Sneaky Blackmailing Virus That Encrypts Data

← Back to Stories (view on slashdot.org)

Sneaky Blackmailing Virus That Encrypts Data

Posted by timothy on Thursday June 5, 2008 @09:57AM from the ouch-and-double-ouch dept.

BaCa writes "Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"

20 of 409 comments (clear)

Min score:

Reason:

Sort:

But were they smart, or stupid? by pclminion · 2008-06-05 09:59 · Score: 5, Interesting

Question is, does the encryptor rewrite the data in-place, or just encrypt to a new file then delete the original? If the latter, the data is still recoverable with a simple undelete utility.
1. Re:But were they smart, or stupid? by Anonymous Coward · 2008-06-05 10:14 · Score: 5, Insightful
  
  Does it matter? I have backups.
  
  And how often do you roll through your backups? Will you notice the encrypted files in time, or will you end up backing up the worthless files instead?
  
  I have plenty of important files which I don't look at very often. It might take months before I realize they are corrupted -- and by that time, I've overwritten the last valid backup with the encrypted stuff.
2. Re:But were they smart, or stupid? by severoon · 2008-06-05 10:52 · Score: 5, Insightful
  
  I would happily contact the criminal and send them $1 after working with my bank and law enforcement to set up an account trace to see where the money goes and who ends up with it.
  
  --
  but have you considered the following argument: shut up.
3. Re:But were they smart, or stupid? by Cajun+Hell · 2008-06-05 10:53 · Score: 5, Funny
  
  if this virus becomes really widespread, the malware author could create a rouge anti-virus program
  
  But a crimson anti-virus program can detect a rouge one.
  
  --
  "Believe me!" -- Donald Trump
4. Re:But were they smart, or stupid? by Threni · 2008-06-05 11:08 · Score: 5, Insightful
  
  > I would happily contact the criminal and send them $1 after working with my bank and law enforcement to set up an account trace to see
  > where the money goes and who ends up with it.
  
  Yeah, because they'd never have thought of that.
5. Re:But were they smart, or stupid? by Opportunist · 2008-06-05 11:14 · Score: 5, Informative
  
  Allow me to tell you how the money trail on this works:
  
  You are asked to send money through Western Union or some other provider that doesn't check your ID for amounts smaller than a few thousand USD. Then they send some bum to one of the thousand WD offices, somewhere on this planet, with the withdrawal code. And only once they get your money, you get your decryption key.
  
  So, now you know where the money ends up, and why police can't do jack about it.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:But were they smart, or stupid? by Duncan+Blackthorne · 2008-06-05 11:26 · Score: 5, Informative
  
  And only once they get your money, you get your decryption key.
  
  "And only once they get your money, you don't get your decryption key."
  
  There, fixed that for you. :-)
7. Re:But were they smart, or stupid? by Niten · 2008-06-05 11:54 · Score: 5, Interesting
  
  He did say "good corporate citizen", so if you are not paying for it, you obviously have something to hide and should be reported.
  You may think this is just a joke, but when my second college roommate saw me using an unfamiliar operating system, he naturally started asking me about it. "What's it called?" "Red Hat Linux." "How much does it cost?" "Nothing, it's free." He freaked out: "Oh my God, how can that be legal? That could cost Microsoft so much in lost profits! That should really be illegal..."
  
  The worst part? He was a business major, an honest-to-goodness PHB in training...
8. Re:But were they smart, or stupid? by computerman413 · 2008-06-05 12:01 · Score: 5, Informative
  
  No, Western Union discontinued telegrams 2 years ago
9. Re:But were they smart, or stupid? by Anonymous Coward · 2008-06-05 13:08 · Score: 5, Funny
  
  anyone with half a brain will not give out their bank account details when blackmailing someone. I beg to differ. Prince Omadeke has been very forthcoming with all the bank details, officially signed documents, and necessary guarantees to ensure our secret transaction is carried out according to all successful modalities.
10. Re:But were they smart, or stupid? by RexDevious · 2008-06-05 13:59 · Score: 5, Funny
  
  Wait a minute... Western Union has absolutely nothing in place to flag illegal payments? You can't fill out the form saying the money is for blackmail?
  
