Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security IT

Ransomware Making a Comeback 202

Posted by timothy
from the please-send-money dept.
snydeq writes "Ransomware is back. After a hiatus of more than two years, a variant of the GpCode program has again been released, kidnapping victims' data and demanding $120 for its return, InfoWorld reports. 'Like the ransomware programs before it, GpCode encrypts a victim's files and then demands payment for the decryption key. The new version of GpCode — labeled GpCode.AX by security firm Kaspersky — comes with a bit more nastiness than previous attempts. The program overwrites files with the encrypted data, causing total loss of the original data, and uses stronger crypto algorithms — RSA-1024 and AES-256 — to scramble the information.'"
This discussion has been archived. No new comments can be posted.

Ransomware Making a Comeback

Comments Filter:
  • Backups (Score:5, Insightful)

    by coerciblegerm (1829798) on Friday December 03, 2010 @02:11AM (#34428324)
    Simple solution: Back up your data. In other news, make sure you patch software and operating system vulnerabilities and don't run executables from unknown sources.
    • Re: (Score:3, Insightful)

      by Rob Kaper (5960)

      And mark your existing backups read-only. Although that might require an OS which wouldn't run this malware anyway.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        If your backups are simply on the same machine that you're backing up, you're missing at least 1/2 the point.

        • Re:Backups (Score:5, Interesting)

          by txoof (553270) on Friday December 03, 2010 @03:11AM (#34428578) Homepage

          Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

          WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution. The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure. An external drive provides absolutely no protection from any kind of malicious attack or catastrophic disaster (flood, fire, theft). The only real backup solution is an off-site backup. Considering how cheap Amazon S3 [amazon.com] is, off-site backups are finally a real solution for the average person.

          Apple's Time Machine and Fly Back [flyback-project.org] is a step in the right direction, but without a real off-site backup solution kiss your data goodbye, because when it falls into a river of molten rock, man, it's gone.

          • Re:Backups (Score:5, Funny)

            by black_lbi (1107229) on Friday December 03, 2010 @03:20AM (#34428620)

            because when it falls into a river of molten rock, man, it's gone.

            Sounds like you learned that from experience. One of the cons of maintaining the data center for Sauron, huh? Hope the pay is good, at least.

          • Re:Backups (Score:5, Insightful)

            by Anonymous Coward on Friday December 03, 2010 @03:27AM (#34428638)

            I hate to break it to ya buddy, but accidental deletion and hardware failure make up 100% of my data loss causes. Shocking, I know. You see, some people actually do patch their software and ensure their OS is up to date, and some people don't run executables from strange places.

            Mounted, active storage is perfectly acceptable for backing up all but the absolute most critical of data.

            • I was going to say the same thing. In over 30 years of dealing with computers, my instances of data loss, sorted by frequency, are 1) Accidental deletion, 2) Hardware failure, 3) there is no #3. The closest I've come to data loss by malware is when I encrypted some data myself and lost the key. I've never had a 'catastrophic disaster', ever.

              When I was once responsible for a business computer network, of course we had tape backup and off-site storage, even for the fairly small operation we were. For my

            • You might not think that the archive of emails my wife and I sent each other the last ten years is critical, but it means enough to me that I have three offsite backups.
              • You might not think that the archive of emails my wife and I sent each other the last ten years is critical

                All the email my wife has ever sent or received is critical: just ask her (and she has been using email for more than 25 years).

            • Re: (Score:2, Insightful)

              by GameboyRMH (1153867)

              Always mounted? That won't save you from an rm -rf / (or would a mounted fsck make the files hard to recover without taking as long as wipe?) I'm assuming you're running a highly secure *nix OS because otherwise, you're asking for it.

