Ransomware Making a Comeback

snydeq writes "Ransomware is back. After a hiatus of more than two years, a variant of the GpCode program has again been released, kidnapping victims' data and demanding $120 for its return, InfoWorld reports. 'Like the ransomware programs before it, GpCode encrypts a victim's files and then demands payment for the decryption key. The new version of GpCode — labeled GpCode.AX by security firm Kaspersky — comes with a bit more nastiness than previous attempts. The program overwrites files with the encrypted data, causing total loss of the original data, and uses stronger crypto algorithms — RSA-1024 and AES-256 — to scramble the information.'"

Backups

[coerciblegerm]

Simple solution: Back up your data. In other news, make sure you patch software and operating system vulnerabilities and don't run executables from unknown sources.

Re:Backups

[Rob+Kaper]

And mark your existing backups read-only. Although that might require an OS which wouldn't run this malware anyway.

Re:Backups

If your backups are simply on the same machine that you're backing up, you're missing at least 1/2 the point.

Re:Backups

[txoof]

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution. The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure. An external drive provides absolutely no protection from any kind of malicious attack or catastrophic disaster (flood, fire, theft). The only real backup solution is an off-site backup. Considering how cheap Amazon S3 is, off-site backups are finally a real solution for the average person.

Apple's Time Machine and Fly Back is a step in the right direction, but without a real off-site backup solution kiss your data goodbye, because when it falls into a river of molten rock, man, it's gone.

Re:Backups

[black_lbi]

because when it falls into a river of molten rock, man, it's gone.

Sounds like you learned that from experience. One of the cons of maintaining the data center for Sauron, huh? Hope the pay is good, at least.

Re:Backups

[vistapwns]

On top of that, I would add, run an OS with modern security features like ASLR and sandboxed web browser. Vista or Win 7, for Windows users.

Re:Backups

I hate to break it to ya buddy, but accidental deletion and hardware failure make up 100% of my data loss causes. Shocking, I know. You see, some people actually do patch their software and ensure their OS is up to date, and some people don't run executables from strange places.

Mounted, active storage is perfectly acceptable for backing up all but the absolute most critical of data.

Re:Backups

[wvmarle]

Exactly.

It makes me wonder how come this kind of scams still work, I mean everyone is backing up their data on off-line media, right? Right? Oh, wait...

Re:Backups

[wvmarle]

My data set is about 40 GB (gzipped).

Amazon et. al. while cheap and off-site and probably pretty secure would require encryption at least. I don't want unencrypted data there. Makes it a bit more cumbersome.

The killer is going to be the upload. I've 2 Mbit up, uploading my data set to Amazon would saturate my pipe for about 55 hours straight. And that's a show stopper.

I'm slowly looking for 64GB USB drives. They exist but the local shop has only 32 GB, so have to look further. That's a much easier solution than Amazon.

Re:Backups

[Belial6]

So, you want to lecture people on how bad it is to use a simple and inexpensive device to protect against 99.999% of the problems they might need a backup for? Instead you want them to send their data to Amazon over a network connection that may not be fast enough to even keep up with the data changes on their drives.

It doesn't sound like you are doing them any favors.

Re:Backups

[txoof]

Jungledisk, one of several S3 clients, offers several encryption options. It's a pretty decent service but lacks robust logging.

Re:Backups

[ArsenneLupin]

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

You know, malware is not the only threat to data. There's also hard disk failures, and human error. "Always-mounted" external disks protect against both.

WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution.

... and even if you are concerned about "always mounted" being vulnerable to malware, you can always keep your drive securely stashed away, and only connect it once a week to do your backup.

The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure.

Which is already quite useful. Even though we like to scoff at windows users, most malware is not interested in trashing user's data, and anti-virus programs still manage to catch most malware (if one is installed).

...or catastrophic disaster (flood, fire, theft).

... which are quite rare compared to the more usual failure modes (hard disk failures, or accidentally deleted the wrong files).

Considering how cheap Amazon S3 [amazon.com] is, off-site backups are finally a real solution for the average person.

You've got to trust Amazon to respect the privacy of your data.

Re:Backups

[hairyfeet]

Actually I'm in one of the "test markets" for the new caps which will be 36GB for home and 76GB for business, so S3 won't be an option for anyone but businesses much longer. For my customers that need reliable backup on the cheap I actually recommend the WD Essentials, but I recommend TWO drives, one for home and one for work. Once a week they switch them, so at the absolute worst they are looking at a two week loss max instead of a complete loss.

As much as I'd like to be able to have backups all sent to Stone Mountain daily, many folks just don't have that kind of money. So the WD drives or even a couple of flash drives backing up their work is better than nothing. It would be nice to just shoot everything on to S3, but at $1.50 a GB when you go over it simply isn't a valid solution for those of us living with caps.

Re:Backups

[wvmarle]

The primary show stopper for me is the upload speed. It's just too long. I had a quick look at it; Amazon is looking at the TB range for storage and the GB range for transfers. Most of the charges are for transfers, not for storage.

When you have a 100 Mb pipe to the Internet, yes then it's getting interesting. 1 GB then takes you 1 1/2 minutes, instead of over an hour it takes for me. For your average home connection it's worse, for those people it's simply not an option. To me it seems mainly targeting mid sized companies: large enough to produce a lot of data that they want to keep archived really well, not big enough to want to invest in special equipment like tapes, drives, and safe storage facilities (tape safe; preferably off-site increasing cost even more due to physical transport).

Re:Backups

[the_womble]

If your PC gets stolen or destroyed and you have a backup on an external hard drive that is stored safely off-site, how are you not protected?

Re:Backups

[starsky51]

That's more of a preventative measure than a solution. Try telling some student that has lost all of his college work that the solution is to go back in time and backup his files.
Unfortunately, the only solution in this event is to pay $120 to the crooks.

Re:Backups

Provided that (okay, far fetched):

* the OS security works and attacker can't get root/admin rights.
* you actually take advantage of that and your normal account doesn't own the backups.
* your computer has two physical drives and the backups are not on the same one where the data is.

Then, where's the missing 1/2?

Re:Backups

[jimicus]

Virtually any respectable backup application will only ship changes up once the initial backup is complete. It'll saturate your pipe for a few days, but once it's one it's done. After that, it's really not too bad.

Re:Backups

You've got to trust Amazon to respect the privacy of your data.

Or TrueCrypt

Re:Backups

[imakemusic]

My brother bought a large external hard disk and moved all of his data on to it in order to re-format his computer. He then stood up, walked away from his desk, caught the cable around his foot and launched the disk at the opposite wall. Bye bye data.

Re:Backups

[aclarke]

It seems to me that you're making far too big of a deal of the time to upload your files. I currently back up about 175GB to Amazon S3 via Jungledisk, and I only have a 600kbps uplink. Granted I did a lot of the initial backup from a client's office with a 10Mbps uplink, but that was also 3 years ago and I've been keeping the backup current from my home internet connection ever since.

Jungledisk uses differential copying, so once you have your original data up there it only needs to copy the changed parts of a file. It's very likely that once your data is backed up for the first time you'll never notice the slowdown on your internet connection. You'll be able to pretty much back up all your data within a weekend. I fail to see what the problem is here. It took me probably a month, but JungleDisk handled it just fine. And, it's backed up off-site now.

Re:Backups

[txoof]

Any realistically reliable backup process for home users can't depend on the user doing something daily/weekly such as swapping media. That's a realistic option for people that are very process oriented, or for a business situation where it's your job to swap media. For home users, it's unrealistic to expect people to swap media when they're hardly motivated to install regular system updates.

A solution that maintains its self and is off site is by far the best option. As far as the complaints about slow connections, a few days of saturated connection is hardly a large price to pay for having your data off site. Once the initial backup is done, incremental backups are typically trivial. My daily average is about 4MB. Occasionally I have to jam up a few gigs of photos and it takes all day, but I'm willing to suffer that by scheduling the backup for 3:00am.