  Jeez. If not - I'd fill out the form saying the payment was to help Osama Bin Laden buy some Yellow Cake Uranium-flavoured rolling papers that had pictures of Child Porn on ons side, and copy written Metallica lyrics and Vista Activation codes on the other. Surely one of our many country's many Big Brother Agency would ensure the black mailer had a quick career change.
11. Re:But were they smart, or stupid? by silvalen · 2008-06-05 18:01 · Score: 5, Funny
  
  HAMMER TIME.
Is this the future? by Anonymous Coward · 2008-06-05 10:01 · Score: 5, Funny

Is this a look into the future where the majority of malware will function based on extortion?

I don't know! Stop asking me those questions all the time. Is it obligatory to end every blurb with a question, or what?
They think they're pretty clever. by Anonymous Coward · 2008-06-05 10:02 · Score: 5, Insightful

The fundamental problems with hairbrained schemes like these is that the money has to change hands somehow, and there's a fundamental trust issue. First, if money gets transferred to you then you are susceptible to being caught.
The trust issue is that there is fundamentally no reason for the person receiving the money to follow through and send you the private keys to decrypt the data. If it was a known person, they'd be arrested, and since they're unknown there is no "reputational" factor that would make people more likely to pay based on the experience of others.
Just another moron criminal scheme from some douchebag who thinks he's found a get rich scheme. Just like other "genius" criminals, the fact is that the professionals in the field are smarter than the criminals.
This has been done before by mrbill1234 · 2008-06-05 10:03 · Score: 5, Informative

This same thing happened in the late 80's (or maybe early 90's). Some hackers mailed a 5.25 inch floppy with some "free" software on it to thousands of people around the world. When you installed the software, it would hijack your PC and encrypt various files and you had to pay a ransom to get it back. There was a EULA and everything with the disk (which of course nobody read) which made it clear what would happen if you installed the disk. Perhaps someone can remember what it was called.
1. Re:This has been done before by Daimanta · 2008-06-05 10:09 · Score: 5, Funny
  
  MS-DOS 6.22
  
  --
  Knowledge is power. Knowledge shared is power lost.
All your dataz by Anonymous Coward · 2008-06-05 10:08 · Score: 5, Funny

Joe User: Someone set us up the encryption. We get no data. Readme file turn on.
Jack Hacker: How are you gentlemen? All your data are belong to us.
I got infected by this virus by Anonymous Coward · 2008-06-05 10:21 · Score: 5, Funny

My computer was infected by this virus... luckily all my files were already encrypted so all it did was make plain-text versions of everything and leave me a file asking for a donation
Yeah, sure, *that'll* work.. by Duncan+Blackthorne · 2008-06-05 10:25 · Score: 5, Insightful

*ransom note received composed of random letters clipped from newspaper*

"We have encrypted your illegally copied music files. Put $5000 in unmarked bills in a plain brown paper sack and mail it to: RIAA Washington, D.C. no later than midnight tonight or you'll never listen to your music again"

..but seriously, folks, this starts to sound like some sort of wierd 419 scam. They're not going to decypt your files even if you pay them, and I'll bet you a whole DOLLAR that if you're stupid enough to contact them, they accept only CREDIT CARDS as payment. Chances are that the data isn't even really encrypted, it's just plain overwritten and GONE, copied over with gobbledegook random data, and you'll just get your identity stolen on top of never getting your files back. On the other hand they think they're being really clever, I'm sure, and the ones that think they're clever are usually the ones that get caught quickly and go to jail for a long, long time.
Oh please! We all know there aren't any REAL banks by falconwolf · 2008-06-05 12:06 · Score: 5, Informative

in Nigeria?

There are real banks in Nigeria, owned by the ruling ethnic group, that's where the billions of dollars from oil goes. The rulers get their money while those who live where the oil comes from, the Niger Delta, have to fight for scraps.
Falcon

--
Should there be a Law?