              I back up my laptop, PDA(s), keychain flash drive, and my home server's boot drive to an encrypted disk on the server that's normally unmounted. As long as the box doesn't get broken into (good luck) and then someone does a dd -if /dev/urandom -of /dev/sdx it'll be safe. A ligh

          • Re:Backups (Score:5, Insightful)

            by wvmarle (1070040) on Friday December 03, 2010 @03:47AM (#34428698)
            My data set is about 40 GB (gzipped).

            Amazon et. al. while cheap and off-site and probably pretty secure would require encryption at least. I don't want unencrypted data there. Makes it a bit more cumbersome.

            The killer is going to be the upload. I've 2 Mbit up, uploading my data set to Amazon would saturate my pipe for about 55 hours straight. And that's a show stopper.

            I'm slowly looking for 64GB USB drives. They exist but the local shop has only 32 GB, so have to look further. That's a much easier solution than Amazon.

            • by txoof (553270)

              Jungledisk, one of several S3 clients, offers several encryption options. It's a pretty decent service but lacks robust logging.

              • by wvmarle (1070040)

                The primary show stopper for me is the upload speed. It's just too long. I had a quick look at it; Amazon is looking at the TB range for storage and the GB range for transfers. Most of the charges are for transfers, not for storage.

                When you have a 100 Mb pipe to the Internet, yes then it's getting interesting. 1 GB then takes you 1 1/2 minutes, instead of over an hour it takes for me. For your average home connection it's worse, for those people it's simply not an option. To me it seems mainly targeting mi

                • by aclarke (307017)
                  It seems to me that you're making far too big of a deal of the time to upload your files. I currently back up about 175GB to Amazon S3 via Jungledisk, and I only have a 600kbps uplink. Granted I did a lot of the initial backup from a client's office with a 10Mbps uplink, but that was also 3 years ago and I've been keeping the backup current from my home internet connection ever since.

                  Jungledisk uses differential copying, so once you have your original data up there it only needs to copy the changed par
                  • by wvmarle (1070040)

                    I understand what you do there. Two problems I have with it:

                    1) Data that is stored "out there" is to be encrypted, before it's sent out. Do updates work that way in the first place? You can not decrypt data while it's out - storing your decryption key out there with your data pretty much beats the purpose.

                    2) Archiving. I prefer to keep at least four monthly backups. So if one backup is broken likely the other three are still OK, and against accidental deletion that is found out about only much later.

                    • by aclarke (307017)
                      Jungledisk will encrypt your files on your computer, with your private key. Your private key never gets sent to Jungledisk, so I believe that answers your first concern.

                      I'm just not sure if Jungledisk can do differential updates when you're encrpyting your files. I am not using their latest products so I'm not sure. A lot of the data I'm storing is just my iPhoto library so I am not encrypting that. That's the only potential problem I see for you, if you are changing large files very often and the di
                    • by Skater (41976)
                      If I keep the private key, and my house burns down, aren't I then just as screwed as I would've been if I didn't have offsite backups in the first place? If I have another safe place to keep the key, why not just keep the backups there?
                    • by walshy007 (906710)

                      just make the key the md5sum or sha1sum or whatever of whichever bitlength you need of a common passphrase you will always remember.

                      You lose it you can recreate what it was on a new machine with common checksum tools.

                    • by Sancho (17056) *

                      The benefit of Jungledisk is that the backup is online. For very small amounts of data that won't change often (e.g. a key) you don't need to make backups as frequently, and you can use physical security to protect it. For example:

                      Store a copy of the key in a safety deposit box at your bank.

                      Or keep a copy on a USB drive that is on your person at all times.

                      Or come up with a scheme to regenerate your key.

                    • by aclarke (307017)
                      Do you honestly need someone to explain this to you?

                      1. You don't have store a private key. You store a passphrase. If you can't manage to remember a passphrase, see point #2.

                      2. It's easier to store a piece of paper with a private key somewhere than it is to store a rotating pile of hard drives. Duh.