Re:Backups

[arndawg]

Flame much? NTFS permissions is far better than standard unix-modes and is very flexible. Most linux distros require you to manually install ACL to get something like that working. And then you might have to recompile applications so that they will be aware of the ACL feature.
ALSO: Backups should be offline and in multiple locations.

Re:Backups

[Inda]

55 hours!?!?!? *heh*

I remember downloading a metric ton of 1.44mb files back in 1998. 56k was fast back then and 55 hours to fill my expensive HDD was the norm.

GOML.

Re:Backups

[Bert64]

The problem with remote backup, is the bandwidth requirements...
Most home users have extremely poor upstream connectivity, so uploading all your data to a remote server is not a terribly practical idea.

I use an external (wireless) networked drive to backup my laptop, so whenever i'm at home it gets backed up automatically... This has saved me from hardware failure and would potentially save me from theft if someone stole my laptop (they are less likely to find the wireless drive which is hidden away in the loft, plus the laptop is more likely to be stolen when its not at home).

Even offsite backup is not foolproof against malicious attack, your machine has to send the data to the offsite system which is storing the backups, a malicious attacker could modify the backup process to write garbage without you noticing..
Also with many remote backup setups, you will typically administer the service from the same machine so again a malicious attacker could steal your login details to the backup service and remove/corrupt the data you have stored there.

Re:Backups

[Opportunist]

Most of "real life" data loss is due to, you guessed it, accidental deletion and hardware breakdown. At least in my experience. Granted, it's been a while since I was employed as helpdesk, but there has not been a single case of malicious deletion, malware related data corruption or other intentional data tampering that would have affected locally accessible and write enabled backups.

Of course offsite backups and the like are important for companies who would be very liable for it if their data was gone. Their data goes poof, they go poof. If for nothing else than because they'd be shut down. So they invest in offsite backups, because even the insignificantly tiny chance of disaster striking (fire, flood, a river of molten lava carving its path through your office...) is big enough that you do NOT risk your company's existance because you can save a few bucks.

But for Joe Average and his porn collection?

Re:Backups

[Opportunist]

40Gig could be stored on a big USB stick (yeah, yeah, not really a good backup solution... spare me that). And that USB stick could be taken with you, so it won't get any more "offsite". If you should die in a fire, I guess the data loss (because your USB stick is dying in your pocket in the same fire) should be your least problem. :)

Re:Backups

[LordSnooty]

The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure.

Fortunately these are by FAR the most common data loss ailments that will hit your average clueless user. Off-site is just overkill for most. Fire is not something that most people experience in their lives. A hard disk crash, however, is. And accidental deletion most certainly is.

Re:Backups

Believe it or not, I just came to the same realization the other week.

I keep multiple backups on two separate memory sticks and three separate laptops. And the other night I realized: all five copies of my data were in the same building.

So I've started spreading data between my apartment, my remote server, and other locations. I just felt like such an idiot.

Re:Backups

Simple: Backup to external drive, take drive to off-site location. Next trip, backup to 2nd external drive & take to off-site location. Take 1st drive back on return trip. Repeat.

Re:Backups

I currently have around 50GB backed up with Mozy, yes the initial backup took quite awhile, but now it's unnoticable. (Also is smart enough that when I rebuild or buy a new machine, it sees the files that it already has backed up and doesn't try to re-upload them) I've been pretty happy with it, for $5 worth it (mainly for family pictures which largely exist only digitally). Then I use Acronis to image my machine once or twice a year (or sooner if there's some major change to my machine)

Re:Backups

[McTickles]

Amazon S3 isn't cheap, it comes at the cost of your freedom.

Re:Backups

[Cato]

Upload time is not a big deal - I have about 30 GB uploaded to Mozy, over a 0.5 Mbps upload link. The main thing is to ensure the upload doesn't completely hog your upstream bandwidth, and that subsequent backups use block-level incremental technology, so only the actual data changed is sent.

Mozy and other online backup services are very effective, in addition to a local full system image (ideally to another server not a USB hard drive.) A USB flash drive is not very useful for backup, as it's far too easy for it to be stolen or damaged compared to an online backup - more useful to get a large hard drive and put that in another PC or server, then do a full system image to that.

Re:Backups

[sco08y]

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution. The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure. An external drive provides absolutely no protection from any kind of malicious attack or catastrophic disaster (flood, fire, theft). The only real backup solution is an off-site backup. Considering how cheap Amazon S3 is, off-site backups are finally a real solution for the average person.

Apple's Time Machine and Fly Back is a step in the right direction, but without a real off-site backup solution kiss your data goodbye, because when it falls into a river of molten rock, man, it's gone.

They're cheap enough to buy several of them and swap them out periodically.

If you have enough crap to justify using public storage, it makes a lot of sense. And, frankly, no amount of encryption can beat simply not transmitting that data.

Re:Backups

[CFBMoo1]

There's an easy solution to the always on thing. Show them where the power button is after they're done with a backup/restore. External hard drives make great backup mediums, its just how they are used after pushing/pulling data that can make or break the backup.

Re:Backups

[Cato]

Antiviruses catch only a declining percentage of malware, so you can't rely on them - see http://en.wikipedia.org/wiki/Antivirus_software#Effectiveness which shows that even in 2007 the average percentage caught was about 50%. Various independent tests confirm this, particularly for zero-day viruses (i.e. you must rely on heuristics in the AV product, not signatures). In 2007, 23% of infected PCs had up to date antivirus: http://www.pandasecurity.com/infected_or_not/ and http://www.pandasecurity.com/infected_or_not/panda_security_research/

Even when there is coverage for a specific virus/trojan, highly polymorphic ones are often not caught - for example the Zeus banking trojan, which steals from bank accounts while hiding the illicit transactions and resulting balance from the user, is missed in 77% of cases - http://www.darkreading.com/security/article/220000718/index.html

Re:Backups

[WrongSizeGlass]

It comes with a great benefits package including shorts & tee-shirt dress code and all the ice tea you can drink!

Re:Backups

[RoverDaddy]

I was going to say the same thing. In over 30 years of dealing with computers, my instances of data loss, sorted by frequency, are 1) Accidental deletion, 2) Hardware failure, 3) there is no #3. The closest I've come to data loss by malware is when I encrypted some data myself and lost the key. I've never had a 'catastrophic disaster', ever.

When I was once responsible for a business computer network, of course we had tape backup and off-site storage, even for the fairly small operation we were. For my own needs, I create DVD backups of the most important data, but have yet to extend the protection to off-site storage (see above).

I think the GP is being a little hard on external drive solutions considering they probably protect against 99% of likely losses (and 100% of mine). And a simple habit like -turning them off- when not in use could extend their ability to protect against malware.

Re:Backups

I'd say 56k was average rather than fast by 1998 - I was using 128k ISDN at the time, and the following year I had 1Mb ADSL (which was a pleasure at the time, we paid double for the business package but since we lived in a residential area the contention rates were a dream, we must have been the only people using it - I went from download speeds of maybe 50k/s on a good day to hitting speeds of 750/800k/s... I sometimes don't get that now on 10Mb cable!

Re:Backups

[delinear]

How does that work with incremental backups, though? Does that mean if you have 50GB of encrypted data, you would need to upload the entire 50GB every time you change a single file?

Re:Backups

[Junior+J.+Junior+III]

The killer is going to be the upload. I've 2 Mbit up, uploading my data set to Amazon would saturate my pipe for about 55 hours straight. And that's a show stopper.

Only for the initial upload. Where I work, we have about 10-12TB of data and do a full weekly backup to LTO3 tape over gigabit ethernet and fiber channel. It takes about 55-60 hours to run, which we live with, because we have to.

Chances are, much of your 40GB isn't essential data. Don't back up your pr0n and mp3 collection, and just concentrate on important files like your taxes, family photos, and so forth, and it becomes much more reasonable. If you really do have 40GB, biting the bullet and waiting the 60hrs for a full backup isn't so bad if you only have to do it once; run incremental updates thereafter, and they'll take considerably less time.

Re:Backups

[wvmarle]

I understand what you do there. Two problems I have with it:

1) Data that is stored "out there" is to be encrypted, before it's sent out. Do updates work that way in the first place? You can not decrypt data while it's out - storing your decryption key out there with your data pretty much beats the purpose.

