Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security Encryption

Badly-Coded Ransomware Locks User Files and Throws Away Encryption Key (softpedia.com) 128

An anonymous reader writes: A new ransomware family was not tested by its developer and is encrypting user files and then throwing away the encryption key because of an error in its programming. The ransomware author wanted to cut down costs by using a static encryption key for all users, but the ransomware kept generating random keys which it did not store anywhere. The only way to recover files is if users had a previous backup. You can detect it by the ransom message which has the same ID:qDgx5Bs8H
This discussion has been archived. No new comments can be posted.

Badly-Coded Ransomware Locks User Files and Throws Away Encryption Key

Comments Filter:
  • by Anonymous Coward on Sunday November 08, 2015 @02:53PM (#50888701)

    So it's like the old fashion viruses that actually cause damage to your system then.

    • Yes. It's the "erase your files" kind of virus...

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Hell yes! Those were the good old days. Corrupt and destroy, for no reason other than sheer malice. Yeah!

  • by Anonymous Coward on Sunday November 08, 2015 @02:57PM (#50888713)

    If the author decided on an open source project, the community could have found and developed a fix during beta testing.

    • by Anonymous Coward

      Actually, TFA does admonish the author for not testing his malware, interestingly enough.

      • Worse, they give the instructions on how to fix it. Here is their rationale"

        At BleepingComputer we never disclose bugs in a ransomware infection as that will just alert the developer and cause them to fix the weakness. In this particular case, though, we are going to tell the developer how to fix his mistake so that he doesn't continue to destroy his victim's data going forward. In our opinion, if a person becomes infected, we would rather they have a fighting chance of recovering their files rather than no chance at all.

        So now, instead of abandoning it because it's broken, he can fix it and continue on his merry way:

        The problem is that the AES key was not properly padded when it was converted into a Base64 string. When the PowerShell script tried to decode this string, it failed, and instead of the variable $RgDhcxSdghWd containing his decoded AES string, it now contained a NULL or empty value. If he had added one one more = character to the string, it would have worked as intended and everyone would have had the same AES key.

        That's as stupid as pointing out to the guillotine operator who is about to behead you that the guillotine won't work because there's a knot in the rope.

        • by Anonymous Coward

          It's more like if the developer was prison guard, he would be giving away key to prison for each passerby. Currently he locks you with wrong key and throws it away, thinking he has a copy. Except he doesn't. If he had used the right key, anyone could come and open the door.

          Every other prison guard has their prison's door opening key with just them, but they give out the one with which you can lock the door.

        • No this is the same as pointing out the the guillotine operator the the blade is going to hit the trigger of the big ass pile of tnt that is under the platform and it is going to kill him and everyone around him. And suggesting that perhaps you move it to the right a little.

        • by KGIII ( 973947 )

          Alerting the guillotine operator that there's a knot in the rope might be a prudent thing to do, if the knot is located where your head will only be partially lopped off and mean you get a more painful death.

          • by Lumpy ( 12016 )

            And that is what he wants. He is one of those fools that wants to bleed to death in agony.

            • by KGIII ( 973947 )

              I may be wrong but I'm pretty sure the user is a she. We finally get a girl on the internet and you gotta go scare 'em away! Oh sure, "but they're not a real girl!" That's what you'll probably say. Well, if they identify as a girl you can sex 'em and it's not even gay! Hah! That's what I say!

              Err, actually I say it doesn't much matter but that's a topic for another day. I guess.

              • The author of this "ransomeware" wanted to use one key so that he wouldn't have to make a "complicated database lookup for each key." Complicated database lookup? It's two fields. Looks like they wanted to use the cheapest hosting plan possible by giving everyone the same key - no database needed. What a schmuck. What a maroon ...
        • by Dunbal ( 464142 ) *

          the guillotine won't work because there's a knot in the rope.

          Methinks you have a fundamental misunderstanding of how guillotines work. Lucky for you no one uses them anymore!

    • by Anonymous Coward
      That and they could've implemented a proper Code of Conduct which would've discouraged online abuse and decreased the overall level of butthurt, allowing women and minorities to be involved in greater numbers, who in turn surely would've found the error due to their diverse worldviews.
    • If the author decided on an open source project, the community could have found and developed a fix during beta testing.

      To be fair, the author probably coded it, posted it somewhere, tried it out and then... "oh shit!"
      So they likely half-tested it, and it did half work.

