Ransomware Making a Comeback

snydeq writes "Ransomware is back. After a hiatus of more than two years, a variant of the GpCode program has again been released, kidnapping victims' data and demanding $120 for its return, InfoWorld reports. 'Like the ransomware programs before it, GpCode encrypts a victim's files and then demands payment for the decryption key. The new version of GpCode — labeled GpCode.AX by security firm Kaspersky — comes with a bit more nastiness than previous attempts. The program overwrites files with the encrypted data, causing total loss of the original data, and uses stronger crypto algorithms — RSA-1024 and AES-256 — to scramble the information.'"

Backups

[coerciblegerm]

Simple solution: Back up your data. In other news, make sure you patch software and operating system vulnerabilities and don't run executables from unknown sources.

Re:Backups

[Rob+Kaper]

And mark your existing backups read-only. Although that might require an OS which wouldn't run this malware anyway.

Re:Backups

If your backups are simply on the same machine that you're backing up, you're missing at least 1/2 the point.

Re:Backups

I hate to break it to ya buddy, but accidental deletion and hardware failure make up 100% of my data loss causes. Shocking, I know. You see, some people actually do patch their software and ensure their OS is up to date, and some people don't run executables from strange places.

Mounted, active storage is perfectly acceptable for backing up all but the absolute most critical of data.

Re:Backups

[wvmarle]

My data set is about 40 GB (gzipped).

Amazon et. al. while cheap and off-site and probably pretty secure would require encryption at least. I don't want unencrypted data there. Makes it a bit more cumbersome.

The killer is going to be the upload. I've 2 Mbit up, uploading my data set to Amazon would saturate my pipe for about 55 hours straight. And that's a show stopper.

I'm slowly looking for 64GB USB drives. They exist but the local shop has only 32 GB, so have to look further. That's a much easier solution than Amazon.

Re:Backups

[ArsenneLupin]

Whenever I see family/friends/co-workers using external drives for "backup" I have to repress the urge to launch into a lecture on the absurdity of relying on a local, always mounted backup.

You know, malware is not the only threat to data. There's also hard disk failures, and human error. "Always-mounted" external disks protect against both.

WesternDigital and all the other purveyors of external hard disks should be ashamed of themselves for promoting their products as a reasonable backup solution.

... and even if you are concerned about "always mounted" being vulnerable to malware, you can always keep your drive securely stashed away, and only connect it once a week to do your backup.

The ONLY kind of calamity that such devices protect you from is accidental deletion or hardware failure.

Which is already quite useful. Even though we like to scoff at windows users, most malware is not interested in trashing user's data, and anti-virus programs still manage to catch most malware (if one is installed).

...or catastrophic disaster (flood, fire, theft).

... which are quite rare compared to the more usual failure modes (hard disk failures, or accidentally deleted the wrong files).

Considering how cheap Amazon S3 [amazon.com] is, off-site backups are finally a real solution for the average person.

You've got to trust Amazon to respect the privacy of your data.

Re:Backups

[GameboyRMH]

Always mounted? That won't save you from an rm -rf / (or would a mounted fsck make the files hard to recover without taking as long as wipe?) I'm assuming you're running a highly secure *nix OS because otherwise, you're asking for it.

I back up my laptop, PDA(s), keychain flash drive, and my home server's boot drive to an encrypted disk on the server that's normally unmounted. As long as the box doesn't get broken into (good luck) and then someone does a dd -if /dev/urandom -of /dev/sdx it'll be safe. A lightning strike could cause me to lose the home server's boot drive but there's nothing really important on there anyways, it would just be a PITA to set up again.

My gaming desktop backs up to an unencrypted internal drive (I'm going to make it external soon and maybe encrypt it) that is normally unmounted. If I had gigabit ethernet in my house I'd put the drive in my home server, encrypt it and do rsync backups over the LAN like the other machines, but it has hundreds of gigabytes in use and would be painfully slow to transfer over 100mbps ethernet...

Re:Ok, a question or two

If the money ends up going to a country like Somalia what are you going to do?

Ask for the Somali government's help to get your 100 bucks back?

Good luck with that.

Re:Ok, a question or two

[ArsenneLupin]

How the hell do they get paid?

... and this is the Achilles heel of just about every ransom ploy. Most kidnappings for ransom fail at the "money handover" stage.

Who would trust them?

[kasperd]

Who would actually trust those people to give access to the data after receiving payment? What is the most profitable thing to do after somebody have paid? Give them their data back or demand more money. Granted, very few people would be stupid enough to pay twice. But even if one person would fall for that, it would mean more money to them. And people are more likely to pay more money if they can make it look like the sucker was just unlucky and they didn't intentionally fail to give the data back. For example make the browser crash at the point where it "should" have shown the password.

Re:Who would trust them?

[Opportunist]

Unless word gets out that you don't get your data back after paying.

And this is the internet. The first thing people will do after this happens is painting it all across facebook and twitter.