Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ransomware Making a Comeback

Posted by timothy on from the please-send-money dept.

snydeq writes "Ransomware is back. After a hiatus of more than two years, a variant of the GpCode program has again been released, kidnapping victims' data and demanding $120 for its return, InfoWorld reports. 'Like the ransomware programs before it, GpCode encrypts a victim's files and then demands payment for the decryption key. The new version of GpCode — labeled GpCode.AX by security firm Kaspersky — comes with a bit more nastiness than previous attempts. The program overwrites files with the encrypted data, causing total loss of the original data, and uses stronger crypto algorithms — RSA-1024 and AES-256 — to scramble the information.'"

3 of 202 comments (clear)

  1. No data is actually encrypted..... by Skellbasher · · Score: 5, Informative

    Fortinet did an analysis of this. http://blog.fortinet.com/all-your-drives-are-belong-to-us/ It simply backs up the partiton table and rewrites the MBR. It's fixable without paying the ransom.

  2. Re:Backups by Cato · · Score: 4, Informative

    Antiviruses catch only a declining percentage of malware, so you can't rely on them - see http://en.wikipedia.org/wiki/Antivirus_software#Effectiveness which shows that even in 2007 the average percentage caught was about 50%. Various independent tests confirm this, particularly for zero-day viruses (i.e. you must rely on heuristics in the AV product, not signatures). In 2007, 23% of infected PCs had up to date antivirus: http://www.pandasecurity.com/infected_or_not/ and http://www.pandasecurity.com/infected_or_not/panda_security_research/

    Even when there is coverage for a specific virus/trojan, highly polymorphic ones are often not caught - for example the Zeus banking trojan, which steals from bank accounts while hiding the illicit transactions and resulting balance from the user, is missed in 77% of cases - http://www.darkreading.com/security/article/220000718/index.html

  3. Re:Ok, a question or two by Monkeedude1212 · · Score: 3, Informative

    Ok, great. I'm like the guys in Office Space who don't know how to launder money.

    So. Wanna illuminate me or are you satisfied with being merely cryptic?

    The thing is that most of these sites will ransom you for your credit card info to make the payment, its almost never just the amount they claim that they want to steal from you.

    So you go to their website and enter the info. They return your data. They go and they use your credit card to make a deposit to a paypal account that they've hacked - its not actually one of theirs its of an unsuspecting victim. They run the money through a couple of those, whose purchasing history is actually protected so the cops need a warrant to search through it - which will often just put the wrong person under suspicion.

    Eventually they run it to an account outside of the US's Jurisdiction.