                      3. For most people, it's easier to sign up for an online backup service than it is to find a friend to peer bandwidth with, set up sftp, rsync, cron, etc. It's also easier to use an online service th
                    • The private key can fit on a cheap usb thumb drive, or even a piece of paper. You can put a copies of your key in your safe-deposit box, at your friends' houses, at your relatives houses, at your work and home. The key doesn't change frequently, so you aren't driving around swapping media.

                • by Cato (8296)

                  Upload time is not a big deal - I have about 30 GB uploaded to Mozy, over a 0.5 Mbps upload link. The main thing is to ensure the upload doesn't completely hog your upstream bandwidth, and that subsequent backups use block-level incremental technology, so only the actual data changed is sent.

                  Mozy and other online backup services are very effective, in addition to a local full system image (ideally to another server not a USB hard drive.) A USB flash drive is not very useful for backup, as it's far too eas

            • by jimicus (737525)

              Virtually any respectable backup application will only ship changes up once the initial backup is complete. It'll saturate your pipe for a few days, but once it's one it's done. After that, it's really not too bad.

            • by Inda (580031)
              55 hours!?!?!? *heh*

              I remember downloading a metric ton of 1.44mb files back in 1998. 56k was fast back then and 55 hours to fill my expensive HDD was the norm.

              GOML.
            • 40Gig could be stored on a big USB stick (yeah, yeah, not really a good backup solution... spare me that). And that USB stick could be taken with you, so it won't get any more "offsite". If you should die in a fire, I guess the data loss (because your USB stick is dying in your pocket in the same fire) should be your least problem. :)

              • by wvmarle (1070040)

                Exactly, my idea too.

                I was more thinking of taking that stick back home, have four of them or so, and rotate. Losing office and home (about 10 km apart) at the same time is not likely.

            • The killer is going to be the upload. I've 2 Mbit up, uploading my data set to Amazon would saturate my pipe for about 55 hours straight. And that's a show stopper.

              Only for the initial upload. Where I work, we have about 10-12TB of data and do a full weekly backup to LTO3 tape over gigabit ethernet and fiber channel. It takes about 55-60 hours to run, which we live with, because we have to.

              Chances are, much of your 40GB isn't essential data. Don't back up your pr0n and mp3 collection, and just concentra

              • by wvmarle (1070040)

                Yes that is important data.

                Some 25 GB is my e-mail archive - about 8 years of mails, lots and lots of attachments. Some 5 GB personal photos. A little bit of software that I wrote. And the rest is my documentation (invoices, contracts, finances, etc).

                Oh and a bit for my ldap database with all my customer's and supplier's contact information, the /etc tree, and some other system bits to make re-install easier.

          • by Belial6 (794905)
            So, you want to lecture people on how bad it is to use a simple and inexpensive device to protect against 99.999% of the problems they might need a backup for? Instead you want them to send their data to Amazon over a network connection that may not be fast enough to even keep up with the data changes on their drives.

            It doesn't sound like you are doing them any favors.
          • Re:Backups (Score:5, Insightful)

            by ArsenneLupin (766289) on Friday December 03, 2010 @03:59AM (#34428750)

            Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

            You know, malware is not the only threat to data. There's also hard disk failures, and human error. "Always-mounted" external disks protect against both.

            WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution.

            ... and even if you are concerned about "always mounted" being vulnerable to malware, you can always keep your drive securely stashed away, and only connect it once a week to do your backup.

            The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure.

            Which is already quite useful. Even though we like to scoff at windows users, most malware is not interested in trashing user's data, and anti-virus programs still manage to catch most malware (if one is installed).

            ...or catastrophic disaster (flood, fire, theft).

            ... which are quite rare compared to the more usual failure modes (hard disk failures, or accidentally deleted the wrong files).

            Considering how cheap Amazon S3 [amazon.com] is, off-site backups are finally a real solution for the average person.

            You've got to trust Amazon to respect the privacy of your data.

