Writer: How My Mom Got Hacked 463
HughPickens.com writes Alina Simone writes in the NYT that her mother received a ransom note on the Tuesday before Thanksgiving.."Your files are encrypted," it announced. "To get the key to decrypt files you have to pay 500 USD." If she failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data would be lost forever. "By the time my mom called to ask for my help, it was already Day 6 and the clock was ticking," writes Simone. "My father had already spent all week trying to convince her that losing six months of files wasn't the end of the world (she had last backed up her computer in May). It was pointless to argue with her. She had thought through all of her options; she wanted to pay." Simone found that it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them and so she eventually helped her mother through the process of making a cash deposit to the Bitcoin "wallet" provided by her ransomers and she was able to decrypt her files. "From what we can tell, they almost always honor what they say because they want word to get around that they're trustworthy criminals who'll give you your files back," says Chester Wisniewski.
The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of "a very mature, well-oiled capitalist machine" says Wisniewski. "I think they like the idea they don't have to pretend they're not criminals. By using the fact that they're criminals to scare you, it's just a lot easier on them."
The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of "a very mature, well-oiled capitalist machine" says Wisniewski. "I think they like the idea they don't have to pretend they're not criminals. By using the fact that they're criminals to scare you, it's just a lot easier on them."
Don't pay, you idiots! (Score:3, Insightful)
When will people learn not to give in to extortion? The criminals want word to get around that they're trustworthy? How about we want word to get around that there's no point in extorting money because people don't pay up!
Backup your data, and rent "Ransom".
And I fully agree with the sentiment (Score:5, Interesting)
Once you're in their jaws, I suspect that your feelings may vary - and not as if any of us are going to reward her for towing the unified line
Actually, that's maybe the solution - you cough up your own cash to reward those that "say no to extortion" - It's not a massive leap, the majority of our governments already do this with our taxes already. Sure, it costs more in the long run (those SAS/SEAL raids where everybody ends up dead and poorer) - but it's nice to take a principled stand in the abstract (when your loved one isn't going to die as a hostage, nor as a soldier sent to rescue them).
The French - they mainly just seem to pay up, and walk away with their hostages unharmed.
Now I'm sure there may be some objections to this (I've got some myself) - but our governments seem to have managed to overlook their scruples and the urge to teach lessons when a few banks asked for a bit of cash (or we'd have all descended into anarchy, seemingly).
My point, I'm not sure. It's vaguely around the point that we don't 'pay when extorted' - and yet we all pretty much do. What's interesting is the type of extortion your government buckles and pays for.
Re:And I fully agree with the sentiment (Score:5, Interesting)
It is clearly better for society if you don't pay up, or if nobody pays up. However, it is better for you if you pay up. As a result, society will create and try to enforce rules that are better for everyone, when it is better for each individual to break these rules.
So maybe it is better if you (a) pay up the money, and (b) if you ever find the identity of a hacker hurting people pay someone to give them a good beating.
Hey Fucktard (Score:4, Insightful)
You should have lied. You should have written that they just stole the $500. Now, see, everybody who gets hit by them and saw your article will also feel compelled to pay them.
Re: (Score:2)
You need an -ism to describe privately owned means of destruction.
Re: Hey Fucktard (Score:3)
I believe the "capitalist" comment refers to the criminals testing the market and determining the ideal price-point for their "product." Pricing your product to maximize return (optimal points on supply and demand curves and all that) is something that happens in free markets, and is generally associated with capitalist systems.
The crime isn't capitalist. The approach to determining the optimal price is.
Yeah... (Score:5, Funny)
Your Mom's system was wide open. Every hacker I know has been in there.
Comment removed (Score:5, Insightful)
Re: (Score:2)
Is there some straightforward way to give a Windows backup program a different user/priority, so that the backup files it generates can only be accessed/modified by itself? That way a rogue virus or even user stupidity cannot delete or encrypt the backups. It know how to do this with Unix, but my Windows-fu is not as strong.
Yes I know keeping an offline backup is best, but we're talking about my mom an
Re: (Score:2)
Backup to Dropbox would probably be acceptable.
It keeps the prior versions of files for the last 30 days, and AFAIK the API does not expose the ability to delete them.
Mum's computer (well, aside from running Ubuntu) is set to make a weekly incremental backup to a cloud folder.
Re:CryptoWall (Score:4, Informative)
Is there some straightforward way to give a Windows backup program a different user/priority, so that the backup files it generates can only be accessed/modified by itself? That way a rogue virus or even user stupidity cannot delete or encrypt the backups. It know how to do this with Unix, but my Windows-fu is not as strong.