2) Archiving. I prefer to keep at least four monthly backups. So if one backup is broken likely the other three are still OK, and against accidental deletion that is found out about only much later.

Re:Backups

[wvmarle]

Exactly, my idea too.

I was more thinking of taking that stick back home, have four of them or so, and rotate. Losing office and home (about 10 km apart) at the same time is not likely.

Re:Backups

[fuzzyfuzzyfungus]

Local mounted backups are definitely suboptimal; but they do protect against single drive death and nonmalicious accidental deletion, which are two major categories of threat, at essentially nominal cost. Any idiot who thinks in some simple binary "safe"/"unsafe" terms has it coming when something nukes every local drive; but that is rather rarer than having a single drive catch a nasty case of being horribly dead.

In any case, unless Joe average wants to enter a password and/or RSA token code every few hours, off site backups are going to be accessible with either passwords or keys stored(probably in one of a small number of known locations, depending on the backup software in use) on Joe's machine. Against malice, any fully automated offline backup is, essentially, a local, always mounted, backup volume. Any offline backup that isn't fully automated will, within weeks or months, stop being used; because Joe is lazy.

Still nice in case of house fires, thefts, wanting to restore a fresh laptop when your old one falls under a bus while travelling, etc; but unless your remote backup requires manual authentication, it is essentially "mounted" for the purposes of an attacker...

Re:Backups

[wvmarle]

Yes that is important data.

Some 25 GB is my e-mail archive - about 8 years of mails, lots and lots of attachments. Some 5 GB personal photos. A little bit of software that I wrote. And the rest is my documentation (invoices, contracts, finances, etc).

Oh and a bit for my ldap database with all my customer's and supplier's contact information, the /etc tree, and some other system bits to make re-install easier.

Re:Backups

[JambisJubilee]

Considering how cheap Amazon S3 is, off-site backups are finally a real solution for the average person.

Wow, how do you figure that cheap? Am I missing something? From the calculator on their site it looks like making a 250GB backup would cost you ~$50 the first month, and then ~$25 thereafter (assuming you could do an rsync style backup and your data doesn't change much).

And you ever need to get that 250GB back, it's gonna cost you $40 just to download it!

No thanks. For the cost of one month of service I could buy a TB drive and do it myself

Re:Backups

Wikileaks recently found out how cheap Amazon S3 is. If they won't blink at screwing their larger customers, think about what they do to no name shits like you or me.

Re:Backups

[Lilith's+Heart-shape]

I bet you were told not to come between the Nazgul and his pr0n pretty often.

Re:Backups

[noidentity]

That is, treat this kind of ransomware as any other unexpected data loss. It's similar to disk failure, where you could send it to a data recovery company, and pay at least $120, and still not be guaranteed of recovering it all. Or just back it up, and have it protected from all sorts of corruption, accidental deletion, etc.

Re:Backups

[mcgrew]

And mark your existing backups read-only. Although that might require an OS which wouldn't run this malware anyway.

Oh, you can easily mark files read-only in Windows, always could. The trouble is, it's as easy for malware to re-mark them as read-enabled. As others have said, keep both onsite and offsite backups.

Re:Backups

You've got to trust Amazon to respect the privacy of your data.

Not necessarily. That's what encryption's for.

Re:Backups

[txoof]

How does that work with incremental backups, though? Does that mean if you have 50GB of encrypted data, you would need to upload the entire 50GB every time you change a single file?

Jungledisk can do file level encryption on the fly. This probably isn't a great solution if you're dealing with something like 50GB truecrypt volumes.

Some S3 clients (jungledisk) can send up only the changed parts of files. Of course, if a huge chunk of the 50G has changed, then you're boned. If you are regularly changing huge files of that kind, then another backup solution is probably better suited for you than S3. Either that, or a really fast connection.

Re:Backups

Is your brother The Hulk?

Re:Backups

[yodleboy]

It all depends on what you're protecting against. Data loss from "accidental deletion or hardware failure" is a much more likely event for most people than a fire or flood. For those things an external drive is a perfectly reasonable, relatively cheap and effective way to backup data. Then again very few people I know actually bother to backup, they just cry to me after they lose everything. Far better to have that external drive storing your crap than to just skip backing up because it's "too much work"...

Besides, in the event of a fire or other catastrophe all i need to do is snatch my external drive from on top of my PC on my way out the door and years of pictures, documents, projects and anything else I'd freak out about losing is in my pocket and on its way to safety. let the PC burn, I know my stuff is recoverable. And yes, that's part of our home emergency plan, grab kids, let pets out, wallets, phones and external drive and run for your life. Now that I think about it I need to put together a new go bag. I see too many news stories this time of year where people have only the clothes on their back.

Re:Backups

[mcgrew]

The hours are good. But now that you meantion it, most of the minutes are pretty lousy. RESISTANCE IS FUTILE!!!

Re:Backups

[dfgchgfxrjtdhgh.jjhv]

why can't you just encrypt the diff files & upload those?

Re:Backups

[aclarke]

Jungledisk will encrypt your files on your computer, with your private key. Your private key never gets sent to Jungledisk, so I believe that answers your first concern.

I'm just not sure if Jungledisk can do differential updates when you're encrpyting your files. I am not using their latest products so I'm not sure. A lot of the data I'm storing is just my iPhoto library so I am not encrypting that. That's the only potential problem I see for you, if you are changing large files very often and the differential copy is incompatible with encryption.

Jungledisk has very extensive archiving features. They've thought of that already.

Dropbox is also a good solution that might do everything you need. I mean this in a good way, but you want what a lot of people want, which means that there are several companies who provide it.

Re:Backups

Either that or disconnect the back-up drive when not doing a back up or restore. An always connected external is no safer than an internal drive, but if you disconnect the drive, and store it in a fire-resistant safe,it's more secure than any cloud based service, which is only as good as their laziest admin. You control it and only have to really worry about a fire, which really isn't that common.

Re:Backups

You've got to trust Amazon to respect the privacy of your data.

No you don't.

Re:Backups

I'm a "serious amateur" photographer. My data set is about 500GB and doesn't compress much. Local backups with media rotation is what I probably need to be doing. I need to purchase a second drive to implement the rotation aspect...

Re:Backups

[Skater]

If I keep the private key, and my house burns down, aren't I then just as screwed as I would've been if I didn't have offsite backups in the first place? If I have another safe place to keep the key, why not just keep the backups there?

Re:Backups

[GameboyRMH]

Always mounted? That won't save you from an rm -rf / (or would a mounted fsck make the files hard to recover without taking as long as wipe?) I'm assuming you're running a highly secure *nix OS because otherwise, you're asking for it.

I back up my laptop, PDA(s), keychain flash drive, and my home server's boot drive to an encrypted disk on the server that's normally unmounted. As long as the box doesn't get broken into (good luck) and then someone does a dd -if /dev/urandom -of /dev/sdx it'll be safe. A lightning strike could cause me to lose the home server's boot drive but there's nothing really important on there anyways, it would just be a PITA to set up again.

My gaming desktop backs up to an unencrypted internal drive (I'm going to make it external soon and maybe encrypt it) that is normally unmounted. If I had gigabit ethernet in my house I'd put the drive in my home server, encrypt it and do rsync backups over the LAN like the other machines, but it has hundreds of gigabytes in use and would be painfully slow to transfer over 100mbps ethernet...

Re:Backups

[operagost]

I hate to break it to ya buddy, but accidental deletion and hardware failure make up 100% of my data loss causes.

Not tornadoes, hurricanes, earthquakes, floods, or fires in your area, huh?

Re:Backups

[walshy007]

just make the key the md5sum or sha1sum or whatever of whichever bitlength you need of a common passphrase you will always remember.

You lose it you can recreate what it was on a new machine with common checksum tools.

Re:Backups

[operagost]

You need to backup 40 GB every day? Or is that just your current full set? You can backup just new/changed files; if you must upload backup "blobs", at least make them differential backups and backup the full dataset just once a month. Taking three days to upload data is acceptable if you do it seldom.

