Koolova Ransomware Decrypts For Free If You Read Two Articles About Ransomware (bleepingcomputer.com) 80
An anonymous reader quotes a report from BleepingComputer: We have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles. Discovered by security researcher Michael Gillespie, this in-development ransomware is not ready for prime time. In fact, I had to mess with it a bit and setup a local http server to even get it to display the ransom screen. In its functional state, Koolova will encrypt a victim's files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key. It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files. The articles that Koolova wants you to read are an article from Google Security Blog called Stay safe while browsing and BleepingComputer's very own Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article. Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available. Once you click on this button, Koolova will connect to the Command and Control server and retrieve the victim's decryption key. It will then display it in a message box labeled "Nice Jigsaw," in reference to the Jigsaw Ransomware, that displays your decryption key. A victim will then be able to take that key and enter it into the key field in order to decrypt files.
Is there a quiz afterwards? (Score:4, Insightful)
How does it know if you really read the articles?
Re: (Score:3)
What if the user doesn't have an internet connection?
Then he obviously wouldn't have been infected in the first place.
Re: (Score:1)
Re: (Score:1)
The author of this software needs education. (Score:5, Interesting)
I suspect the moron actually believes he's doing someone a favor - but there is never an ethically appropriate way to damage or steal information that isn't yours on equipment that isn't yours. As I recall, wasn't there some clod that released a virus a decade back that actively (attempted to) hunt down and remove other virii from infected computers, ostensibly as a public service? The idea ended up conceptually integrated into other exploits as a way to ensure that a given bot was only enslaved by one botnet at a time, a very valuable idea for botnet operators but hardly a public service.
Re: (Score:1)
but there is never an ethically appropriate way to damage or steal information that isn't yours on equipment that isn't yours
It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.
The world needs more education opportunities like this, where they can have a chance to change without actually getting hurt.
Re: (Score:1)
So many people are internet roadkill, they just don't know it yet.
Re: (Score:1)
Ethically, this is like pushing someone out of the road so they don't get hit by a car. The pushing might hurt them a bit, but it's way better than getting hit by the car.
Except that it is more like grabbing someone and holding them in front of oncoming traffic until they admit that they should be more careful in the future.
From TFA:
It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files.
That is irresponsible and indefensible.
Re: The author of this software needs education. (Score:1)
Deleting my files for not reading an article is no less damaging than deleting my files for not paying a ransom. That's like pushing someone in front of a train to save them getting run over by a truck.
Re: (Score:2, Insightful)
I think a more appropriate analogy would be pushing someone in front of a moped to save them from getting run over by a truck...
Ransomware pushes its ethics onto others (Score:5, Insightful)
It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.
The author of this ransomware is doing exactly that though: forcing others to accept his ethics. So using your own definition of ethical behaviour this is still unethical. Arguing that this is an ethical way to motivate learning is the same as arguing that spreading curable STDs is an ethical way to educate people into having safe sex.
Re: (Score:2)
That sounds like pure ethical relativism, which isn't sound. If someone thinks it ethical, nay a duty, to exterminate all the left handed, it is OK to push my opinion on him. There may be hard problems and the answers may depend on details, including social circumstances, but there is a difference between right and wrong.
Re: (Score:1)
Re: (Score:2)
It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.
I'm interested in hear more about Absolute Ethics.
Re: (Score:1)
Re: (Score:2)
No ethics? (0)
Re: (Score:2)
Different people have different ethics, you shouldn't push yours on other people.
You're confusing ethics, which are based on principles and are not relative, with morality, which is relative and malleable.
Look at it this way: slavery has never been and never will be ethical but it is, at some times in some places, moral.
Re: (Score:1)
Different people have different ethics, you shouldn't push yours on other people.
You're confusing ethics, which are based on principles and are not relative, with morality, which is relative and malleable.
Look at it this way: slavery has never been and never will be ethical but it is, at some times in some places, moral.
Note: Slavery was advocated by humanitarians, in ancient times, as a way to avoid the slaughter of capured enemy soldiers.
Re: (Score:1)
Re: (Score:2)
Subjective? No, not really.
The basic ethical principle is to not interfere with another's well-being. The definition of well-being may appear changeable but it should be the subject's definition and standard of well-being, not your own.
From the single principle, which we may restate as "treat others the way they want to be treated," we can derive prohibitions against murder and assault; lying, and from that cheating; theft, and from that malicious vandalism (depriving property from another, even if you do
Re: (Score:1)
The basic ethical principle is to not interfere with another's well-being.
That's your suggested ethical code. It's not everyone's. Is it ethical to pirate music? To violate copyright?
Re: (Score:2)
Hopefully he uses incremental backups. Having a backup system of N=1 is usually asking for trouble.
Re: (Score:2)
Many years ago there was a proposal for the "Tux Virus."
The notion was that it would download a linux distribution with FVWM95 as the window manager, use Wine for the windows binaries, and probably include OpenOffice.
Some even deluded themselves that it would take the victim a while to notice.
Fortunately, those that had the actual ability to do this (that is, to come as close as possible; it's not like Wine was up to running random binaries) had better things to do, or had been taught better by their moth
Re: (Score:2)
I'd never heard of this. It's a fun thing to think about, but of course unethical and also a bad idea for obvious PR reasons ("LINUX IS A VIRUS!") to actually do.
Many people wouldn't notice possibly ever, at least until someone technically literate looked at it and told them what had happened. Why would they? They'd just think it was a normal Windows update that included some UI changes.