            • Re:Backups (Score:5, Informative)

              by Cato (8296) on Friday December 03, 2010 @07:57AM (#34429602)

              Antiviruses catch only a declining percentage of malware, so you can't rely on them - see http://en.wikipedia.org/wiki/Antivirus_software#Effectiveness [wikipedia.org] which shows that even in 2007 the average percentage caught was about 50%. Various independent tests confirm this, particularly for zero-day viruses (i.e. you must rely on heuristics in the AV product, not signatures). In 2007, 23% of infected PCs had up to date antivirus: http://www.pandasecurity.com/infected_or_not/ [pandasecurity.com] and http://www.pandasecurity.com/infected_or_not/panda_security_research/ [pandasecurity.com]

              Even when there is coverage for a specific virus/trojan, highly polymorphic ones are often not caught - for example the Zeus banking trojan, which steals from bank accounts while hiding the illicit transactions and resulting balance from the user, is missed in 77% of cases - http://www.darkreading.com/security/article/220000718/index.html [darkreading.com]

          • by hairyfeet (841228)

            Actually I'm in one of the "test markets" for the new caps which will be 36GB for home and 76GB for business, so S3 won't be an option for anyone but businesses much longer. For my customers that need reliable backup on the cheap I actually recommend the WD Essentials, but I recommend TWO drives, one for home and one for work. Once a week they switch them, so at the absolute worst they are looking at a two week loss max instead of a complete loss.

            As much as I'd like to be able to have backups all sent to

            • by txoof (553270)

              Any realistically reliable backup process for home users can't depend on the user doing something daily/weekly such as swapping media. That's a realistic option for people that are very process oriented, or for a business situation where it's your job to swap media. For home users, it's unrealistic to expect people to swap media when they're hardly motivated to install regular system updates.

              A solution that maintains its self and is off site is by far the best option. As far as the complaints about slow

          • If your PC gets stolen or destroyed and you have a backup on an external hard drive that is stored safely off-site, how are you not protected?

          • My brother bought a large external hard disk and moved all of his data on to it in order to re-format his computer. He then stood up, walked away from his desk, caught the cable around his foot and launched the disk at the opposite wall. Bye bye data.

          • by Bert64 (520050)

            The problem with remote backup, is the bandwidth requirements...
            Most home users have extremely poor upstream connectivity, so uploading all your data to a remote server is not a terribly practical idea.

            I use an external (wireless) networked drive to backup my laptop, so whenever i'm at home it gets backed up automatically... This has saved me from hardware failure and would potentially save me from theft if someone stole my laptop (they are less likely to find the wireless drive which is hidden away in the

          • Most of "real life" data loss is due to, you guessed it, accidental deletion and hardware breakdown. At least in my experience. Granted, it's been a while since I was employed as helpdesk, but there has not been a single case of malicious deletion, malware related data corruption or other intentional data tampering that would have affected locally accessible and write enabled backups.

            Of course offsite backups and the like are important for companies who would be very liable for it if their data was gone. Th

          • The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure.

            Fortunately these are by FAR the most common data loss ailments that will hit your average clueless user. Off-site is just overkill for most. Fire is not something that most people experience in their lives. A hard disk crash, however, is. And accidental deletion most certainly is.

          • by sco08y (615665)

            Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

            WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution. The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure. An external drive provides absolutely no protection from any kind of malicious attack or catastrophic disaster (flood, fire, theft). The only real backup solution is an off-site backup. Considering how cheap Amazon S3 [amazon.com] is, off-site backups are finally a real solution for the average person.

            Apple's Time Machine and Fly Back [flyback-project.org] is a step in the right direction, but without a real off-site backup solution kiss your data goodbye, because when it falls into a river of molten rock, man, it's gone.

            They're cheap enough to buy several of them and swap them out periodically.

            If you have enough crap to justify using public storage, it makes a lot of sense. And, frankly, no amount of encryption can beat simply not transmitting that data.