Create a task in task scheduler and you can say what account to run it as, there are also GUI (shift-rightclick an exe) or CLI (runas command) options. Just make sure that the destination isn't also writable by your regular user. Make sure you have incremental backup and not just a full backup/synchronization though, otherwise you'll just overwrite the good versions with encrypted bad versions, you need to be able to go back in history and get a good version from before you were infected. Of course you are just a local escalation exploit away from that being hosed as well, for real security the only way to delete backups should be from the backup system.
Re: (Score:2)
Sounds like just what I need in reserve for a plausible reason my drive died when getting an RIAA demand. It it's more than 2 weeks to a trial, Right?
As a bonus I would hope they infect themselves too.
No need to mention the offline backup..
Re: (Score:2)
Or like me, have my fileserver a Linux system with the SMB shares on ZFS and have scripted hourly backups. Took me all of 20 minutes to recover. 16 minutes to figure out how far back to roll each share, 1 minute to look up the ZFS rollback command and 4 more minutes to commit all the rollback on all the affected shares.
Re: (Score:3)
Cryptowall encrypts the data it has access to. It does not need admin rights to do shitloads of damage. This means that Cryptowall could work just as well under Linux / MacOS or any other OS out there.
Re: (Score:2)
That's like saying: "Oh, H5N1 is only dangerous to birds, we mammals don't need to worry at all."
The mechanisms of Cryptowall work under any OS. Stupid answer of yours. Oh, well, you are an Anonymous Coward after all.
Re:people are idiots (Score:4, Informative)
The mechanisms of Cryptowall work under any OS.
Except, as the AC said, it doesn't presently work under OS X. I've been reading for 20+ years how "Macs are just as vulnerable as Windows," and yet, somehow, that malware parity never seems to happen. Sure, every now and then there's a headline about Mac malware, but when you read the article it's either a theoretical vulnerability or, at worst, something that happened to a handful of people. You can claim it's because malware authors don't want to bother with Macs or whatever, but the end result is the same: Windows users are always dealing with more malware than Mac users, and, I'll bet, always will. So the modded-down-to-oblivion poster above is not wrong: getting a Mac would have prevented this attack, and many others.
Re:people are idiots (Score:4, Interesting)
I've been reading for 20+ years how "Macs are just as vulnerable as Windows," and yet, somehow, that malware parity never seems to happen. Sure, every now and then there's a headline about Mac malware, but when you read the article it's either a theoretical vulnerability or, at worst, something that happened to a handful of people.
I've been reading for 20+ years about these things called Macs that are far safer than Windows, and yet, somehow, nobody actually uses them.
Thieves will always go for max reward for minimum risk. Sure, they hit lots of mom and pop computers running Windows, but I imagine the real money is in medium-sized businesses. How many organizations do you know that could be persuaded to maybe pay a $300k ransom but they store all that data on OSX, or even on Linux?
If medium-sized companies tended to run OSX, you'd see Cryptolocker for OSX. No, you won't see it anytime soon, because those businesses aren't going to switch to OSX anytime soon.
From an OS security standpoint, there really isn't anything in OSX or Linux that would prevent something from Cryptolocker from working. Neither does security beyond the user-level by default, and typically the browser (which is what tends to get exploited) has access to all user data.
Yep, the magic of a well designed computer. (Score:3)
The Mac would have warned the hell out of you about running unsigned code downloaded from the Internet--you have to jump through several hoops (no just click & go). Mac Applications on the App Store are vetted and run sandboxed and users are naturally wary of any Application that isn't downloaded from the App Store--it's just not part of the Mac culture (even for nontechnical users) to click on random crap.
There are trivial backup solutions for Mac (Time Machine + Time Capsule/NAS, or iCloud) which make
What's the new hole? (Score:2)
Take your average computer worm, add this profitable payload, and this makes the bad guys rich. How does this work? What exploit are they using to install the payload?
Re: What's the new hole? (Score:2, Insightful)
Ads. Block them.
Re:What's the new hole? (Score:5, Insightful)
Take your average computer worm, add this profitable payload, and this makes the bad guys rich. How does this work? What exploit are they using to install the payload?
First she probably used WindowsXP which has dozens of unpatched vulnerabilities which will never be patched since it is EOL. XP has no concept of user priveldges outside of programs so all services run as admin for everything. Drivers too can run as hardware and it has no ASLR or ram scrambling to prevent overflow attacks or stack smashing.
Secibd flash with ads and java is how these infections get in. Websites these days have over 20 ads for each tab. Hack a not stellar non Google Ad network and put a flash ad with a buffer overflow. Boom page loads and you are 0wned.
Best AV advise today is to run Adware. Even IE has support for this now! It may screw small websites but these webmasters do not respect a users security at all PERIOD. I use Java for Android and Teamviewer so I disabled the browser plug in. I also use NortonDNS which will filter out bad domains too and it is free to setup for any pc or router.
