Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Open Source Security IT

Open-Source Ransomware Abused For the Second Time In Real-Life Infections (softpedia.com) 100

An anonymous reader writes: After the Hidden Tear (open-source) ransomware code was used to create the Cryptear.B ransomware, now the EDA2 open-source project was used in the same way to create the Magic ransomware. Both projects were created by the same guy. While he left an encryption flaw for Hidden Tear, he didn't for EDA2, relying on a backdoor in the ransomware's admin panel, which he planned to use to steal the encryption keys from the ransomware authors, if they ever used his tool. Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.
This discussion has been archived. No new comments can be posted.

Open-Source Ransomware Abused For the Second Time In Real-Life Infections

Comments Filter:
  • Victims should sue (Score:5, Insightful)

    by mysidia ( 191772 ) on Sunday January 24, 2016 @12:58AM (#51359875)

    The hosting provider who delete the files for damages.

    Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

    If it was reported to them, then the provider KNEW or should have known their servers were holding a criminal's data, including possibly encryption/decryption keys and stolen assets in relation to ransomware, which the providers' services had aided.

    At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities.

    Complete deletion was an act of negligence, and if they aren't criminally tried, the provider should at least be compensating victims for their loss that was a result of not being able to obtain ransomware decryption keys which the provider destroyed.

    • by mbeckman ( 645148 ) on Sunday January 24, 2016 @01:42AM (#51360041)
      "At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities. "

      Duty bound? What duty is that? The victims have no contract with the provider. Sure, it would be nice if the provider happened to recognize this as a ransomware control server, and saved the data. But duty bound? That's a fantasy. The victims are victims of the perpetrator, nobody else.
      • by Anonymous Coward

        If you reasonably should have known there world be a criminal investigation and you destroy evidence, it's illegal. That certainly seems to be the case here.

      • by mysidia ( 191772 )

        Duty bound? What duty is that? The victims have no contract with the provider.

        The duty is a duty to the public (including victims) to abide the law by not destroying evidence.

        It is not a contractual duty. It is more like the duty involved, where you are a school worker and you routinely open a student's locker to find illegal drugs --- just emptying their locker out into the garbage incinerator is a crime of disposing of the evidence.

        • by mbeckman ( 645148 ) on Sunday January 24, 2016 @10:37AM (#51361181)
          mysidia: while good-intentioned, that's simply not how the law works. A third party that destroys evidence as a side effect of securing the safety of themselves or their property commits no crime, because their intent is not to destroy evidence, but to regain their own security.
          • Neither the dope in the locker nor the data are a clear and present danger.

          • A third party that destroys evidence as a side effect of securing the safety of themselves or their property commits no crime, because their intent is not to destroy evidence, but to regain their own security.

            It depends on whether the safety we are referencing is "the safety of their property" or "the safety of themselves with regard to prosecution". If the latter, then all destruction of evidence would not be criminal. 8^)

            The points to consider are:

            (1) Was deleting the data necessary, or would it have been sufficient to off-line but retain it for a period, as their web site states that do for delinquent accounts?

            The clear answer is that deletion was not necessary; data stored in off-line storage does not activ

    • Complete deletion was an act of negligence, and if they aren't criminally tried, the provider should at least be compensating victims for their loss that was a result of not being able to obtain ransomware decryption keys which the provider destroyed.

      FTFA - "Creator of both projects is Turkish security researcher Utku Sen, who says that both his projects, Hidden Tear and EDA2, were published only for educational purposes.

      Yeah. Create a monster, release it into the wild, the obvious thing happens, and it's all the fault of the server owner panicking.

  • by Kaz Kylheku ( 1484 ) on Sunday January 24, 2016 @01:08AM (#51359913) Homepage
    Give him a 25 mHz 386/SX box with NetBSD. Release date is "when you crack the key to recover the data".
    • Who?

      The guy who wrote the Open Source software with a back door and good intentions?
      The guy who used it nefariously?
      The guy who reported it?
      The guy at the hosting provider who killed the C&C server?

  • by Anonymous Coward

    I ask this in good faith -- why is there open source ransomware? I have no problem with uploading encrypted data for backups and security purposes. I have no problem with such tools being open sourced. But ransomware is, by definition, used for extortion. Isn't the mere existence of open source ransomware (or any other ransomware) an abuse?

    As for the hosting provider, they should be liable for civil and criminal damages. Victims whose files are unrecoverable because the account was deleted rather than locke

    • I ask this in good faith -- why is there open source ransomware?

      The short answer is that some people have bad values. If you want to dive deeper you could consider the OpenBSD licensing philosophy [openbsd.org] as a proxy for the Open Source or Free Software movement. The software and its code become an end in itself, What is "good" is defined in terms of working code that complies with the license. The ultimate purpose of the code is practically irrelevant. From time to time there are controversies that arise in regard to some proposed change in the license of some software. I

    • Researchers do a lot of things, even if only to understand how other people do them.
      On the other hand, this guy was a moron for publishing this stuff. The moment you put something like that out where anyone can get there hands on it, it's too late to stop scum from grabbing it. You'd think after the first time he'd realize that. At this point, I wonder if it was intentional on his part.
  • by Anonymous Coward

    Is it a cause for rejoicing that when we've been hit with a ransomware attack that the attacker is an ethical one that will promptly restore things when we pay the ransom? You know, an attacker that has a fiduciary responsibility to act promptly when we submit to his demands. Does this mean we should deal with only the reputable extortionists?

    • Actually, yes you should only pay the ethical attacker. It will teach the unethical hacker that his profits are extremely limited when word gets out that paying doesn't fix the problem.

      Of course in an ideal world you wouldn't have to pay any hacker. But there are times you might not have that choice.

      • by Anonymous Coward
        you should never under any circumstance pay ANY of them. IF that means taking a hit yourself then so be it. Paying them just perpetuates the problem, their is no such thing as an ethical ransomer, their only interest is to fuck you over for as much money as possible.
        • That is not always possible for everyone. It really is that simple. Sometimes the loss is too valuable. Yes, you should not pay ever in an ideal world. The world isn't always ideal though.

    • by mwvdlee ( 775178 )

      If you pay an anonymous extortionist money to no longer extort you, is there any reason to believe he'll stop extorting you?

  • IIRC the last person flogged in the US as sentenced by a court was in the 1950s. It may be time to rethink that for some offenses.

    • by Indigo ( 2453 )

      I've often had that same thought. The trolls would be first (the really nasty ones, I don't mean the app appers dude - that would be silly :-). Then crackers, spammers, and crapware purveyors. "And while I'm dreaming, I'd like a pony..."

    • IIRC the last person flogged in the US as sentenced by a court was in the 1950s. It may be time to rethink that for some offenses.

      Maybe it's time to reduce corruption and inequity in our government, because they teach people to engage in corruption and to create more inequity in society.

  • don't they have anything better to do with their lifes than cxreating those crappy situations for others? Petty callus character to host and live with I'd say.

  • How does this open-source ransomware code get onto your computer without the end-user explicitly visiting a malicious website, downloading and installing the malware.

You are always doing something marginal when the boss drops by your desk.

Working...