          • CrashPlan is excellent. $50/year for one computer and unlimited space, indefinitely-kept versioning and deleted files, and a daemon that runs in the background all the time, with a separate GUI frontend.

            I wish there were a referral plan so I could get something from this plug, but as of now, there's not. :/ haha Anyway, check it out. For a long time I used Duplicity to a web hosting account, but CrashPlan is easier and more reliable.

          • Local mounted backups are definitely suboptimal; but they do protect against single drive death and nonmalicious accidental deletion, which are two major categories of threat, at essentially nominal cost. Any idiot who thinks in some simple binary "safe"/"unsafe" terms has it coming when something nukes every local drive; but that is rather rarer than having a single drive catch a nasty case of being horribly dead.

            In any case, unless Joe average wants to enter a password and/or RSA token code every few h
          • Considering how cheap Amazon S3 is, off-site backups are finally a real solution for the average person.

            Wow, how do you figure that cheap? Am I missing something? From the calculator on their site it looks like making a 250GB backup would cost you ~$50 the first month, and then ~$25 thereafter (assuming you could do an rsync style backup and your data doesn't change much).

            And you ever need to get that 250GB back, it's gonna cost you $40 just to download it!

            No thanks. For the cost of one month of service I could buy a TB drive and do it myself

          • by nomadic (141991)
            The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure

            You mean the two most overwhelmingly common ways people lose data they need?
      • by mcgrew (92797) *

        And mark your existing backups read-only. Although that might require an OS which wouldn't run this malware anyway.

        Oh, you can easily mark files read-only in Windows, always could. The trouble is, it's as easy for malware to re-mark them as read-enabled. As others have said, keep both onsite and offsite backups.

    • by wvmarle (1070040)

      Exactly.

      It makes me wonder how come this kind of scams still work, I mean everyone is backing up their data on off-line media, right? Right? Oh, wait...

  • You sure have some nice data here. Would be a shame if something were to happen to it now wouldn't it?
  • Encryption (Score:4, Funny)

    by flyingfsck (986395) on Friday December 03, 2010 @02:26AM (#34428400)
    All my data is already encrypted you insensitive clod!
    • But we'll encrypt it again for you! For free!

      (What's really scary is that I am tempted now to write ransomware that displays that and an "I agree" button, and only actually encrypts and locks the user out if he clicks that "I agree" button. Just to see how many morons will fall for it)

  • by Anonymous Coward on Friday December 03, 2010 @02:28AM (#34428408)

    I remember back when I was running MSDOS 5, and at first Bootup it cut to a screen with a Slot Machine that said it was a Virus holding my MBR and File Allocation Table ransom until I get such and such combination after I pull the Arm. It also said if I tried to turn-off the computer, then all my data is already gone unless I got the sequence in this game to restore my MBR and FAT.

    Needless to say, I left the computer on all day and drove to my grandmother's Insanitarium/Old-Folk's home and said I didn't come visit these past 10 years because I've always given her bad luck and now I need her more than ever. She stopped taking her pills, said goodbye to the trees and bushes and pigeons as I walked her to my car, and upon arriving at my desk she knew exactly what to do: she pulled-out her vile of lipstick, puckered some on her mouth, and gave the computer screen a kiss. She was insane again.

    Fuck you Slot Machine! I pulled the Arm, and I won back my MBR and FAT. I told my grandmother she could walk back home, and so I gave her $10 to buy some cigarettes and lunch, and I and her Retired-Living Facility have never seen her since.

  • Kaspersky might have labeled it, but only running AVG ensures there's no chance of catching it ;)

  • by Weaselmancer (533834) on Friday December 03, 2010 @02:35AM (#34428436)

    The whole point of these malware authors is to ransom data for cash, right?

    How the hell do they get paid? And if that is an answerable question, that brings question number two.

    Why the hell can't the law find them?

    There would be a money trail of some sort. The money has to go from victim to the criminal. That is traceable.

    Isn't this really just a gigantic "kick me" sign?