Do these and you eliminate 90% of infections. Oh and of course I use a standard user account. I have that and an admin account which is occasionally annoying with UAC but this helps and puts in another layer of security as now the payload will need to bypass this.
Re: (Score:3)
Why does the payload need admin privileges to encrypt your files? Unless your account only has read access to your data, but that would be very cumbersome.
Re:What's the new hole? (Score:4, Informative)
Why does the payload need admin privileges to encrypt your files? Unless your account only has read access to your data, but that would be very cumbersome.
It needs admin privileges to clobber VSS.
Re: (Score:2)
I agree with most everything you said but:
This one is a furphy. The ransomware runs as a low-privilege process, and encrypts your data files - which are exactly the ones your standard user account has access to overwrite. Yes, your system is protected from overwriting critical system files,
Re: (Score:3)
It deletes volume shadow copies and modifies startup to run. It would some administrative access
Re:What's the new hole? (Score:5, Interesting)
Best advice is GET THE HELL OFF WINDOWS!! I have a thriving little business upgrading people who are still on XP over to either XUbuntu or Mint. I've gotten calls after an upgrade with the user saying "I got this weird error when I open this email", and it turned out that the user had an email with the Cryptolocker vector, and the odd error was the malware *trying* (and failing) to encrypt files on an ext4 filesystem... At this point in time, THAT aint happening....
Re:What's the new hole? (Score:5, Interesting)
So, the only thing between Cryptolocker and your user's files was the FILESYSTEM? And you think the problem was the OS?
Seriously, this thing was actually running on your Linux distribution (as you yourself admit) and the only thing that saved you was that it wasn't (yet) adapted to the filesystem. So, pray tell, how is Linux the magical mystery sauce which saves the day?
Re: (Score:2)
First she probably used WindowsXP which has dozens of unpatched vulnerabilities which will never be patched since it is EOL. XP has no concept of user priveldges outside of programs so all services run as admin for everything. Drivers too can run as hardware and it has no ASLR or ram scrambling to prevent overflow attacks or stack smashing.
Most home users are being exploited by social engineering rather than defects in the operating system.
Locking down PCs, reducing privileges, "attack surfaces"..etc is worthwhile yet default even with XP is a stealth mode firewall where very little of this shit even matters to external adversaries home users face. Various software and hardware memory guards to prevent exploitation of software defects continually demonstrate themselves to be insufficient even in latest versions of windows. While escalation
Muscleman says: (Score:2)
Business-minded criminals (Score:2, Interesting)
I found it interesting that these criminals made a point of honouring their promise to provide the tools to decrypt the encrypted data.
At first, this didn't make sense to me. They are criminals; why do they have to honour anything?
But thinking about it some more, it works in their favour. Say I am a desperate person looking to get my files back, and I ask around if anyone has had any success with paying the ransom. If get responses saying "yes", then of course I am more likely to pay too, and this works in
Re: (Score:3, Interesting)
You know if it was someone sick and is in dire need of an expensive procedure we would call these guys jobs creators or insurance professionals. If it is a computer it is a criminal. If it is a banker well it is just the free market working and it is the savers fault for etc.
The difference between the 2 is not much. When I was out of a job for awhile my family pressured me to work for a payday company. I refused to rip people off 200% interest. I have my integrity and ethics. True integrity not great as I d
Re: (Score:2)
It's not fair to compare payday lenders to these guys.
Payday lenders don't get you into the debt that brings you to their doors, even if you feel that they are taking advantage of your situation.
Re: (Score:2)
So what? The fact that they're charging you usurious interest rates makes them criminals.
If they were not charging usurious rates, then you have a point.
Re: (Score:2)
So hacking PC, encrypting files and blackmailing you into paying 19.99$ for decryption key would be ok and only bad thing Cryptowall guys have done is charge too much?
You example is off. It would be a lot more proper if you could remove Cryptowall by going to normal PC help shop and they would charge $1000 for that. Then you can compare then to usury moneylenders. But it is nasty, maybe even evil, but not criminal. Hacking people or stealing all their money so they have to borrow is.
Re: (Score:2)
The difference between the 2 is not much.
The difference is that the insurance companies aren't the ones infecting you with a sickness in the first place. I know there's a joke in there somewhere, but in all seriousness, that is the
Re: (Score:2)
not if the doctor was the one who gave you the illness.
Re: (Score:2)
My point is it's not the doctor getting someone sick. It is sone one taking advantage ... actually many parties all colluding because what is your life is worth? Break an arm? Hmm it is coded now as a surgery so that casts that was $200 is billed $2000! Not your problem? Oh my insurance past the cost onto in a higher premium oh and enjoy those high taxes as thry bill medicaid too. Hospital president buys a Lamborghini for being so smart with his bonus! But a poor Mom using food stamps? Socialism hang her!