Re:Backups

[operagost]

If you're still running something like Windows 9x that doesn't have ACLs, you probably are terribly concerned about the security of your data anyway.

Re:Backups

[Sancho]

The benefit of Jungledisk is that the backup is online. For very small amounts of data that won't change often (e.g. a key) you don't need to make backups as frequently, and you can use physical security to protect it. For example:

Store a copy of the key in a safety deposit box at your bank.

Or keep a copy on a USB drive that is on your person at all times.

Or come up with a scheme to regenerate your key.

Re:Backups

[aclarke]

Do you honestly need someone to explain this to you?

1. You don't have store a private key. You store a passphrase. If you can't manage to remember a passphrase, see point #2.

2. It's easier to store a piece of paper with a private key somewhere than it is to store a rotating pile of hard drives. Duh.

3. For most people, it's easier to sign up for an online backup service than it is to find a friend to peer bandwidth with, set up sftp, rsync, cron, etc. It's also easier to use an online service than it is to remember to back up your data regularly, ship the drives to your secure location, etc. While you're running around setting all that up, I already have my backups in place and running.

Re:Backups

[nomadic]

The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure

You mean the two most overwhelmingly common ways people lose data they need?

Re:Backups

Nope, and no robbers ever either.

Re:Backups

[TheOtherChimeraTwin]

The private key can fit on a cheap usb thumb drive, or even a piece of paper. You can put a copies of your key in your safe-deposit box, at your friends' houses, at your relatives houses, at your work and home. The key doesn't change frequently, so you aren't driving around swapping media.

Re:Backups

They are called removable for a reason jackass. Maybe you should tell them they should remove it and only plug it in when making a backup. But no, you are just an asshole with a big head a.k.a. a know it all. Give me a break, home users don't need to back up data everyday. FYI any online service cannot be trusted with your data either. FYI #2 they do make fire rated safes asshole, OFFSITE IS NOT THE ONLY SOLUTION. FU pompous liberal twat.

Re:Backups

[gnud]

Your private key can be stored in a bank box, or a small fireproof safe.

It's not convenient to store several years of backups in those places.

Re:Backups

I hate to break it to ya buddy, but accidental deletion and hardware failure make up 100% of my data loss causes.

Not tornadoes, hurricanes, earthquakes, floods, or fires in your area, huh?

He said hardware failure.

Re:Backups

[antdude]

Take those physical backups outside to somewhere far. :P I do that.

Re:Backups

[operagost]

If the backup data is physically located in the same area as the live data, it will likely also be destroyed.

Re:Backups

[commodore64_love]

Why is Amazon's pricing higher for Northern California residents?

The last guy who tried to extort money from me - now lives in a coffin.
Just joking.
:-|

Re:Backups

[hairyfeet]

Well considering at $1.50 per GB we are talking probably $180+ for the initial backup, plus another $30 for subsequent backups, plus another $300 if you actually need to use it? Not really a real option IMHO. I am lucky most of my customers are owners of small businesses, so it really isn't hard to get them or one of the workers to bring the drive in a briefcase. With only 36GB residential it really don't take long to burn through the cap with regular use. Add in trying to offsite backup and I hope you got a nice checkbook.

But for all this talk of offsite backups it really doesn't change the fact that for home users, especially if you already have them set to autoupdate along with a good AV with sandboxing like Comodo, that far and away the biggest losses aren't from some fire or malware, but hardware failure or user error. By having important folders backed up using previous versions in Windows 7, along with both disc image and file based backups, I've found the vast majority of "OMG! My stuff!" situations are all taken care of. With the business users too much of the data is important, either for taxes or records, that moving a portadrive or a large flash is the best way for those without the budget for a regular offsite backup regimen. For the home users as long as you get the pics and the docs they are happy, so even a GMail drive with a WD Essentials for disc imagining takes care of the problem.

In the end it is looking at what they can afford, what can realistically be done, and what gives them the most bang for the buck. But if my source is right and the caps being tested here roll nationwide? Yeah you can give up on using "cloud" based services when you only have 36GB for home use and 76GB for business with $1.50 per GB over. At those prices regular backups with something like Amazon will break you, hell it would be cheaper just to mail the data to your auntie in Cleavland.

Re:Backups

2. It's easier to store a piece of paper with a private key somewhere than it is to store a rotating pile of hard drives. Duh.

Really? I have a pile of hard drives on my desk. In the case of an emergency, I can just grab the disks. I don't even have to be "careful" in dong it. USB plugs come out easily enough that a quick tug will pull it out.

  I'd have to file a private key in a lock box, or at least a file. In the case of an emergency, I would have to go through my files to find the private key.

So, what kinds of emergencies do they each protect against? I can do either in the case of a hurricane, since I would get ample warning. I can probably do either in the case of a tornado warning, again, because there is some warning time. Same with floods. I probably could not grab the paper file in the case of an earthquake or fire.

Re:Backups

[davidshewitt]

If you want to encrypt stuff that you store on S3, try JungleDisk: https://www.jungledisk.com/

Re:Backups

[black_lbi]

Thanks, now I'll have nightmares thinking about what Nazgul porn might involve.

Re:Backups

[Opportunist]

again: If the stick in my pocket is in jeopardy because I am trapped in a burning building and about to burn to a pile of ashes, I don't give half a shit (or the cremated equivalent thereof) whether the stick dies.

Re:Backups

[Rick17JJ]

I keep a small external hard drive in my safety deposit box at the bank. I also keep an extra external hard drive at home. About once every other month, when I happen to be at the bank anyway, I open my safety deposit box and switch hard drives and bring the other one home. Only the smaller size external hard drives with fit in my safety deposit box. By switching the external hard drives in the safety deposit box, I avoid having to make an extra trip back to the bank to return the backed up hard drive.

With the other external drive at home, I back everything up much more often (usually about once a week). I do not leave the external hard drive mounted all the time.

If burglars stole my computer equipment, or everything was destroyed in a fire or flood, I would still have the off-site copy of everything. I typically exchange the external hard drive in my safety deposit box shortly after I have new photos from something like a family reunion or a fall color hike through the red rocks of Oak Creek canyon.

Re:Backups

[vakuona]

You can email your backup key to yourself. So you could have a backup key backed-up as it were.

Re:Backups

[caseih]

So what you are really saying is that a *single* external hard drive isn't a backup, which is true. But if a number of external drives are used in a rotation then I'd say that is a backup solution. And send an encrypted disk to a friend's house. And if you combine Time Machine with that you have both backup and an archive. I'd say it is cheaper and faster to do this than to rely on some cloud. That said, the cloud can certainly be a part of the solution, but I would not argue that the cloud is the only real backup solution.

In the case of this type of virus, a backup isn't what you need anyway. A corrupt file "backed" up to the backup is just as useless as it is on your computer's main drive. What folks need in this case in an archive. Backup is only good for restoring a failed drive. An archive lets you recover from file corruption, deletions, changes, etc. Two different but equally vital strategies.

Re:Backups

[Rich0]

I'm using sarab with some shell scripts to manage my backups to S3. Everything gets gpg encrypted before it leaves my PC, and backups are differential.

I'm backing up maybe 12GB of data, and the total space I'm paying for isn't a whole lot more than that. I run a full backup, then 8 weekly backups against each other, and then daily backups against the previous weekly. Then I start over.

Data transfer is the biggest expense - but even so I pay less than $5/month for the whole thing. I use their reduced-redundancy storage rate (the whole thing is already redundant) to save a bit.

The only advantage a commercial service might have besides convenience is de-duplication, if you trust them with your data. Since my data is encrypted prior to leaving my PC, there is no way on the S3 side to consolidate different backups.

The main reason I rolled my own was knowing that my data was secure. I get the daily sarab report via email, can check my backups from time to time if necessary, and I know that nothing leaves my server unsecure since I wrote the code. The last step before upload is gpg, so the risk of any kind of leak is pretty minor - I encrypt everything from data to metadata. Basically I create a local backup with sarab/dar, and then run the whole directory through gpg to create an encrypted copy, and use s3cmd to sync that up with S3 (which uses hashes to identify and upload modified files).