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If the money ends up going to a country like Somalia what are you going to do?

      Ask for the Somali government's help to get your 100 bucks back?

      Good luck with that.

      • by wvmarle (1070040)

        How are you going to make a payment to Somalia?

        I doubt they have a working banking system.

        Making overseas payments of such small amounts is anyway an issue: bank charges can literally make half that amount disappear en route.

        • While Western Union doesn't cover Somalia, it does cover practically everywhere else. Nigeria (or most of sub-Saharan Africa for that matter) is a good place to get lost.

      • by ultranova (717540)

        If the money ends up going to a country like Somalia what are you going to do?

        Talk the RIAA into funding a full-scale invasion of Somalia? They're all pirates, you know :).

    • Just an example method of payment, there are exchanges from PayPal US$ to BitCoin [slashdot.org] (and back). It would be easy enough to set this up to ask for credit card details and automate the payment, funds could then be converted back into real money (anonymously) at a later date.

      Although I doubt that they are smart enough to do this.

    • by ArsenneLupin (766289) on Friday December 03, 2010 @04:02AM (#34428758)

      How the hell do they get paid?

      ... and this is the Achilles heel of just about every ransom ploy. Most kidnappings for ransom fail at the "money handover" stage.

    • by QuantumG (50515) *

      suckers. Usually there's money mules who transfer the money around.. sometimes they're given the job of buying goods and sending those goods to someone else who sells them, etc, etc. It's all traditional money laundering techniques being done by "work from home" saps.

    • by will_die (586523)
      Since they are not asking for a cash drop there are plenty of ways. For simple ways Western Union or just a standard bank transfer or wire. They are ususally in a different country and for low amounts of money so you have problems getting police involved. Then if you look at the email scammers and see how many of them make money you see that alot of people will just send in the money and not call the police about it.
      • by aix tom (902140)

        I could imagine (but I usually over-estimate peoples intelligence) that the virus might also look for the presence of the right content.

        Someone might be reluctant to go to the police with "Officer, Officer, someone encrypted my 100MB of important business data and my 600GB collection of pirated movies and illegal stuff!!!!!"

    • by imsabbel (611519)

      I can tell you an example: I was victim to credit card fraud a couple of years ago (I think it was skimmed at a parking lot acception credit cards as a pass).

      I went to the police after an unautorized payment was made.
      They came back to me a few months later with what happened: Somebody in Germany got the credit card data from somebody in california to buy stuff to be delivered to moscow (1 Playstation and a Gameboy). I never understood how such an tranaction was accepted for payment with credit card...). The

    • by Bert64 (520050)

      Criminal gangs often have mules to collect and launder money for them, these mules are often unsuspecting victims of scams too.

      The criminals behind the scams are also often located in countries with very lax law enforcement that either doesn't care about the crimes taking place, or only care that they get their bribes from the criminals.

  • by Skellbasher (896203) on Friday December 03, 2010 @02:47AM (#34428492)
    Fortinet did an analysis of this. http://blog.fortinet.com/all-your-drives-are-belong-to-us/ [fortinet.com] It simply backs up the partiton table and rewrites the MBR. It's fixable without paying the ransom.
    • by SuperKendall (25149) on Friday December 03, 2010 @03:04AM (#34428548)

      I'd feel a little better about the proposed solution (let a disk utility recover the partitions) if they had actually tried a disk utility to see if it could in fact find the partitions and restore them. It does seem like it should work... and copying that thing back by hand is not a task I'd take on lightly with anyone's data but my own.

      Also wouldn't the thing that messed up the MBR in the first place still be in your Windows installation? I didn't see that they tried to boot from that drive after repairing the MBR. It could be the ransomware is just waiting for you to reboot and will do something nasty if you've not entered the password. It seems like even after a recovery you should take the drive to a different system and back it up immediately before you tried to boot from it again, but they do not mention that.

