Slashdot Mirror

← Back to Stories (view on slashdot.org)

Extortion Virus Code Cracked

Posted by ryuzaki0 on from the unlock-your-stuff dept.

Billosaur writes "BBC News is reporting that the password to the dreaded Archiveus virus has been discovered and is now available to anyone who needs it. Archiveus is a 'ransomware' virus, which combines files from the My Documents folder on Windows machines and exchanges them for a single, password-protected file, which it will not unlock unless a password is given. The user would normally be required to pay the extortionist money in order to receive the password, but apparently the virus writer made one small, critical error in coding: placing the password in the code. BTW, the 30-digit password locking the files is mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw."

10 of 371 comments (clear)

  1. Just wait... by hanssprudel · · Score: 5, Insightful


    Next time it will be a virus writer who knows about public key cryptography, and then you'll just have to pony up the dough... (or you could stop getting your computer infected with malware in the first place.)

    1. Re:Just wait... by Beryllium+Sphere(tm) · · Score: 5, Insightful

      >(or you could stop getting your computer infected with malware in the first place.)

      Backing up your data would also work.

      Notice how much this virus is like a proprietary file format? You can't get at your own data without paying for a license to the proprietary reader.

  2. hold on... by joe+155 · · Score: 4, Insightful

    you mean that when they pay up the people actually let them get their files back? you would think any criminal would just delete them, say that they would give them back and then just take off with the money; they are already breaking the law, whats another one added to that? I wonder if this will now work like it should in the perfect open source community though, a bug is found, someone patches it, the new stuff is available within the day, maybe even better than before?

    --
    *''I can't believe it's not a hyperlink.''
    1. Re:hold on... by venicebeach · · Score: 4, Insightful

      you mean that when they pay up the people actually let them get their files back? you would think any criminal would just delete them, say that they would give them back and then just take off with the money; they are already breaking the law, whats another one added to that

      If you don't give the files back you remove the incentive for other infected users to pay up.

    2. Re:hold on... by ThePyro · · Score: 3, Insightful
      If you don't give the files back you remove the incentive for other infected users to pay up.
      But that assumes that other infected users are collaborating (how else would you hear about the deletions?). And if they were collaborating then they could just share the password (like what has just occurred in this article), and the money dries up anyway.
  3. Consider this a warning by Anonymous Coward · · Score: 4, Insightful

    If you are still betting on antivirus companies to keep you safe, you should consider this a warning. There is no technical reason why the password should be recoverable. Had the author used strong public key cryptography instead of a symmetric cypher, there would be no way to get the key without the help of the virus author. The only way to be safe is to not get infected and that means you have to use your brain.

  4. If it's the same password... by Nom+du+Keyboard · · Score: 5, Insightful

    If it's the same password for every infection, wouldn't it be likely that the first victim who actually paid for it would then release it to the wild to screw-over the extortionist ASAP?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  5. From the TFA by BaltikaTroika · · Score: 5, Insightful

    The most interesting part of TFA: "Victims are only told the password if they buy drugs from one of three online pharmacies."

    Are online pharmacies so unregulated that criminals can extort people as a means for advertising?

    Wow.

    1. Re:From the TFA by geoffspear · · Score: 3, Insightful

      If they can get away with illegally selling prescription drugs without a prescription and sending out billions of emails advertising the fact (as well as hacking PCs to use as zombies to send out said emails), they can probably get away with a little extortion on top of it.

      --
      Don't blame me; I'm never given mod points.
  6. Arrest? by crossmr · · Score: 3, Insightful

    Has this guy been arrested? It shouldn't have taken a genius law enforcement officer to make a payment for this and track it and then pick the guy up?