I have about 15Mbps outgoing, and those full backups can take a while. However, it isn't that big a deal since that happens once every two months.

Oh, don't count on getting more than 2-3Mbps up to S3 anyway - I don't know where the bottleneck is but I rarely can burst to them at my full link speed.

Re:Backups

Thanks for this insightful comment, now I don't need to answer the parent.

Re:Backups

[durdur]

It's the download time you should worry about. If you ever need to a complete restore from backup, I have heard horror stories about how hard/lengthy that can be, from some of the popular backup services. I think Amazon at least can ship physical disks to you, as a last resort.

Re:Backups

Why not script the volume to to disengage (umount), and then toggle the power over USB/FW? Solved!
(Yeah, that'd mean the drive maker would have to include that feature in the firmware. What a bother eh?)

You could by a 'cheap' A/C power switch that operates over ethernet and a drive enclosure that uses a hard power switch, leaving it on.

Re:Backups

[durdur]

Unless you are a much better photographer than I am, the data set that is worth archiving is much smaller than the set of pictures you took. I have a few decades of photos (digital + scanned negatives) and the raw stuff is huge but the "must archive" set, which I keep separately, is still reasonable.

Re:Backups

how about this http://iosafe.com/products-solo-overview

Re:Backups

[Trinn]

off-site backups are nice, and indeed can save you from a total failure of your security, but if you have any idea how to set up a network in the first place, this shouldn't really be a worry unless you are not picky enough about who else you let on, *and* happen to run software that is currently a major unattended malware target, which for whatever reason, linux and osx don't seem to be. Assuming your security doesn't become a problem (which with a decent firewall it shouldn't), the only other reasons for offsite are to hopefully sidestep any given local disaster; offsite doesn't even necessarily make your data more secure unless you're talking about offline offsite, which S3 very much is not, because with online offsite you're hoping someone else's security is good enough, their power conditioning is good enough, etc.

Re:Backups

[Trinn]

If a hurricane, earthquake or flood manages to take out my onsite backups, its likely taken out most of the onsite itself, and honestly, any data I have that is more important to me than the physical posessions in my home is already backed up in many places just because I want to have access to it everywhere I go, so I've replicated across a few cloud services and a VPS box. If we manage to get enough natural disasters to get rid of all of my data all at once then sure, I'll be a bit pissed, but I suspect I can reconstruct even that from what I know, considering about the most important data I can come up with are software and other things I've been writing and somehow far more important, my contact networks, my phone book and e-mail contact lists are about the most important data I have as a social creature in a networked world, but I suspect I could reconstruct even that if I manage to find a few of my friends post-disaster.

Re:Backups

[Trinn]

media collections are very much important data, especially rare/hard-to-find items, losing my media collection would be a rather serious inconvenience, and therefore to me does qualify for at least an on-site backup (at least of the audio, I want to buy enough space for video backup too but I just don't have the money)

Re:Backups

[lewiscr]

Pretty much, yeah. I have a similiar sized dataset, and just ran the numbers. The cheapest online backup I've found so far is $60/month for ~400GB, going up to $180/month if I fill up my 1.5TB disks.

At that price, I'm better off buying a fire safe, a hot-swap SATA bay, and a new 2TB HDD every month until I have enough disks to rotate them.

My data set is mostly photographs, music, and videos. Stuff that doesn't change once it's written to disk (aside from the occasional photo touch-up, usually done the same day). So I don't have to worry much about daily backups. Once a day, I could rsync the files to the backup disk, and never delete anything off the backup disk.

Re:Backups

[vux984]

because the AVERAGE user really doesn't want to mess around with downloading a 50GB backup, and then apply 200 diff files in sequence to reassemble their data after a crash??

Re:Backups

[RockDoctor]

And a simple habit like -turning them off- when not in use could extend their ability to protect against malware.

Depressingly though, we know that is too difficult for a significant proportion of users. Quite possibly, a majority of users.

Since someone else has done the Vogon Guard, I'll Marvin : "It gives me a headache to think down to that level."

Re:Backups

[AG+the+other]

Not yet. :-)

Re:Backups

[AG+the+other]

If anything happens that is bad enough to destroy both my work and home computers, 5 miles apart, I figure data loss will be the least of my problems.

Re:Backups

[commodore64_love]

Why is Amazon's pricing higher for Northern California residents?

Re:Backups

[Skater]

I picked yours but most of the responses fall into the "you still need some offsite backup capability" category, which was the point I was trying to make.

Re:Backups

"Try telling some student that has lost all of his college work that the solution is to go back in time and backup his files.
Unfortunately, the only solution in this event is to pay $120 to the crooks."

Why couldn't that college student bring the infected laptop to school and tell the appropriate staff member? Just explain the message that popped up and demonstrate what it is doing. The staff would probably think of something to help the student or give a bit of leeway knowing this porblem, and will probably get law enforcement in on the case if the student makes a strong enough case... kill two birds with one stone.

Pay 120 bucks, my ass. Anyone, ANYONE who does that is nuts.

first post

You can have your first post unencrypted if you pay $110 to me

Or I'll do it for free

Simple solution: Back up your data. In other news, make sure you patch software and operating system vulnerabilities and don't run executables from unknown sources.

Re:Or I'll do it for free

[Bert64]

Not running executables from unknown sources is perfectly practical advice on linux systems where your downloading cryptographically signed packages from the vendor of the distro you already have installed (and therefore already trust)...
Similarly on most modern phones which have integrated app stores..

But what about on osx and windows where no such repository exists, and where the default installs are severely lacking in useful applications?

Re:chanel bags 2011

[antifoidulus]

Slashdot really needs to add a spam moderation that gives 2x the negative karma of normal downmods.

My...

[MrQuacker]

You sure have some nice data here. Would be a shame if something were to happen to it now wouldn't it?

Re:My...

AT&T... is that you?!

Encryption

[flyingfsck]

All my data is already encrypted you insensitive clod!

Re:Encryption

[Opportunist]

But we'll encrypt it again for you! For free!

(What's really scary is that I am tempted now to write ransomware that displays that and an "I agree" button, and only actually encrypts and locks the user out if he clicks that "I agree" button. Just to see how many morons will fall for it)

Allright, bring back the Slot Machines of DOS!

I remember back when I was running MSDOS 5, and at first Bootup it cut to a screen with a Slot Machine that said it was a Virus holding my MBR and File Allocation Table ransom until I get such and such combination after I pull the Arm. It also said if I tried to turn-off the computer, then all my data is already gone unless I got the sequence in this game to restore my MBR and FAT.

Needless to say, I left the computer on all day and drove to my grandmother's Insanitarium/Old-Folk's home and said I didn't come visit these past 10 years because I've always given her bad luck and now I need her more than ever. She stopped taking her pills, said goodbye to the trees and bushes and pigeons as I walked her to my car, and upon arriving at my desk she knew exactly what to do: she pulled-out her vile of lipstick, puckered some on her mouth, and gave the computer screen a kiss. She was insane again.

Fuck you Slot Machine! I pulled the Arm, and I won back my MBR and FAT. I told my grandmother she could walk back home, and so I gave her $10 to buy some cigarettes and lunch, and I and her Retired-Living Facility have never seen her since.

Re:Allright, bring back the Slot Machines of DOS!

Jeeezz - you sick fuck! --- but really - that was a funny story! Very disturbed, but funny...

Preemptive strike

[DigitAl56K]

Kaspersky might have labeled it, but only running AVG ensures there's no chance of catching it ;)

Re:Preemptive strike

[underqualified]

That last AVG update encrypts your whole OS.

Re:Preemptive strike

[tacarat]

Which only proves that they can compete with McAfee.

Re:Preemptive strike

[pinkushun]

Unless you run 64-bit and updated to AVG 2011 - http://it.slashdot.org/story/10/12/02/2025237/AVG-2011-Update-Causes-Widespread-Problems-For-64-Bit-Windows

Re:Preemptive strike

*whoosh*

Re:Preemptive strike

Precisely. Can't catch a virus if your system won't run!

