Slashdot Mirror
Sneaky Blackmailing Virus That Encrypts Data
BaCa writes "Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"
Seriously. In order for extortion to work, money has to change hands. Money can be traced, easily (don't believe what they say about Western Union). This is a great way to track down and capture the people who are spreading the virus. And the people whose files are encrypted could as easily have seen those files deleted, or worse. So it's no difference to them, except that they now have a hand in putting a crook behind bars.
The virus tossers are actually making their situation worse by turning to extortion. But they weren't all that bright to start with.
The trust issue is that there is fundamentally no reason for the person receiving the money to follow through and send you the private keys to decrypt the data. If it was a known person, they'd be arrested, and since they're unknown there is no "reputational" factor that would make people more likely to pay based on the experience of others.
Just another moron criminal scheme from some douchebag who thinks he's found a get rich scheme. Just like other "genius" criminals, the fact is that the professionals in the field are smarter than the criminals.
... or from handy backups...
besides... do you really expect to get your data back after a hack like that? you're system is hosed, any correspondence with the malware author is only going to lead to more loss.
you got pwnd, restore from backup, call the FBI if you're a good corporate citizen and have nothing to hide. Otherwise, get a Mac.
Does it matter? I have backups.
And how often do you roll through your backups? Will you notice the encrypted files in time, or will you end up backing up the worthless files instead?
I have plenty of important files which I don't look at very often. It might take months before I realize they are corrupted -- and by that time, I've overwritten the last valid backup with the encrypted stuff.
Fear, and adware. For example, if this virus becomes really widespread, the malware author could create a rouge anti-virus program that promises to get rid of it, and might even get rid of it, the downside is, it infects the host machine with adware giving the author $$$. Otherwise he can simply modify the script to not only encrypt it but add some adware into there. If you have root, there isn't much you can't do.
Taxation is legalized theft, no more, no less.
"We have encrypted your illegally copied music files. Put $5000 in unmarked bills in a plain brown paper sack and mail it to: RIAA Washington, D.C. no later than midnight tonight or you'll never listen to your music again"
I would happily contact the criminal and send them $1 after working with my bank and law enforcement to set up an account trace to see where the money goes and who ends up with it.
but have you considered the following argument: shut up.
> I would happily contact the criminal and send them $1 after working with my bank and law enforcement to set up an account trace to see
> where the money goes and who ends up with it.
Yeah, because they'd never have thought of that.
Okay, it might be. Imagine it repeating the process on many files, each time a new file is written it may fill the space of the last deleted one. This also depends on the file system, OS strategy, file sizes, etc.
Using an undelete utility means you risk recovering many corrupt files. That may be better than nothing or sending money to a malware author, which as much as I hate to say it may legitimately be classed as "funding terrorism".
So? Do you really think the CIA cares where your money goes if it doesn't go to them? Or that they'd blow their cover just to save your 5k bucks?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
you got pwnd, restore from backup, call the FBI if you're a good corporate citizen and have nothing to hide. Otherwise, get a Mac.
Getting a Mac will help for a while, but as more people switch to Macs malcontents will target OS X. And while it's more secure it's not totally secure, nothing is.
Falcon
Oh, and I'm not an MS fanbous, my desktop PC's OS is Linux and the laptop I'm typing this on is a MacBook Pro.Should there be a Law?
That particular brand of Kool-Aid is served in a lot more places than Redmond...
[b.belong('us') for b in bases if b.owner() == 'you']
I hope you promptly yelled "WHAT THE FUCK IS WRONG WITH YOU?!" and slapped some sense into him.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Most people aren't going to have more than a hundred gigs or so of storage in their computer in the first place. Given a halfway-decent backup system -- one which uses hardlinks, as I mentioned before -- and yes, the OS might take half of the backup drive. It will not, however, need an additional half every incremental backup -- only every time the OS changes.
As most people aren't causing terabytes worth of change, it should be no problem to have many backups (as in, every day for the past few months) on a single, dirt-cheap external hard drive.
Don't thank God, thank a doctor!