B
Re: (Score:3)
Actually, many people get infections while in the hospital due to poor cleanliness and they are charged the full rate for treatment. Should they die of it, it is called a 'complication'.
Re: (Score:2)
They sold her the decryption key and got yet another satisfied customer... next up is them rebating her some money back for their "Victim get a Victim" refferal program.
Now THAT would be interesting (Score:5, Interesting)
next up is them rebating her some money back for their "Victim get a Victim" refferal program.
You could easily imagine something like this being the next step, having them say "We'll decrypt your files for $500, but if you send this attachment to ten friends you can decrypt for $250".
You could easily see that working really, really well... and creating a massive increase in infection.
Re: (Score:2)
OMG, I think I just wrote a "Skilling"... somebody get Emelt on this story.
The Government is NOT here to help you... (Score:5, Interesting)
This is exactly the sort of crime that the government should be able to solve, there are so many fingerprints left, double that with the bitcoins (which aren't actually anonymous).
Granted, the $500 itself might not be worth much attention, but over and over and it adds up to a lot.
Plus this is the sort of nonsense that your government is supposed to do something about. If not stopped now, the problem just grows.
These criminals do this because there is low risk of getting caught and if caught, the punishment isn't likely to be high.
If I were in charge, I'd task the NSA with catching them, then publicly execute them on TV. While some people will say, "oh, that is overkill and not fair", I'd say, "yea, but it sure will give these criminals pause in the future, won't it?"
Re:The Government is NOT here to help you... (Score:5, Insightful)
This is pretty much the very definition of international organized crime. And it is affecting way more Americans than "terrorism".
The action of the government on this issue shows that the government is more interested in what terrorism can do for the military industrial complex than what the government can do for you.
Re: (Score:2)
The action of the government on this issue shows that the government is more interested in what terrorism can do for the military industrial complex than what the government can do for you.
It's more prosaic than this. Fighting this isn't 'cool' like the military, it's not life threatening, etc.... It's criminals, and they're generally operating out of a sympathetic country. :(
I'd love to catch their asses and prosecute them, and odds are it'll happen sooner or later.
Re: (Score:2)
This is pretty much the very definition of international organized crime. And it is affecting way more Americans than "terrorism".
Amen...
The action of the government on this issue shows that the government is more interested in what terrorism can do for the military industrial complex than what the government can do for you.
^ Truth... catching these guys isn't likely expensive or profitable for some big company, I hate to admit it, but I agree with an AC! :)
Re: (Score:2)
Not it won't.Public executions don't work. Don't take my word for it. Look it up and learn something.
You don't think so?
The threat of punishment sure keeps me paying my taxes...
Granted, I'm not likely to be publicly executed for it, but I don't want to go to jail.
I think the bigger problem is that we have way too much middle ground. Either someone doing something "wrong" is going to change their behavior or they are not.
If these criminals were caught, are they going to stop hacking and stealing? If not, then kill them, they aren't worth the food and air used to keep them alive. If they are, then fair en
Re: (Score:3)
I'll say that it is not because you worry that you will be executed but that you will lose your possessions / job / freedom. Once you've bought into the system then the system has ways to keep you invested.
Once you leave the system then the punishments don't matter.
Yeah. Although I see it as whether they have the option to join the system again. If they're paying
Re: (Score:2)
In US, one person on 100 is in jail.
That is sad, isn't it?
And it is largely due to our stupid drug laws, and if you look at the percentages in prison, they are not evenly distributed among our races...
Re: (Score:3)
Re: (Score:2)
Not it won't.Public executions don't work. Don't take my word for it. Look it up and learn something.
They don't?
How many public protests do you have in US as compared to North Korea?
How many cartoon satires/blasphemy books do you have on Muhammad compared to Jesus/Pope/Budda/etc?
How common adultery and divorces are in western countries compared to Afgani tribes?
And during big wars in the history, how do you think they would look like if desertion would not be penalized with death? Disobeying direct orders from officer on the field of battle?
Public executions work, if done on proper scale. You are probably
Re: (Score:3)
Win/Lose (Score:4, Interesting)
Our company also got hacked. Management sent everyone home, restored from backups. Then we spent a bunch of time figuring out what files were modified in the last 36 hours, and redoing that work over. Note that the hackers target only certain file types, eg. .doc, and .pdf, but not .xls, so were talking mostly about documentation. Unfortunately, our PC's are now limping along because the virus scanner is running all the time now, and so chews up resources.
Our company is Windows-centric for everything except code development (which is Linux using a VM under Windows), and this is a clear example of why Linux is more secure than Windows. Not necessarily inherently, but because Windows desktops are the "mainstream". And hackers target the mainstream!
To wit, I switched to Windows for a year, but subsequently, every search I did to fix Windows problems required putting "Windows" in the search box. This inevitably led to ever more heinously cunning hacker/virus/spyware results which had to be waded through. Try as you might to avoid them, eventually one of them ends up getting you. It ends up being about as much fun as a potato-sack race through a mine-field.