    • by PatPending (953482) on Friday December 03, 2010 @03:07AM (#34428572)
      Funny how these crooks can write ransomware but they can't count to three: 1) 2) 2) [fortinet.com]
      • And the LORD spoke, saying, "First shalt thou take out the Holy Pin, then shalt thou count to three, no more, no less. Three shall be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out. Once the number three, being the third number, be reached, then lobbest thou thy Holy Hand Grenade of Antioch towards thy foe, who being naughty in My sight, shall snuff it." Amen

      • by sco08y (615665)

        Funny how these crooks can write ransomware but they can't count to three: 1) 2) 2) [fortinet.com]

        You've obviously never interviewed people for a programming position.

      • As one of my programming teachers said in one of our first classes "it doesn't matter if you spell things correctly, only that you misspell them consistently."
    • by jonwil (467024)

      TFA says its a new varient of this virus (which means it may actually encrypt the data)

    • Kaspersky's Kamluk says that "Pushing [the] reset/power button on your desktop may save a significant amount of your valuable data!"

      Such insightful precautions from teh [sic] professionals! Their advice goes completely against the fact that no data is encrypted.

      Reading and writing a 512 byte MBR obviously takes less time than encrypting all your user documents. That is smaller than the size of a new, blank word doc (in the new compressed .docx format!)

      Nobody would hit that power button fast enough.

  • by kasperd (592156) on Friday December 03, 2010 @04:16AM (#34428798) Homepage Journal
    Who would actually trust those people to give access to the data after receiving payment? What is the most profitable thing to do after somebody have paid? Give them their data back or demand more money. Granted, very few people would be stupid enough to pay twice. But even if one person would fall for that, it would mean more money to them. And people are more likely to pay more money if they can make it look like the sucker was just unlucky and they didn't intentionally fail to give the data back. For example make the browser crash at the point where it "should" have shown the password.
    • by Opportunist (166417) on Friday December 03, 2010 @06:54AM (#34429352)

      Unless word gets out that you don't get your data back after paying.

      And this is the internet. The first thing people will do after this happens is painting it all across facebook and twitter.

      • And this is the internet. The first thing people will do after this happens is painting it all across facebook and twitter.

        This con has been widely known for many years. It still works.

    • by amn108 (1231606)

      Not fully correct - if they refuse to decrypt your PC even after you pay them, you tell everybody who would listen, if even out of frustration, that paying for virus X does not help, leading to the criminals having no trust from their victims. And nobody likes to pay $120 for nothing, so they will most likely loose potential revenue from their scheme. When people pay, they expect something in return (that's what paying means) - if they don't get anything, they tell other people and it matters little whether

  • I have an uneasy feeling about Kaspersky in all sorts of situations, including this one. Just saying that the 3 ways to gain from this activity is either to be building the virus or to be building and selling the antivirus.

    The third possibility is left to the imagination and that's the one that makes me uneasy.

    • by mrjb (547783)
      I authored a moderately successful anti-virus program and am bothered by the reasoning that basically accuses AV authors of writing viruses. Stop it, please.

      Seriously- how many viruses are out there again? Tens of thousands? Do you *really* think writing one more virus is going to have a measurable (positive) impact on anti-virus sales?

      On the other hand, if Kaspersky or McAfee would be writing viruses and they were found out, what do you think that would do to their reputation? How many people do you t
  • For 90% of victims changing the file name would be adequate "encryption". Simpler yet would be to just delete the files, collect $120 for returning them, and move on to the next victim. After all, these people have already demonstrated their stupidity by downloading the malware in the first place.

  • Will any makes of Ransomware try to use the DMCA to force you to pay?

    Or maybe even on the fake AV apps may try that some day.

  • Imagine if a semi-legtimate company did this. Would they be legally allowed to do it if the EULA said they would?

If it happens once, it's a bug. If it happens twice, it's a feature. If it happens more than twice, it's a design philosophy.

Working...