  • What a role model (Score:5, Interesting)

    by Opportunist ( 166417 ) on Sunday November 08, 2015 @03:01PM (#50888725)

    I always thought we should lock up those bastards and throw away the key. Shall we take it as a recommendation how he wants to be treated when we catch him?

    • by Anonymous Coward

      Due to an error in the prison system, we can't release you even though you've served your time. We though it would save costs use the same key for all cells, but your cell accidentally has a different lock to which we don't have the key.

      Hope you have a backup!

    • That's one way of writing a format virus.
    • by 12WTF$ ( 979066 )

      I always thought we should lock up those bastards and throw away the key. Shall we take it as a recommendation how he wants to be treated when we catch him?

      My object all sublime.
      I shall achieve in time —.
      To let the punishment fit the crime —.
      The punishment fit the crime —.

      • In this time, it's more often that you have to ponder how to make the crime fit the punishment that you'll get anyway.

    • I always thought we should lock up those bastards and throw away the key. Shall we take it as a recommendation how he wants to be treated when we catch him?

      Seems like a waste of a perfectly good prison cell. I'd be happier if he never made it to the prison alive.

      • by dave420 ( 699308 )
        Each post you make paints you as a bitter, sad, lonely, hateful person. It's not good reading - like a cry for help from someone who knows it's too late to meaningfully redress the balance in their life, that they are doomed to sail their lonesome, twisted course to the grave. I hope that's not the case, but I suspect it is.
        • Each post you make paints you as a bitter, sad, lonely, hateful person. It's not good reading - like a cry for help from someone who knows it's too late to meaningfully redress the balance in their life, that they are doomed to sail their lonesome, twisted course to the grave.

          Lol, I sense projection. :)

          Sorry to dampen your little jealousy-fest, but it may come as a surprise to you to learn that I'm not here to live up to your expectations. :) lol

          As for me, well....I have wonderful wife who I love very much, quite a few good friends who I've known for decades, and I just went back to work after being heavily courted by a company in Redmond WA (no, not Microsoft). They actually paid me enough to come out of a very comfortable retirement. What's not to like about that? :)

          My son is

    • What a dumbass. If he had actually succeeded with his programming, it would have meant that any victim could give or sell the encryption key to his other victims.

      Too bad he didn't also have a random ID, or accidentally give out the contact info of a "legitimate" ransomware maker, so that he could piss off the other ransomware makers even more by his "killing" of data hostages.

    • by cdrudge ( 68377 )

      Put an electronic lock on the door that uses his code for unlocking it.

  • Isn't that usually the case? I never thought paying the ransom would actually be followed by the recovery of the data...

    • by NoZart ( 961808 )

      The malware producers release the keys mostly, because people that are infected hear about that and are more willing to pay up...

      • by Anonymous Coward

        Important to have backups which cannot be accessed by your system in any case (unplugged USB drives, cloud service with their own revision system etc)

        • by Anonymous Coward

          Even multiple USB drives won't necessarily help you.

          Let's say you do backup every week, alternating between two disk you keep in separate places. You catch the ransomware. Next weekend, the malware encrypts your backup disk #1. You store that encrypted backup in a safe place. The following weekend, you connect your second backup disk to do another backup. Now both of your backups are encrypted.

          • Why would you continue to back up after you have been infected?

            Also, even if you did, your new backups shouldn't be overwriting your old backups.

            Also, just enabling shadow copy on your hard drive and running as a standard user will defeat all ransomware even if you never back up.

    • by Anonymous Coward

      Isn't that usually the case? I never thought paying the ransom would actually be followed by the recovery of the data...

      If that were the case anyone who became a victim of it would spread the word and eventually people would realize that you don't get the data back by paying.
      The business model only works if the victim believes that they can get their data back.

      This bug actually hurts the ransom-ware business.

    • Re:Usually the case (Score:5, Interesting)

      by Sqr(twg) ( 2126054 ) on Sunday November 08, 2015 @03:26PM (#50888823)

      Nope, apparently they do give you the decryption key, once you pay. If word of mouth was that it doesn't help to pay, then a lot less people would pay the ransom.

      So this guy is destroying a very lucrative business model for some very evil people. It will probably not end well for him.