Re: (Score:3)
Windows Penalty = Start Over (Score:2)
Pick anything but Windows!
The real lesson should be... (Score:3)
Re: (Score:3)
And to a system not directly mounted as user accessible files, or they'll encrypt your backups too.
So you want a network storage server specifically configured to only permit create and append, but not delete.
Re:The real lesson should be... (Score:4, Insightful)
... set up an automatic backup system for all your systems, now. Every system on your network should back itself up automatically daily, not only for this possibility but for all of the platform-agnostic ones such as hardware failure.
For me takeaway was regular manual backups to offline storage is important.
When malware has the ability to jump ship to network resources my guess very few "automatic" solutions deployed today are capable of denying remote commands to delete or overwrite online backups. Even offsite "cloud" solutions almost always include remote administrative capability that would have the affect of rendering backup medium worthless.
Strategy (Score:5, Insightful)
That being said, as soon as I would get the encryption key and get my files back, I would post everywhere that the hackers did NOT give me the key after I paid the $500.
It's kind of like game theory. If enough people do the same, then fewer people would actually pay up, or the price would drop lower, thus proving an advantage for the victims.
Posting in the damn NYT that the hackers are true to their word assures that they have credibility, and just torpedoes the strategy above. In the same way that it's valuable for them to get the word out that they are (kinda) honest, it would be valuable for the victims to get the word out that they are crooked. Being the marketing and pricing geniuses they seem to be, they would surely lower the price if they had bad publicity. So in the name of future victims, I would like to sarcastically thank you Alina for giving those fuckers ammo. They'll probably raise their price now.
Sad that this is even a problem (Score:5, Insightful)
Re: (Score:3)
I feel bad for the victims of these vile bastards, but at the same time I think that if that doesn't get them into the habit of regularly backing up their files, then NOTHING will.
I was thinking this was an ingenious technique for educating the public on how to use BitCoin to pay for things. I think BitCoin has finally found its "killer app"... :^/
Re: (Score:3)
Agreed... but far easier said than done. Like secure e-mail or messaging, mature straight-forward backup solutions just don't exist.
My company was hacked with cryptoware, and thanks to automatic backups we only lost a day or two of data. But that's because we have staff and resources dedicated to taking care of these things.
How's mom and pop gonna do this? Macs have Time Machine, but even that requires an external drive for that single purpose. When buying a laptop or desktop, the average Joe, student,
This is why Time Machine is such a boon... (Score:4, Interesting)
This is the thing that makes Time Machine such a great asset to the Mac for non-technical users. The Mac in theory is not that much less hackable, but an attacker (a) will generally not be able to encrypt all the files in the system, only ones for that user and (b) the user will simply be able to go back through the TM backup and recover un-encrypted files.
I think TM plays a really a big part in the Mac still not having many (any?) exploits in the wild, because easiest ways to extract money, Mac users are protected against.
Other systems do not make versioned backup easy (Score:5, Interesting)
you say that as if the other major operating systems didn't have that feature for years
Come on, I am not saying that in any way. I'm saying that Time Machine is a system that really is so easy to enable that real, nontechnical people ACTUALLY USE IT, and that the features it has makes malware like this a non-starter.
Yes, all of us technical folk have been using various things to backup stuff forever. But Time Machine brings versioned backup to the everyday user (an important aspect of the protection is keeping older versions since a simpler mirroring backup means a users files could still easily all be lost on next backup that overwrites the mirror).
The reason why this is possible is again a combination of hardware and software - Time Machine as software alone is not nearly so powerful as it is combined with a unit that doubles as a WiFi router and backup disk, which is recognized as such by the system. Literally my mom can set it up and actually use it. I cannot imagine the countless disasters this has averted for people without technical family members to help them with issues.
Re: (Score:3, Informative)
So really, its best feature is its marketing. I have both a macbook and a windows 8 machine... the procedure to setup and use backup is basically the same, using similar terminology.
Plug a device in. Oh look at that, the system asks me if I want to use it for backup. Click yes!
DONE.
My grandma could have done it.
Re: (Score:3)
Plug a device in. Oh look at that, the system asks me if I want to use it for backup. Click yes!
Not sure if you saw the AC response, but he explains exactly the difference - want a file back? Run Time Machine, restore the older version, DONE.
Can't say that with many other backup systems that are harder to get to specific files, also when you first load Windows on a new system which existing backup system does it ask to restore a system from again?
The reason why what you are saying does not work (Score:4, Insightful)
Ha ha. Yet why are people not using such things in real life compared to them using Time Machine?