Re:Preemptive strike

Whoosh!

Ok, a question or two

[Weaselmancer]

The whole point of these malware authors is to ransom data for cash, right?

How the hell do they get paid? And if that is an answerable question, that brings question number two.

Why the hell can't the law find them?

There would be a money trail of some sort. The money has to go from victim to the criminal. That is traceable.

Isn't this really just a gigantic "kick me" sign?

Re:Ok, a question or two

Your just pointing out why your not creative enough to think of an operate such a scheme. Its very easy to move and collect money anonymously without getting caught, I won't go into specifics but it can be done via nominee structures.

Re:Ok, a question or two

I imagine the culprits are either stupid or in a country that doesn't care...

Re:Ok, a question or two

[Weaselmancer]

Ok, great. I'm like the guys in Office Space who don't know how to launder money.

So. Wanna illuminate me or are you satisfied with being merely cryptic? Because if you make that kind of info public maybe The Community can figure out a way to bring these assholes to justice.

Re:Ok, a question or two

If the money ends up going to a country like Somalia what are you going to do?

Ask for the Somali government's help to get your 100 bucks back?

Good luck with that.

Re:Ok, a question or two

[FuckingNickName]

I was going to link to an auditing web site via 2 URL shorteners, but it wouldn't let me.

Re:Ok, a question or two

[wvmarle]

How are you going to make a payment to Somalia?

I doubt they have a working banking system.

Making overseas payments of such small amounts is anyway an issue: bank charges can literally make half that amount disappear en route.

Re:Ok, a question or two

[Chrisq]

Your just pointing out why your not creative enough to think of an operate such a scheme. Its very easy to move and collect money anonymously without getting caught, I won't go into specifics but it can be done via nominee structures.

I can vouch for that. Uncle Osama knows what he's talking about on these matters. By the way hows the cave Ossie?

Re:Ok, a question or two

If the money ends up going to a country like Somalia what are you going to do?

Ask for the Somali government's help to get your 100 bucks back?

Good luck with that.

What Somali government??

Somalia is freedom unlimited: no taxes, no government. Somalia is eagerly awaiting rich US emigrants, with special low rates for Tea Party members!

Re:Ok, a question or two

[igreaterthanu]

Just an example method of payment, there are exchanges from PayPal US$ to BitCoin (and back). It would be easy enough to set this up to ask for credit card details and automate the payment, funds could then be converted back into real money (anonymously) at a later date.

Although I doubt that they are smart enough to do this.

Re:Ok, a question or two

[ArsenneLupin]

How the hell do they get paid?

... and this is the Achilles heel of just about every ransom ploy. Most kidnappings for ransom fail at the "money handover" stage.

Re:Ok, a question or two

[QuantumG]

suckers. Usually there's money mules who transfer the money around.. sometimes they're given the job of buying goods and sending those goods to someone else who sells them, etc, etc. It's all traditional money laundering techniques being done by "work from home" saps.

Re:Ok, a question or two

[will_die]

Since they are not asking for a cash drop there are plenty of ways. For simple ways Western Union or just a standard bank transfer or wire. They are ususally in a different country and for low amounts of money so you have problems getting police involved. Then if you look at the email scammers and see how many of them make money you see that alot of people will just send in the money and not call the police about it.

Re:Ok, a question or two

[aix+tom]

I could imagine (but I usually over-estimate peoples intelligence) that the virus might also look for the presence of the right content.

Someone might be reluctant to go to the police with "Officer, Officer, someone encrypted my 100MB of important business data and my 600GB collection of pirated movies and illegal stuff!!!!!"

Re:Ok, a question or two

[AlphaWolf_HK]

Well western union, moneygram, and other cash wiring services are typically used for all sorts of scams where the victims money can never be recovered. I'd imagine they could demand payment that way.

Re:Ok, a question or two

[91degrees]

Others have mentioned wiring it to another country.

Alternatively BBC's "The Real Hustle" did something like this. They simply give the victim 30 minutes to find the cash, put it in an envelope and give it to a "courier". The courier is part of the scam team so once it's in his hands, the money's gone.

Re:Ok, a question or two

I've heard of money laundering being done by playing internet poker against oneself. The casinos usually reside in a tax haven, so it's hard to get them to cooperate.

Re:Ok, a question or two

[imsabbel]

I can tell you an example: I was victim to credit card fraud a couple of years ago (I think it was skimmed at a parking lot acception credit cards as a pass).

I went to the police after an unautorized payment was made.
They came back to me a few months later with what happened: Somebody in Germany got the credit card data from somebody in california to buy stuff to be delivered to moscow (1 Playstation and a Gameboy). I never understood how such an tranaction was accepted for payment with credit card...). The woman in germany stated to the police that she was doing one of those "easy money from home! Just need a computer and an account!" jobs, getting lists of what to buy for whom.

Some comcept here: Get a few idiots that take the fall, lose a part of the money in the process, but be clean at the end.
Just as in that case: The value was too low for anybody really to have consequences.

Re:Ok, a question or two

[ultranova]

If the money ends up going to a country like Somalia what are you going to do?

Talk the RIAA into funding a full-scale invasion of Somalia? They're all pirates, you know :).

Re:Ok, a question or two

[Bert64]

Criminal gangs often have mules to collect and launder money for them, these mules are often unsuspecting victims of scams too.

The criminals behind the scams are also often located in countries with very lax law enforcement that either doesn't care about the crimes taking place, or only care that they get their bribes from the criminals.

Re:Ok, a question or two

[Opportunist]

That's something that usually does NOT work, because banks (of course not in self interest of cashing in on the lost interest, only for the added security and safety of the money transfer) usually hold the money for a few days before forwarding it to a country where getting it back is near impossible. And in every other case, you may rest assured that the police is already waiting for the person whose account this money should have been sent to and asks him ... well, why.

Western Digital is the way. You deposit the money and get an ID. You tell that ID your kidnapper. He hires a bum for 5 bucks to go to WD somewhere on this planet (for a while, London was very much in fashion) and cash in. No way to avoid or catch the culprit. He can go into any WD office on this planet (no way to preemptively put surveillance up), and even after you know where they picked it up, all you get from the WD employee is a description of some hobo.

Re:Ok, a question or two

[rsmith-mac]

While Western Union doesn't cover Somalia, it does cover practically everywhere else. Nigeria (or most of sub-Saharan Africa for that matter) is a good place to get lost.

Re:Ok, a question or two

[Soft+Cosmic+Rusk]

Really? I had no idea Western Digital did that kind of thing!

Re:Ok, a question or two

[lxs]

Damn that Western Digital. That's why I only send money via Seagate or Toshiba.

Re:Ok, a question or two

[Monkeedude1212]

Ok, great. I'm like the guys in Office Space who don't know how to launder money.

So. Wanna illuminate me or are you satisfied with being merely cryptic?

The thing is that most of these sites will ransom you for your credit card info to make the payment, its almost never just the amount they claim that they want to steal from you.

So you go to their website and enter the info. They return your data. They go and they use your credit card to make a deposit to a paypal account that they've hacked - its not actually one of theirs its of an unsuspecting victim. They run the money through a couple of those, whose purchasing history is actually protected so the cops need a warrant to search through it - which will often just put the wrong person under suspicion.

Eventually they run it to an account outside of the US's Jurisdiction.

Re:Ok, a question or two

[operagost]

Wow! Can I bring my straw man with me?

Re:Ok, a question or two

[clone52431]

He can go into any WD office on this planet (no way to preemptively put surveillance up), and even after you know where they picked it up, all you get from the WD employee is a description of some hobo.

You mean to say they can’t put a flag on that WD account (ID) so that no WD office will give anyone the money associated with it and they’ll call the local cops if anyone tries to pick it up?

What the hell, are they trying to help money launderers?

Re:Ok, a question or two

[Opportunist]

Damn the fact that my WD HD died today. I wonder what Freud would say about that...