      • by radarskiy ( 2874255 ) on Sunday November 08, 2015 @03:56PM (#50888957)

        This is why we can't have nice hostages.

      • Definite showstopper.
      • yep I would doubt his employers will be very forgiving. He has basically given a nutpunch to a multi million dollar industry. I wouldn't be surprised if said coder has already received his only nutpunch in a far more fatal way.
      • by Falos ( 2905315 )
        So s/he has even more enemies, including those more able to track people down (if sufficiently motivated).

        Well, they're kneecaps I won't feel very sorry for.
    • by gweihir ( 88907 )

      Recently, several of these scum have refined their business model and actually deliver decryption keys. In an utterly immoral move, possibly designed to inflate the perception of threat, the FBI has even recommended to pay: http://uk.businessinsider.com/... [businessinsider.com]

    • This Radiolab episode follows a ransomware victim through the tricky process of paying off the criminals and getting her files back.

      http://www.radiolab.org/story/... [radiolab.org]

  • DUMB (Score:5, Funny)

    by jez9999 ( 618189 ) on Sunday November 08, 2015 @03:09PM (#50888757) Homepage Journal

    Disasters Usually Motivate Backups

    • Unfortunately it seems some people Just Don't Get It. They would probably recoil at the idea of only having one set of house keys yet for some reason they think having only 1 copy of important files is just dandy. To be frank, they deserve what they get because if this sort of malware doesn't get them then a dead hard drive or their own fat fingers on a delete button will one day.

    • by antdude ( 79039 )

      What if they already did and their backups got encrypted for ransoms too? :P

    • by AmiMoJo ( 196126 )

      On this subject, as a refugee from OneDrive now that they capped it at 1TB for paying customers, I switched to SpiderOak. They were offering a deal where you got unlimited space for $150/year. Not the cheapest but their software is reasonable. I'd like more flexibility to have multiple backup sets, but at this point I'm just happy to be backed up. Or, at least I will be in six months once it has all uploaded.

      At least OneDrive has just gone read only so I can restore from there if I need to. Screw you Micros

  • by BoRegardless ( 721219 ) on Sunday November 08, 2015 @03:24PM (#50888815)

    Get a virtual machine up and running or an older MacBook off eBay and it does Internet and all downloads.

    Any crap needs to be isolated to the VM or email machine.

  • Just asking......would anyone really be all that upset if the fucker that coded this was hunted down and beaten to death? Or shot full of holes?

    I've searched my soul (what tiny, tiny fragments remain) and personally I wouldn't mind one bit.

    Seriously, if I read tomorrow morning that he'd been found dead as a result of some brutal, awful violence, I wouldn't even stop eating my bagel.

    • by Anonymous Coward on Sunday November 08, 2015 @04:50PM (#50889223)

      What the hell is wrong with people like you? It's not that the guy isn't a first class cunt, but what sort of poorly controlled emotion causes a person to warm to the idea of torture and death? I sometimes wonder whether some humans have a repressed bloodlust and they use righteous indignation as an excuse to bring it out.

      Sure, lock the guy up, seize everything, whatever, following due process. Be more civilised than he is, not less.

      • by Calydor ( 739835 )

        what sort of poorly controlled emotion causes a person to warm to the idea of torture and death?

        One too many instances of thinking, "This is why we can't have nice things."

      • by gsslay ( 807818 )

        What the hell is wrong with people like you?

        Because on the internet, everyone is a tough guy and everything is just words.

      • I know. I am constantly amazed at the outright hostility of people.

        It is NOT OK to threaten people because you disagree with them.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      You're really one tough old guy, JustAnotherOldGuy.
      If you choked on your bagel tomorrow, I wouldn't give a shit

    • by gweihir ( 88907 )

      Naaa, just let him pay for all the damage he has done. Should take him a few lifetimes.

    • because he bounced all Command Control messages through your IP address and now they are coming for you.

      Any death/extreme penalty can be abused and used to set up innocents and is the main reason countries/states choose not to implement them.

      Your innocent in the eyes of the law until you are proven guilty, only that does not mean a) you did it b) you deserve it. ::I am commenting on Slashdot as an Anonymouscoward, this can not end well::

  • This is outrageous! I'm going to ask for my money back!
  • That hacker has what it takes to join the Home Alone crew (the wet bandits)

Doubt is not a pleasant condition, but certainty is absurd. - Voltaire

Working...