Most people don't want (a) to put a whole computer drive replicated in the cloud (they would not wait for the time it took to upload 100+ GB of data), (b) bother to attach local media for backup more than every six months (as per the article), (c) have other computers they consider a backup destination.
Time Machine is something that is backing up stuff EVERY HOUR. Even better, it's versioned so when the next backup happens and the now-encrypted files get pushed to the backup, you can still recover what was encrypted before. Not all of the things you list have that property, and for the topic UNDER DISCUSSION that is key to recovery of recent, or any, data. I myself manage my own backups by cloning hard drives and keeping offsite backups, yet I also have Time Machine enabled and running and I have to say there have been several occasions where is has saved me where the other forms of backup failed.
It's such a shame that you flippantly just point out backup software exists for Windows (duh) without going into a deep discussion of why Time Machine actually works for users while it's failing many people on Windows. Then we would all learn something instead of you simply feeling momentarily clever.
Re: (Score:3)
Nope. As SuperKendall said in a separate reply, regular users can't modify the backups and administrators (sudoers) need to authenticate to modify them. (And yes, I verified it before posting this).
The malware would therefore need to escalate the privileges in order to encrypt the backups, making it far more challenging.
This article is what the criminals wanted (Score:3, Insightful)
Ug. In a way, by passing on this "success" story, the writer of this article has played right in to the hands of these criminals. This is exactly the kind of press they want.
One always should assume that once their systems are infected that there files are GONE. Don't treat it any differently than a fatal hard drive crash. If you didn't have backup, then what were you going to do when your hard drive crashes anyway?
You should also question if giving these criminals money doesn't also indirectly make YOU a criminal. (And to any pedantics who might drop in to counter that: fuck you)
Anything you think you might have recovered should always be suspect. How do really know they haven't hidden more crap elsewhere? Worse yet, you should also assume these criminals now have copies of potentially important information.
The data isn't lost "forever" (Score:4, Interesting)
Just wait 10-20 years and commercial quantum-computers will be common enough that the key can be re-created and the data recovered. So if you have been hit by "ransomware," clone the disk and put both copies in a closet somewhere. Every year or two, copy the disk again.
In 5-10 years police agencies will admit to having such technology and people who committed serious crimes since the "Five Eyes" started sucking down as much of the Internet as they can and who have successfully evaded detection due to strong encryption may find themselves getting that "knock on the door."
Criminals who are very high-profile targets (think: Terrorism, top drug lords, etc.), they national police agencies either already have the ability to go back and decrypt all past recorded traffic and previously-seized computers or they will have it within a year or two, assuming the encryption is the kind that is in common use today (e.g. https: or PGP-like encryption with reasonable, not super-long key lengths). As to whether the police will admit to having this capability before the decade is out is an open question. If they don't, they'll either have to delay arresting people or cook up some form of parallel construction to make their case.
By the way, watch your national governments - if they haven't done so already they will try to eliminate or greatly extend statutes of limitation for the kinds of crimes associated with encryption, starting with those that are most scary to the public such as anything related to terrorism, high-level drug trafficking, and human trafficking. Or, instead of trying to generally extend/eliminate the statute of limitations, they may change the law to suspend the clock when encryption is used, so the time it takes from the day the evidence is seized or sniffed to the day it is decrypted doesn't "count."
Microsoft benefits from this (Score:3)
Re: (Score:3)
Are you telling me that PC vendors these days ship systems without a way to recover them from bare metal? That's... insane. Utterly stark raving mad.
Even Macs, which don't ship with install media, can do a bare metal restore downloading the operating system from the Internet. This is common sense shit!
Re:How about educating your dumbfuck mother? (Score:5, Insightful)
Context, man!
The "Don't blame the victim" notion comes in response to this kind of (boiled down) common claim:
"It was her fault that we exploited her! It was impossible for us to choose to not exploit her. We take no responsibility for our own actions!"
Which is the way psychopaths operate. They're always blameless or their actions are 100% forgivable in their eyes.
Her ignorance and subsequent choices were on her; she could have protected herself better, but the crime is not her fault and the perps should get zero slack because of it.
Re:How about educating your dumbfuck mother? (Score:4, Insightful)
The victim is to blame for ignorance; the criminals are to blame for maliciousness. There's enough blame for everyone.
Re:How about educating your dumbfuck mother? (Score:5, Insightful)
Everyone is stupid.
I'm stupid. You're stupid. We're all ignorant of something.
Malice gets 100% of the blame.
To use knowledge of something to abuse and transgress against another who does not, is a crime. The only crime. And all of the blame
Analogy: if you leave a $100 bill on your front porch, yeah, that's fucking stupid.
But someone has to go on property they have no permission to, and take something that is not there's. That's 100% of the blame. The moral person will not steal that $100 bill. In fact, they'll ring the doorbell and educate the stupid person, that they should be careful and not leave money on their front porch.