Re:Ok, a question or two

[Rich0]

I doubt the guys collecting the money care about bank charges. They just make it the user's problem to figure out how to get the money to them. If it costs $1k to send them $100 they still get their $100.

Re:Ok, a question or two

I think plenty of people would pay if the files where simply moved to somewhere other than "My Documents", which makes me wonder why they go through all the trouble of using encryption? maybe to stop other scammers from making a competing file-restore tool ?

No data is actually encrypted.....

[Skellbasher]

Fortinet did an analysis of this. http://blog.fortinet.com/all-your-drives-are-belong-to-us/ It simply backs up the partiton table and rewrites the MBR. It's fixable without paying the ransom.

Re:No data is actually encrypted.....

[wgibson]

See also this post from Prevx: http://www.prevx.com/blog/163/Ransomware-lands-on-the-MBR.html

All the data inside the hard drive is claimed to be encrypted, though this isn't actually true. The only thing that has been overwritten is the MBR.

[...]

Attempt by most users and technicians to fix the infection will be to run “fixmbr” to restore the MBR with a clean copy. Sadly it is not possible, because the rootkit wipes out the whole partition table section from the first sector of the hard drive - it is copied out to the fifth sector along with whole original MBR.

Re:No data is actually encrypted.....

[jonwil]

TFA says its a new varient of this virus (which means it may actually encrypt the data)

Re:No data is actually encrypted.....

[icebraining]

I'd use TestDisk, it actually searches the whole disk for the filesystems. Helped me when a friend brought me a disk with a corrupted partition table.

Re:No data is actually encrypted.....

[pinkushun]

Kaspersky's Kamluk says that "Pushing [the] reset/power button on your desktop may save a significant amount of your valuable data!"

Such insightful precautions from teh [sic] professionals! Their advice goes completely against the fact that no data is encrypted.

Reading and writing a 512 byte MBR obviously takes less time than encrypting all your user documents. That is smaller than the size of a new, blank word doc (in the new compressed .docx format!)

Nobody would hit that power button fast enough.

Re:No data is actually encrypted.....

[pinkushun]

32 blank word .docx's to be exact - 16,384 / 512 = 32

Re:No data is actually encrypted.....

It's sometimes a good idea to read the actual blogpost: "...and comes off the heels of recent GpCode activity. GpCode is ransomware that employs rigid encryption to corrupt documents on hard drives until they are decrypted ($120 USD). So far, RBNCrypter does not seem to be doing this..."

Yes, it's a completely unrelated piece of malware. The only common factor is presence of "AES"; which in one case corresponds to an encryption algorithm, while in the other it's just part of the scare-tactics.

Re:chanel bags 2011

[FuckingNickName]

That won't be abused.

Fixable possibly, but be careful anyway...

[SuperKendall]

I'd feel a little better about the proposed solution (let a disk utility recover the partitions) if they had actually tried a disk utility to see if it could in fact find the partitions and restore them. It does seem like it should work... and copying that thing back by hand is not a task I'd take on lightly with anyone's data but my own.

Also wouldn't the thing that messed up the MBR in the first place still be in your Windows installation? I didn't see that they tried to boot from that drive after repairing the MBR. It could be the ransomware is just waiting for you to reboot and will do something nasty if you've not entered the password. It seems like even after a recovery you should take the drive to a different system and back it up immediately before you tried to boot from it again, but they do not mention that.

1) 2) 2) -- They can't count to three

[PatPending]

Funny how these crooks can write ransomware but they can't count to three: 1) 2) 2)

Re:1) 2) 2) -- They can't count to three

[PolygamousRanchKid+]

And the LORD spoke, saying, "First shalt thou take out the Holy Pin, then shalt thou count to three, no more, no less. Three shall be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out. Once the number three, being the third number, be reached, then lobbest thou thy Holy Hand Grenade of Antioch towards thy foe, who being naughty in My sight, shall snuff it." Amen

Re:1) 2) 2) -- They can't count to three

[sco08y]

Funny how these crooks can write ransomware but they can't count to three: 1) 2) 2)

You've obviously never interviewed people for a programming position.

Re:1) 2) 2) -- They can't count to three

[Wolvenhaven]

As one of my programming teachers said in one of our first classes "it doesn't matter if you spell things correctly, only that you misspell them consistently."

Re:1) 2) 2) -- They can't count to three

[snookiex]

If I were going to send a message to the victim I'd send chunk of file wrapped in a napkin. Something like:
"0xFA 0xAA 0x15". Give us the money or the next thing you'll see will be a "0x00"

Re:1) 2) 2) -- They can't count to three

Mandatory +1 for Monty Python quote.

Re:1) 2) 2) -- They can't count to three

Meh...obviously computer scientists. There's only three numbers in Comp Sci, 0, 1 and many.

Re:chanel bags 2011

[ikkonoishi]

Maybe it could rot13 the text of the comment, and then have a javascript autotranslate on click thing. That way it would be worthless for SEO type stuff.

If it got any positive mods whatsoever it wouldn't do it to avoid it being used as a "I disagree" option on otherwise decent posts.

Who would trust them?

[kasperd]

Who would actually trust those people to give access to the data after receiving payment? What is the most profitable thing to do after somebody have paid? Give them their data back or demand more money. Granted, very few people would be stupid enough to pay twice. But even if one person would fall for that, it would mean more money to them. And people are more likely to pay more money if they can make it look like the sucker was just unlucky and they didn't intentionally fail to give the data back. For example make the browser crash at the point where it "should" have shown the password.

Re:Who would trust them?

This is exactly what I was thinking, if they fell for it once, they will probably fall for it again.

Re:Who would trust them?

[Opportunist]

Unless word gets out that you don't get your data back after paying.

And this is the internet. The first thing people will do after this happens is painting it all across facebook and twitter.

Re:Who would trust them?

Publicly admitting they are too stupid to use a computer and fall for the most obvious scams? I don't think so.

Plus I doubt the people who fall for his are capable of looking anything up on the Internet. If they were, they wouldn't have paid in the first place.

Re:Who would trust them?

[amn108]

Not fully correct - if they refuse to decrypt your PC even after you pay them, you tell everybody who would listen, if even out of frustration, that paying for virus X does not help, leading to the criminals having no trust from their victims. And nobody likes to pay $120 for nothing, so they will most likely loose potential revenue from their scheme. When people pay, they expect something in return (that's what paying means) - if they don't get anything, they tell other people and it matters little whether the salesman is a criminal - the whole setup is built on trust, even the victim-criminal relationship. So, yes they WOULD LOOSE money if they try to get greedy and not decrypt as promised. I mean, if you know that your data will not be decrypted, why would you pay? People know how to cope, it's a survival instinct.

It's a bit like robbing a bank - robbers take hostages and ask for a plane. They might get it, but if they kill the hostages nevertheless, they just give more incentive to the law enforcement to hunt them down like dogs afterwards. It's the human element.

Re:Who would trust them?

[John+Hasler]

And this is the internet. The first thing people will do after this happens is painting it all across facebook and twitter.

This con has been widely known for many years. It still works.

Re:Who would trust them?

[Opportunist]

Publicly admitting they are too stupid to use a computer and fall for the most obvious scams? I don't think so.

You don't read twitter and facebook a lot, do you? I'm amazed that people don't post that they murdered someone if they do, but equally I'm surprised law enforcement doesn't have a few guys doing nothing but reading it, you get a lot more confessions that way. People spread their whole LIFE all over social networks, and they quickly feel the urge to "warn" their peers of "dangers".

As a quirky offtopic thing: Opera's spellchecker knows twitter, but it doesn't know facebook.

Re:Who would trust them?

[Rich0]

So, what you're saying is that I should write a virus that claims to have encrypted user data, and demands money, but in reality it just overwrites the data with random bytes.

Then I can collect the money and sleep in good conscience, knowing that I'm destroying the market for others doing this scam, and thus helping the human race by making it less likely that others will do the same?

While we're at it, maybe we can start hijacking planes, and then blowing them up after our demands are met. Suddenly terrorism-for-ransom goes away too. (Not that much terrorism-for-ransom actually happens much nowadays anyway.)

