Sneaky Blackmailing Virus That Encrypts Data 409
BaCa writes "Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"
LET'S HOPE SO (Score:5, Insightful)
The virus tossers are actually making their situation worse by turning to extortion. But they weren't all that bright to start with.
Re:LET'S HOPE SO (Score:5, Insightful)
They think they're pretty clever. (Score:5, Insightful)
The trust issue is that there is fundamentally no reason for the person receiving the money to follow through and send you the private keys to decrypt the data. If it was a known person, they'd be arrested, and since they're unknown there is no "reputational" factor that would make people more likely to pay based on the experience of others.
Just another moron criminal scheme from some douchebag who thinks he's found a get rich scheme. Just like other "genius" criminals, the fact is that the professionals in the field are smarter than the criminals.
Re:But were they smart, or stupid? (Score:4, Insightful)
besides... do you really expect to get your data back after a hack like that? you're system is hosed, any correspondence with the malware author is only going to lead to more loss.
you got pwnd, restore from backup, call the FBI if you're a good corporate citizen and have nothing to hide. Otherwise, get a Mac.
Re:But were they smart, or stupid? (Score:2, Insightful)
Re:But were they smart, or stupid? (Score:5, Insightful)
Does it matter? I have backups.
And how often do you roll through your backups? Will you notice the encrypted files in time, or will you end up backing up the worthless files instead?
I have plenty of important files which I don't look at very often. It might take months before I realize they are corrupted -- and by that time, I've overwritten the last valid backup with the encrypted stuff.
Re:This is why backups are good (Score:3, Insightful)
And not as much as it would seem.
ps - this is why I have three copies of everything important to me and my wife, in two different locations, rarely more than 2 days out. She doesn't question me about this for a few weeks after she askes "Honey, I can't find........". She still doesn't understand about 12 years of email archives... Go figure.
Re:But were they smart, or stupid? (Score:5, Insightful)
Fear, and adware. For example, if this virus becomes really widespread, the malware author could create a rouge anti-virus program that promises to get rid of it, and might even get rid of it, the downside is, it infects the host machine with adware giving the author $$$. Otherwise he can simply modify the script to not only encrypt it but add some adware into there. If you have root, there isn't much you can't do.
Yeah, sure, *that'll* work.. (Score:5, Insightful)
"We have encrypted your illegally copied music files. Put $5000 in unmarked bills in a plain brown paper sack and mail it to: RIAA Washington, D.C. no later than midnight tonight or you'll never listen to your music again"
Re:Anti-Malware Response (Score:2, Insightful)
http://en.wikipedia.org/wiki/RSA
As a side note:
At 128-bits, assuming the algorithm does not have a weakness, a brute force attack takes longer than the age of the universe. The amount of power that such an attack would require is also quite staggering.
At 256-bits, brute-forcing would require being able to harness the entire output of a star (or stars) to power the computer needed to complete the task.
As long as no holes are present in the encryption method, a 1024 bit key is (in practice) unbreakable.
http://en.wikipedia.org/wiki/Brute_force_attack
Re:But were they smart, or stupid? (Score:5, Insightful)
I would happily contact the criminal and send them $1 after working with my bank and law enforcement to set up an account trace to see where the money goes and who ends up with it.
Re:But were they smart, or stupid? (Score:5, Insightful)
> where the money goes and who ends up with it.
Yeah, because they'd never have thought of that.
Re:But were they smart, or stupid? (Score:2, Insightful)
Re:But were they smart, or stupid? (Score:5, Insightful)
Okay, it might be. Imagine it repeating the process on many files, each time a new file is written it may fill the space of the last deleted one. This also depends on the file system, OS strategy, file sizes, etc.
Using an undelete utility means you risk recovering many corrupt files. That may be better than nothing or sending money to a malware author, which as much as I hate to say it may legitimately be classed as "funding terrorism".
Re:But were they smart, or stupid? (Score:2, Insightful)
And given that most people work in files which are essentially text or the moral equivalent (Word docs, etc), it's likely that you do, in fact, have enough space for a very, very large number of backups.
Re:But were they smart, or stupid? (Score:4, Insightful)
Re:But were they smart, or stupid? (Score:4, Insightful)
you got pwnd, restore from backup, call the FBI if you're a good corporate citizen and have nothing to hide. Otherwise, get a Mac.
Getting a Mac will help for a while, but as more people switch to Macs malcontents will target OS X. And while it's more secure it's not totally secure, nothing is.