You don't punish stupid, you educate it. You punish malice.
Unfortunately, we punish stupidity too much in this world, our anger is always in full rage and pointed at the dumb. And we let the truly malicious off, because our hate goes towards the stupid, and in the meantime, the malicious gets away. Or we have no more anger left for them.
It's some sort of fundamental weakness with human nature, that we do this: punish the stupid and ignore the malicious. When we should be educating the stupid and punishing the malicious.
Re:How about educating your dumbfuck mother? (Score:4, Insightful)
you do realize you yourself are stupid
and that you, many times a year, make bad mistakes that hurt you. i know this because we all do
let's assume you are a programmer, top of your field. no one can top your knowledge and wisdom. now you move into management, and you make dumbfuck mistakes 1, 2, 3 that noobs of management always make. should we make this painful for you? should we mock you?
you're starting a new job: there's a dozen things you will fuck up that your coworkers already know. are they supposed to laugh at you?
you do something in your house that creates a $2,000 repair. the plumber or contractor sees it all the time. should he yell at you?
your ignorance of your own essential weakness makes you perhaps much more stupid than the people you mock who don't know trifling technical things but have a much better attitude. you're ignorant of something that many of us realize in grade school. the irony
should i make it painful for you? should i kick you in the face for your ignorance of basic human weakness?
arrogance. hubris. and the worst kind of ignorance: prideful ignorance. that's you. you're what is wrong with the world
we all fuck up out of ignorance throughout our entire life. show some fucking humility and adjust your shitty smug attitude
Re:How about educating your dumbfuck mother? (Score:5, Funny)
She shouldn't have dressed her computer so provocatively!
Re:How about educating your dumbfuck mother? (Score:5, Insightful)
Oh wait I forgot - you can't blame the victim ever no matter how much of a stupid fucking idiot they are!
I blame our industry for being as you put it "stupid fucking idiots". The most common attack vector for this particular malware and many like it is email attachments.
It's 2015 anyone in the world can still send an email with file attachments to anyone using whatever FROM address they'd like without any prior trust relationship, vetting or authorization by receiver. Most mail clients let users execute it in the same security context as the user without so much as a peep.
It isn't the users fault they don't fully understand the depths to which the technology they are using is completely broken and wholly unsuitable for purposes for which it is used by countless millions on a daily basis.
It is *our* fault for installing AV software and going back to picking our noses. *MILLIONS* of people are being exploited using the same attack vectors with malware and spyware... this business of calling everyone "fucking idiots" is getting old.
Re:How about educating your dumbfuck mother? (Score:5, Interesting)
The most common attack vector for this particular malware and many like it is email attachments.
That was true 4-6 years ago, but not today. Now we're seeing most of this stuff getting installed via zero-day exploits in browsers and plugins like Java and Flash, and distributed via third-party advertising networks. It's a lot harder to blame someone for getting compromised via a browser plugin they didn't even know they had.
The best protection these days is still to block all advertising, run with limited permissions, and have automated external backups with versioning. If the user is capable, blocking all third-party scripting is also incredibly effective.
It's 2015 anyone in the world can still send an email with file attachments to anyone using whatever FROM address they'd like without any prior trust relationship, vetting or authorization by receiver.
You just listed some of the best features of email.
It is *our* fault for installing AV software and going back to picking our noses
Now this is true. Antivirus software has been a joke for a decade.
Re: (Score:3)
Re: (Score:3)
ads posing as real software, e.g. when you Google X and the first couple links are sketchy versions of Y pretending to be X, or when you get to the actual download page but the big green "Download" link is actually an ad which downloads some BS executable
Oh, god, you have no idea how much this pisses me off. I've had a few family members get bitten by this when I've suggested they get VLC or Firefox. The bastards at Google allow people to purchase ads for these high-profile FOSS software project names and then they serve up malware.
I thought they'd stopped doing it, but checking now I see searching for both Firefox and VLC still show these links. And some morons still don't understand why people block ads.
Re: (Score:3)
Re: (Score:3)
Oh wait I forgot - you can't blame the victim ever no matter how much of a stupid fucking idiot they are!
I blame our industry for being as you put it "stupid fucking idiots". The most common attack vector for this particular malware and many like it is email attachments.
It's 2015 anyone in the world can still send an email with file attachments to anyone using whatever FROM address they'd like without any prior trust relationship, vetting or authorization by receiver. Most mail clients let users execute it in the same security context as the user without so much as a peep.
It isn't the users fault they don't fully understand the depths to which the technology they are using is completely broken and wholly unsuitable for purposes for which it is used by countless millions on a daily basis.
It is *our* fault for installing AV software and going back to picking our noses. *MILLIONS* of people are being exploited using the same attack vectors with malware and spyware... this business of calling everyone "fucking idiots" is getting old.