And no, I'm not suggesting that anybody should actually do these things...

Re:Who would trust them?

[psithurism]

Well, if someone paid up without getting the cops involved, you might want to take your money and be happy. $100 bucks is coincidentally about my limit to spend on a computer problem. After 3-4 unsuccessful payments people would probably get sick of it and call the FBI, and you'd lose a money mule with whatever he was holding.

On the other hand if you just give the victims data back (until the next time you infect them), then when victim's friend (who just got the virus from victim) is wondering if he is really gonna get his data back, victim will tell him, "Yeah, just shell out the money, and you get your data back, police reports take too long.

Re:Who would trust them?

As a quirky offtopic thing: Opera's spellchecker knows twitter, but it doesn't know facebook.

Twitter is a rather unique name. facebook - as one word - on the other hand could easily be a typo. Could be intentionally not part of the dictionary.

Re:chanel bags 2011

[91degrees]

It gets swooped on pretty damn quick.

I have to say I find it kind of funny. As though we're going to read the comment and think "Gosh - that's an insightful comment and not spam at all. Now I must buy a Chanel bag because that would be the perfect accessory for my think geek T-shirt"

Re:Backups? You're missing the point

It's not enough to back up your data! You'll only end up with encrypted backups, at least if the author did the smart thing and covertly encrypted the data over a period of time (until all unencrypted backups have been deleted). This has happened in many companies.

What you really need to do is to manually verify which files have changed since last backup, and whether that change was legitimate. Easily done using hashes. This approach also prevents general file corruption, which is at least as big of an issue.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Backups? You're missing the point

[Opportunist]

Or teach your backups to be smart and warn you if they notice a significantly larger number of files changing.

In a company (or with you at home), there is usually a fairly stable number of documents getting modified per day and thus their backups need modification. So unless that malware does it REALLY slowly (read: a handful of files per day, tops), you do notice a significant spike of changes.

Kaspersky

[roman_mir]

I have an uneasy feeling about Kaspersky in all sorts of situations, including this one. Just saying that the 3 ways to gain from this activity is either to be building the virus or to be building and selling the antivirus.

The third possibility is left to the imagination and that's the one that makes me uneasy.

Re:Kaspersky

[mrjb]

I authored a moderately successful anti-virus program and am bothered by the reasoning that basically accuses AV authors of writing viruses. Stop it, please.

Seriously- how many viruses are out there again? Tens of thousands? Do you *really* think writing one more virus is going to have a measurable (positive) impact on anti-virus sales?

On the other hand, if Kaspersky or McAfee would be writing viruses and they were found out, what do you think that would do to their reputation? How many people do you think would drop their product like a hot potato?

The point is that with tens of thousands of viruses already out there, there is simply *no point* in spending any time and effort on writing viruses. As an AV company, rather than spending time and money on writing your own viruses, it's best to leave the virus making to virus makers. They will be doing that anyway - and so you'll have your virus ecosystem handed to you for free, without any investment from your side.

Then again, speaking as an AV author, the best anti-virus there is, is common sense combined with a (mostly) secure OS. A slight touch of raving paranoia helps as well.

Re:Kaspersky

[roman_mir]

I wrote a number of viruses, they never were released. Writing viruses is trivial, it's hard to write viruses that do something that gains some sort of profit for the author, but in this case the profit is very clear and it is lucrative, so don't be surprised over the insinuations here.

I do believe that at least in some cases this is true - antivirus companies do promote virus authors one way or another, but it's my personal belief, don't worry about it.

Microsoft Ransomware is back

There, corrected the title ...

CrashPlan

[gottabeme]

CrashPlan is excellent. $50/year for one computer and unlimited space, indefinitely-kept versioning and deleted files, and a daemon that runs in the background all the time, with a separate GUI frontend.

I wish there were a referral plan so I could get something from this plug, but as of now, there's not. :/ haha Anyway, check it out. For a long time I used Duplicity to a web hosting account, but CrashPlan is easier and more reliable.

Re:chanel bags 2011

If it got any positive mods whatsoever it wouldn't do it to avoid it being used as a "I disagree" option on otherwise decent posts.

Which would in turn be abused by trolls who upvote spam. Gotta love the Internet ;)

Critical is in the eye of the beholder.

[Lilith's+Heart-shape]

You might not think that the archive of emails my wife and I sent each other the last ten years is critical, but it means enough to me that I have three offsite backups.

Re:Critical is in the eye of the beholder.

[John+Hasler]

You might not think that the archive of emails my wife and I sent each other the last ten years is critical

All the email my wife has ever sent or received is critical: just ask her (and she has been using email for more than 25 years).

Re:Critical is in the eye of the beholder.

Well, I purposely make sure there is no trace and no backups of the emails that me and your wife have been sending each other over the past 10 years.

Re:Critical is in the eye of the beholder.

[kmoser]

The emails may be critical, but what I'm really interested in are the pics.

Re:Critical is in the eye of the beholder.

[Lilith's+Heart-shape]

That's fine. I have the same policy with your father.

Ovekill.

[John+Hasler]

For 90% of victims changing the file name would be adequate "encryption". Simpler yet would be to just delete the files, collect $120 for returning them, and move on to the next victim. After all, these people have already demonstrated their stupidity by downloading the malware in the first place.

Will any makes of Ransomware try to use the DMCA t

[Joe+The+Dragon]

Will any makes of Ransomware try to use the DMCA to force you to pay?

Or maybe even on the fake AV apps may try that some day.

EULA

[mr100percent]

Imagine if a semi-legtimate company did this. Would they be legally allowed to do it if the EULA said they would?

Re:Backups - the solution is simple

[jenningsthecat]

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

So just tell them to unmount/disconnect after backing up! While you're at it, counsel them to get at least one additional drive to put into backup rotation. As far as offsite backup, a 32GB stick with the really critical data copied to it may be better than trusting your data to a third party.

External drives, along with memory sticks, are very effective when used properly.

Home fire safe, bank safe deposit box

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

Its a far better solution than the previous one: doing nothing. I'd wager accidental deletion or hardware failure is a bit more common than ransomware and other related malware threats to data.

An external drive provides absolutely no protection from any kind of malicious attack or catastrophic disaster (flood, fire, theft).

When evacuating the house due to fire/flood/tornado/earthquake etc one could quickly unplug and grab the external hard drive.

The only real backup solution is an off-site backup.

Yes and no. Online backup solutions are fine but not really the only option. Get a small external HD (often USB powered and designed for portability) and periodically copy everything to it and put it in a bank safe deposit box, or buy a firesafe for at home. With respect to firesafes be careful to get one that is rated for electronic data, most are only related for paper and temperatures will get hot enough to kill electronics.

Only the stupid are penalized

[mikein08]

Lets see here ... anyone ever heard of the concept of "backup" - you know, making copies of your files, so you can recover them in case of situations like this??? Only the stupid get penalized in a scam like this.

advantages in local backup

[KingAlanI]

I do like the 1TB Western Digital mybook I have (best gift received for Christmas 2009)

However, I want that on-site because it serves a dual purpose: in addition to backing up stuff on C:\, I also use it as expansion capacity for stuff that can't fit on C:\. Likewise, I keep my USB drive handy (which backs up some files) because I also use it for file portability.

I could also put the core of my files collection (i.e cut down on the space-guzzling files) on USB flash drives, and put them at other convenient locations. Other rooms of your own house / your other PCs might be useful in cases of really localized damage.

Fine for reverting to good versions of specific files, too.

Frankly, local backup at least seems to be a good consumer-grade solution if you're not paranoid.

With apologies to Linus Torvalds...

[KingAlanI]

"Real men don't use backups. They just upload their stuff via BitTorrent & one-click hosting sites and file, and let the rest of the world mirror it."

Well, this would be useful for collections of creative content that would be a PITA to rebuild. That reduces your backup challenge towards mainly smaller-size personal document files, which can't hurt.

Re:chanel bags 2011

[ikkonoishi]

This would require a registered account with decent karma. So just keep track of the spam upvoters, and don't give them mod points for a while.