Falcon
Oh, and I'm not an MS fanbous, my desktop PC's OS is Linux and the laptop I'm typing this on is a MacBook Pro.Re:But were they smart, or stupid? (Score:4, Insightful)
Re:But were they smart, or stupid? (Score:5, Insightful)
I hope you promptly yelled "WHAT THE FUCK IS WRONG WITH YOU?!" and slapped some sense into him.
Re:Vista (Score:4, Insightful)
Most people aren't going to have more than a hundred gigs or so of storage in their computer in the first place. Given a halfway-decent backup system -- one which uses hardlinks, as I mentioned before -- and yes, the OS might take half of the backup drive. It will not, however, need an additional half every incremental backup -- only every time the OS changes.
As most people aren't causing terabytes worth of change, it should be no problem to have many backups (as in, every day for the past few months) on a single, dirt-cheap external hard drive.
Re:But were they smart, or stupid? (Score:3, Insightful)
Backups require a chain of items to work correctly come restore time. You have to have something to read the backup media if its stored on CDs, DVDs, or tapes. You have to have the correct software and version of software. You also have to be able to get a dead machine in some state to be able to be restored, either by booting an OS or BartPE CD to start a restore, installing a temporary copy of the OS to recover over, or booting another instance of the OS from an external hard disk to restore to the original OS's volumes.
I have seen people backup religiously, test their stuff, then when disaster strikes, they find their trusty tape drive has a sync or timing problem, so all the tapes written on that tape drive only work on that drive and no other drives. I've seen other people backup religiously onto stacks of CD-Rs, only to discover that nobody makes the software that can read it come 5 years later, the backup software company is out of business that makes the software, and a copy of archival data is needed for tax reasons.
If you want to be sure of your backups, use more than one method of backing your stuff up. I know some companies who back up their production critical server data four ways, with two tape autochangers hanging off from each critical server. One backup is done over the network via Networker. The machines sport a local copy of Backup Exec with bare metal restore ability, and periodically dump themselves completely to the local library. Then, the database program backs itself up to its own tape library, and the tapes changed weekly and stored offsite (encrypted, of course). Finally, the database archive logs are saved to disk, and are copied via rsync to an offsite location every so often. This helps mitigate damage should in the future tape hardware become unavailable, or other bad stuff happen. Worst comes to worst, the offsite host with the archive logs can be made into a database server.
enlightened self-interest (Score:2, Insightful)
You started by playing around with the scripts that the real blackhats built and left lying around. Then one of them contacts you (Because he naturally left a call-home in your script and has been "keeping an eye on you" -- but not much of an eye. Don't kid yourself.) and suggests you help him collect a bot army.
Now you've learned how to get a bot army, and you have a small army of your own. Trouble is, small armies aren't profitable. So you start the moving from script-jockey (The blackhats don't want to insult you, so they don't call you kiddie to your face.) to script-remodeller. But you have to eat, so when your blackhat suggests you try a little extortion, it sounds interesting.
What he doesn't tell you is that he is leading you to run interference for him while he goes after bigger fish. He tells you how to get into some foreign bank and set up accounts that have a very ephemeral existence, then stands back and watches you, and waits for you to either prove you're on top of this game or get arrested.
In the meantime, the money you are sucking out of the economy is not available to do the kind of dev work you'd prefer.
You lose.
Intelligent?
Re:Oh please! We all know there aren't any REAL ba (Score:3, Insightful)
The main factor in Nigerian fraud, is that part of the Nigerian population that believe that God created cretins so they could be scammed. Not a very christian beliefe:
Yes its true, Christianity would stop Nigerian scams - send more missionaries
I can't help but notice that if you are correct, what might help them even more is not believing in silly propositions like "God" and "Christianity."
Re:But were they smart, or stupid? (Score:3, Insightful)
And do you also express your appreciation of Wikipedia by donating to the EFF?
Re:But were they smart, or stupid? (Score:2, Insightful)
Imagine the conversations at the water cooler: "yeah, I paid for it, and it worked. Sucks, but it's worth it."
Re:But were they smart, or stupid? (Score:3, Insightful)
Re:But were they smart, or stupid? (Score:3, Insightful)
Both at home and at work, I have better things to spend my hardware budget on than insuring that restoring a PC 2 years down the road will be slightly more convenient. Besides, the vast majority of Windows reinstalls that I do are a result of spyware infestations, not hardware failures. In that situation, I'm still reinstalling the OS regardless of how complete a backup I have on hand.
I tend to treat backups like I treat insurance. Their point is to make a disaster "survivable", not "painless". As long as I have the data backed up, I can deal with the OS and apps.