Now, if the virus's autoconfig was poorly written and gave them a broken setup, they'd certainly notice something was b
my own internet (Score:5, Funny)
Re: (Score:2)
You're taking your words and going home?
Re: (Score:1)
With blackjack! And hookers! In fact, screw the internet!
Re: (Score:2)
That's it. I'm making my own Internet, and nobody else can be on it.
I just switched to Vodafone for Broadband & Mobile data. I'm now officially off grid :)
Re: (Score:2)
So, it would be an Intranet? ;)
Re: (Score:2)
Am I the only person thinking these security researchers are the authors of the various forms of malware of late?
It would not make sense. Black hat people have an incentive to make malware: they make money from it. Security researchers make money in the fight against malware they do not need to create. And creating malware would be stupid for them, as it would introduce the risk of dealing with justice.
No need to double my work load, given morons (Score:2)
Given that morons still click christmas_card.exe, and some of those click happy morons are executives and sysadmins, I have no need to double my workload by creating more problems to fix. The bad guys and the sloppy users create plenty enough problems.
The Start of Something Bigger? (Score:5, Insightful)
Re: (Score:3)
We've already seen ransomware that either allows a victim to pay, or to infect at least two other paying victims [computerworld.com], using a customized version of the malware for tracking purposes.
Re: (Score:2)
This is a fun example, but it suggests that ransomware can be used to induce people to do much more than paying a fee.
You and I have radically different definitions of "fun." This "fun example" will encrypt and then delete your data if you don't follow its demands. I don't care if the only demand is filling in a captcha, it's not acceptable to threaten consequences for failing to comply.
Personally, I can think of a few knee-jerk reactions that I might have to discovering this. None would be to just click on the links unless I knew ahead of time that it would work. My response would certainly not be blindly following direct
Re: (Score:2)
Personally, I can think of a few knee-jerk reactions that I might have to discovering this. None would be to just click on the links unless I knew ahead of time that it would work. My response would certainly not be blindly following directions given to me by ransomware - In this case to my own detriment.
"I don't negotiate with terrorists", says the person who has never been held hostage.
What a coincidence! (Score:2)
In a strange coincidence of "one thing happening after two other things happen", the "please stop breaking my knees" button becomes available after the ransomware's author has had both of his knees broken.
What an idiot (Score:5, Insightful)
There is no doubt that this is both unethical and illegal in most jurisdictions.
It also won't work. Regular computer users are not knowledgeable. Even experienced users, even people with college degrees in computer security will err. People will mistake the dialogue box for an ad, people will think that it will go away with a reboot, etc. That users err is a natural law, the first thing they teach you in User Interfaces 101.
It won't be fool-proof. Even perfect software has bugs. The Internet has outages. People don't always unfiltered Internet access: people travel with their computers, people use their company's computers behind high corporate firewalls etc.
It will be dangerous. People will get their files deleted, and then they will get angry.
Even if the author's actions may be legal within the jurisdiction in which he lives (which is doubtful)... he will have made himself a target.
Delete the files of the wrong person, and he might end up with a busted skull with his blood on the pavement.
Re:What an idiot (Score:5, Insightful)
It will be dangerous. People will get their files deleted, and then they will get angry.
Even if the author's actions may be legal within the jurisdiction in which he lives (which is doubtful)... he will have made himself a target.
Delete the files of the wrong person, and he might end up with a busted skull with his blood on the pavement.
Delete (or even delay access to) the wrong file and he might just kill somebody, too.
Even if he really wants his victims to read the ransomware rants, putting a time limit on this and deleting the files if the time limit is not met is stupid. Just leaving them encrypted and inaccessible until they've put in their time-as-a-slave to do his bidding leaves the incentive in place. Deleting the files after a time limit causes additional gratuitous harm.
Re: (Score:1)
Many businesses (especially SMB's) don't consider themself a realistic target for ransomware. It is these same types who assume recommendations of educating users on the dangers of ransomware and its methods of delivery, having appropriate policies in place to mitigate prevention, having backups (not "I sometimes backup my two decades old payroll software to a thumbdrive but sometimes I forget to put it in the coffee mug after") or even having a god damn anti-virus that isn't appended with "Free" are just b
Re: (Score:2)
Perhaps it should appear a bit later in the course. They seem to forget by session 102.
At the same time it might be worth explaining that now resolutions have improved beyond 640x480, expecting users to be able to click on a window border 1 pixel wide is unrealistic. - Or are GUI developers stuck with 640x480 resolution for some reason I don't understand?
Re: (Score:2)
What an idiot he is by making light of the issue of Ransomware by getting into the news without even releasing a product. We should set his balls on fire.
Fuck it (Score:4, Funny)
Just delete my files, I'm not going to sit down and let a computer lecture me.
Send it to DNC please (Score:2)
Either they will finally educate themselves about computer security. Or their e-mails and stuff will get erased, which is probably for the best given how embarrassing it is whenever we get a look at it.
Should have at least used a weaker encryption (Score:2)
Clever idea, but dangerous (Score:2)
While this is unethical and dangerous to release to the wild, it is somewhat comical in that it encourages user to educate themselves on safe browsing practices.
It won't work, people will still lose files, and they will get angry, but it does bring up a good point...How do we educate the general public on safe browsing?
The average user won't go out and educate themselves. They might pick up a little if they get burned, but that's unlikely. This method forces them to stare at a screen and "read" the article,