If I'm willing to work with a foreign criminal, why wouldn't I just hang on to all 100% of the $$? Crooks don't trust other people that far... It's far more likely that the 'scam' is simply a way to get your checking account info so the crooks can drain it directly.