You nailed it. There is some kind of blindness among geeks to how much otherwise worthless knowledge is actually needed to properly operate a computer, all in the name of convenience for the elite who feel they earned the right to look down on everybody else. General purpose computing is just filled to the brim with self-created problems. I'm always seeing this sort of attitude displayed that computers are to serve "computer users"... not pilots, accountants, doctors, lawyers, general contractors, etc.
Re: (Score:3)
Seriously, when was the last time you received a program by email where that program was legitimate and you expected to receive it? Why can't an email client default to making the user jump through warnings and hoops in order to run a program that arrives in their email box? The GP poster's point is exceptionally valid.
Re:How about educating your dumbfuck mother? (Score:5, Insightful)
Turns out, when Microsoft tried this [wikipedia.org], they really annoyed a lot of their customers and took an awful lot of stick for it. Even from people who would consider themselves fairly technical. Users don't want you to put hoops between them and what they (think they) want to do.
Typical user scenario:
Clicks malware.exe email attachment.
Email client: Email attachments of this type this type are dangerous. Are you sure you want to run it?
*yes*
MSE/Windows defender: Virus detected. Quarantine file?
*nah... seems legit*
Windows: Filez from teh internetz can be dangerous. Continue?
*Yes. How dare you question me Bill Gates!?!*
UAC: File malware.exe from some dude on the internet wants admin access to your computer. Allow?
*Stop getting in my way stupid computer*
Windows: Install unsigned drivers? Guidance: Basically no unless your plugging in exotic or old hardware.
*Get the **** out of my way piece of *** I bet that *** Bill Gates thinks he knows better than me*
MSE/Windows defender: ***DEFCON1DEFCON1***
*whatevs. I need those novelty smileys and cool web search*
Malware: Mwhahahaha installs pop ups, steals bank details, encrypts files emails child pr0ns to the police etc. etc.
*Wah.... f***cking stupid Bill Gates your software's **** I hate Microsoft. Plus whenever I want to do something it asks me questions like I'm stupid and it knows better*
They hate the dialogues etc. and just click through them. Don't get me wrong I'm all for warning dialogues, but they exist already and they don't help a large proportion of "average users".
And, before some smartypants points it out, I know MS have since said that UAC was designed to annoy users to encourage developers to write apps that don't require admin privileges. A good warning system *should* be annoying though, and hopefully fairly infrequently triggered by innocent actions (as it is now that UAC has been around for a while and developers have fixed their apps (and MS have tweaked it a little)).
Re: (Score:3)
I can't speak for the
Re: (Score:2)
For me I use Mozy [mozy.com] (note: referral code, gives me a little more space) for all important files (as you don't get hundreds of gigs of storage - 2GB for free, 50Gb for £5 a month). It periodically (twice a day IIRC) makes deltas of changed files and sends them off to the cloud somewhere, either encrypted with your own or their default key if you'd rather not worry about losing it.
You want to restore, click the icon, select files, and click the usual "yes overwrite" dialog options (or you can log on
Re: (Score:2)
You do not understand the crime being committed if you think File Vault and Time Machine will help you.
Re: (Score:3)
Re: (Score:2)
...and hire hit men pour encourager les autres.
I'm sure in Russia they're all occupied masquerading as Ukrainian separatists.
Re: (Score:2)
/. turning into gawker/vox/etc. You want it, you got it! Clickbait all the time baby!
Re: (Score:3)
+/
News for the clueless? Stuff we already know about?
Hugh Pickens is the new Roland Piquepaille [wikipedia.org], though Pickens has learned from some of Rolands mistakes.
Re: (Score:2)
It's Version 2.0 of an ages old scam... it's back, and it's spotted in the wild. Everybody check their mom's antivirus software we gave them....
Re: (Score:2)
I know what the scam is, even if this is V2.0, it's ancient news.
I mean what is this story doing on here? This isn't news for nerds.
Re: (Score:2)
News has a "refresh cycle" because the people who are 20-25 reading Slashdot don't remember seeing this story run for the first time.
Re: Joshua (Score:2)
Re: (Score:2)
Wow, that's genius! I wonder why nobody else thought of it? Maye next you'll come up with some gems like "teach people not to shoot each other", and "teach people how to drive properly".
Re:I have no problem with this... here is why (Score:5, Insightful)
I'd rather pay $800 to a “criminal” than $5000 to a lawyer
False dilemma [wikipedia.org]. In no meaningful way whatsoever is the money paid to these criminals an alternative to legal fees paid to a lawyer for a completely unrelated matter. Implying that the two payments are alternatives is idiotic.
Re: (Score:2)
Maybe don't pay $5k to get out of paying $1k, then.
Comment removed (Score:5, Informative)
Re: (Score:3)
The value you stated is complicated. Either
Tough call, depending on his business.