Inside a Ransomware Money Machine

tsu doh nimh writes "The FBI is warning that it's getting inundated with complaints from people taken in by ransomware scams that spoof the FBI and try to scare people into paying 'fines' in lieu of going to jail for having downloaded kiddie porn or pirated content. KrebsOnSecurity.com looks inside a few of the scams in the FBI alert, and it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while."

Hah!

My buddy got one of those from watching waaaaayy too much porn, and actually called the FBI who told him it was a virus.

What it does is lock your screen with an FBI logo and official-looking message, even displaying the output from the webcam if there is one, saying that unless the mark pays $200 or so using a Bitcoin-like form of payment one can get at convenient stores, the user will be arrested for downloading CP and/or "copyrighted material." Certain keys are locked, obviously, so you can't do the 3-finger salute and kill it with the task manager.

A boot into safe mode and a little MsConfig was enough to fix, though not remove, the malware.

-- Ethanol-fueled

Re:Hah!

[dmomo]

"my buddy"

So, did you end up paying?

Funny how it's not a scam when the lawyers do it

[Nyder]

It should all be considered a scam when someone says pay up or I'll take you to court/press charges/sue/threatens you.

The best defense against scams

[operagost]

The best defenses against scams are still the same:
1. Knowing your right to due process, and
2. Knowing proper spelling and grammar in your native language.

I'm continually dismayed that large numbers of people (possessing enough intelligence to use a web browser) don't realize that the FBI using email or popups to demand summary payment of "fines" without due process is implausible and illegal.

Re:The best defense against scams

[dkleinsc]

There's a couple more rules of thumb that help:
1. It's much harder to cheat an honest person. For example, if you don't download kiddie porn, it's very hard to get you to pay a fine to avoid trials for doing so. The Nigerian prince scam worked only on people who were willing to help somebody commit money laundering.
2. If it seems fishy, it's a scam. Anyone saying "money for nothing" (who's not a member of Dire Straits) should be suspect.

Re:The best defense against scams

[sl4shd0rk]

I'm continually dismayed that large numbers of people--

Oh, so many ways to finish that sentence.

Re:The best defense against scams

[asdf7890]

2. Knowing proper spelling and grammar in your native language.

There have been suggestions that some of the scammers use this as a mark filter: people put off by the spelling/grammar would be unlilkely to follow through to the end anyway so put them off early so you can concentrate on the others. People who fall for the scam despite the presentation are better quality marks and more more likely to pay out (either because they have done something wrong and are feeling guilty, or because they don't speak the language well enough to spot the telltail problems, or simply because they are just plain thick).

Though I think it more likely that the simpler explanation (most of the scammers simply fail to create a good presentation in the target language) is more likely at least in most cases.

Re:The best defense against scams

[Canazza]

I got an email saying they'd pay me a million dollars if I helped some arab guy transfer his money.

Sultan of Swing or something.

Re:The best defense against scams

[CastrTroy]

I've heard the Nigerian prince scam is designed to be quite unbelievable because they don't want to waste their time with people who have any kind of common sense. It's too hard to get money from people with common sense. I think the same goes for this type of scam. Target enough people and you'll eventually fall upon somebody who watches kiddie porn. And that person will be easy to get money out of, because they'd rather pay money than face the other consequences.

Spoof the FBI?

[delta98]

Poor Hoover must be spinning in his bustier.

Re:This has gotten out of hand.

[viking099]

Back when I was working the computer labs at my university, we used a product by Centurion to secure our workstations.

We would build an image, then lock down this little device installed in the case.

The computer user never even notices it, and they can write to temp folders and change settings, and everything.

When the computer is then rebooted, this device just reloads the OS from the "locked" partition, and it's just like it ever was.

Day to day it was great, but applying updates was a pain because you had to visit each system and unlock it manually. This was 15 years or so ago, so I'm sure they have a better system in place now, but it worked pretty well for our group and the hundreds of computers we maintained.

Re:Funny how it's not a scam when the lawyers do i

[darkmeridian]

The difference between blackmail and settlement is that blackmail requires the threat of doing something ILLEGAL if the demands are not met. Whereas, a settlement offer is the forbearance of a LEGAL right if the demands are met. If someone didn't pay me for my work, for instance, I can send a demand letter asking that he pay me or I will sue him for the money, which is a legal right I have. If I demand money or I will shoot him, that's blackmail.

The boundary is close when it comes to porno cases. What if the right to sue is clear cut (the Copyright Laws clearly prohibit downloading the material) but the real damage is the damage to reputation? That becomes closer to the situation of, "Give me money or I'll release this sex tape you made" or "Give me money or I'll tell the world about our love baby."

Re:Funny how it's not a scam when the lawyers do i

[HungryHobo]

" If I demand money or I will shoot him, that's blackmail."

No, that's extortion.

Blackmail would be threatening to tell your wife about your mistress. Blackmail can include things you would otherwise be perfectly legally allowed to do.

You may have every legal right to expose the trips made to a bathhouse by a homophobic republican senator but if you demand money from him in exchange for *not* revealing that secret, that's illegal.

Re:Scams

[CheshireDragon]

Exactly. If they suspect you have kiddie pr0n they are not going to take a bribe and say 'pay up to keep us quiet.' The first time you will even hear from them they will be kicking in your front door, seize you and all your electronics.

Re:Scams

[firewrought]

The first time you will even hear from them they will be kicking in your front door, seize you and all your electronics.

And it's that sort of personalized attention that makes American law enforcement the best! :O

Re:Scams

[ideonexus]

It's easy to laugh and feel superior that a small percentage of people fall for these scams, but what isn't funny is that the people falling for it are mostly senior citizens. Just yesterday my mother-in-law brought me the phone and told me, "It's somebody from Microsoft! They say our computer is infected with a virus!"

I answered the phone and somebody with an Indian accent told me his name was "Todd Moody" and that our computer was sending error messages to Microsoft. Curious about the scam, I let him walk me through opening the application error log and trying to delete some errors from it, to which he exlaimed, "Oh no sir! You cannot delete the errors! This is very very bad! You have a very dangerous trojan virus on your computer!"

If I hadn't been there, my mother-in-law would have handed over her credit card information no questions asked. In fact, my father-in-law had done this in the past. One day I'm going to be a senior citizen and my bullshit detector is going to stop working like it does for everyone else. The Federal Government should be putting a stop to this predatory scumbaggery with extreme prejudice.

When you see this crap, do your civic duty and report it.