CryptoLocker Gang Earns $30 Million In Just 100 Days

DavidGilbert99 writes "A report from Dell Secureworks earlier this week reported that up to 250,000 systems have been infected with the pernicious ransomware known as CryptoLocker. Digging a little deeper, David Gilbert at IBTimes UK found that the average ransom being paid was $300, and than on a very conservative basis just 0.4% of people paid the ransom. What does this all add up to? $30 million for the gang controlling CryptoLocker — and this could be 'many times bigger.'"

hey dummies

The link is wrong

Re:hey dummies

[bondsbw]

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

Re:hey dummies

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

Yup. Maybe it was author of the article who paid the $30 million "second chance ransom"

Re:hey dummies

[girlintraining]

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

You can't expect journalists to have a grasp of basic math. Or the general public for that matter. Otherwise the headline "Company X settles 'largest lawsuit in history' at Y billion dollars" wouldn't have the impact it does after realizing Company X's revenue was Z trillion dollars. And who knows -- with the instability of bitcoin pricing, it might well be worth $30 million next week... -_-

Re:hey dummies

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

You can't expect journalists to have a grasp of basic math. Or the general public for that matter. Otherwise the headline "Company X settles 'largest lawsuit in history' at Y billion dollars" wouldn't have the impact it does after realizing Company X's revenue was Z trillion dollars. And who knows -- with the instability of bitcoin pricing, it might well be worth $30 million next week... -_-

Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

http://money.cnn.com/magazines/fortune/fortune500/

Trillions would be the GDP of entire countries. So, yeah, "Y Billion Dollars" is a pretty freaking huge deal, especially when you consider the largest PROFIT in a company is Exxon Mobil with 44.8 billion. Lawsuits affect profit, not revenue.

Re:hey dummies

What did you expect? Those that can't do math well but seek a profession usually major in Journalism, Sociology, El. Ed., etc. That is FUD math taught to them by the Federal Protection Racket and the MAFIAA.

Re:hey dummies

[GameboyRMH]

Things Slashdot editors aren't so good with: Junior-high level math, URLs.

Re:hey dummies

[Dynedain]

So the author confused .4% with 0.4 (aka 40%) to get the $30M figure. So much for editors in publishing.

Re:hey dummies

[girlintraining]

Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

You seem to be laboring under the delusion that companies only exist, and earn profit, for one year. Then they return to their ancestral home in the profit river, where they lay their nest eggs and golden parachutes for the next generation, and then die.

Alas, companies make revenue year over year... and some of the biggest frauds this country has seen have taken decades before the government acted to stop it. So "Trillions of dollars of revenue" is not an inaccurate statement. At least not if you have more brains than an anonymous coward...

Re:hey dummies

The actual link, has "30-million" in the URL, but does, in fact say $300,000 in the article. I guess this is a case where only the URL was "read", not the story, while "composing" the summary...

Re:hey dummies

[bondsbw]

The author changed the article. You can tell because the link is "www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607" but the headline now says "CryptoLocker Gang Earns Millions in Just 100 Days" (changing from "$30 million" to just "millions").

Where before the headline was based on bad math, the new headline is based on fuzzy math because someone indicated that the earnings could be many times more than what was reported.

Re:hey dummies

The definition of revenue is a yearly figure. And like I said, profit is the number that companies care about when talking about money. Exxon Mobil would need to hoard all of its profit for 23 years to be able to amass 1 trillion dollars in cash. And besides, what do you think companies DO with their billions? They either reinvest them or pay out to their stock holders (This is the main reason for a public company to exist, after all). Companies (except Apple) don't hold on to cash unless they're looking to make a big acquisition.

So yes, a multi-billion dollar hit to your profit is a big fucking deal, no matter who you are. Stop being dense.

Re:hey dummies

Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

Oh, and P.S., you have no clue what revenue actually means The largest company on the planet only pulls in $134.77 billion a year. Wal-mark did $469.2 in sales last year.

I'm well aware of what revenue is (I work in sales for a fortune 100, surprise!)

I assumed (naively, I must admit) that CNN would also know what revenue is. However, you just made my original point even more. Nobody has "trillions in revenue."

Re:hey dummies

Yes, the figure you have mentioned is correct PER DAY as it is in 100 days.

Re:hey dummies

RTFA: 0.4% * 250,000 * $300 = $300,000 represents only one day. Each of the infected systems has a short window for unlocking.
Meaning, over 100 days, they earn $300,000 * 100 = $30,000,000.

Re:hey dummies

[bondsbw]

The article never mentions this as "per day". And the author has since changed the number from $30M to $300K, so I'm pretty sure it meant over the 100 day period.

Re:hey dummies

Actually it seems that you are the one who does not know the difference between revenue and sales. Sales are one component of Revenue. Thus, for any company Revenue >= Sales. http://smallbusiness.chron.com/difference-between-revenue-sales-31110.html

In fact if you look at your very own list from Forbes, you will see that both ICBC's $134.77 and Wal-mark's [sic] $469.2 are sales figures, and the reason ICBC is listed ahead of Wal-mart is because Forbes has used some weird combination of sales, profits, assets and market cap to determine the order of "biggest".

Re:hey dummies

Retail has really low margins, though, so I would be kinda interested on their profit for that 469.2 billion.

Re:hey dummies

Not sure if the article was changed or the summary was wrong, but the article now correctly uses the figure $300,000.

Re: hey dummies

And I'm captain planet. Stop spouting off bullshit under the AC banner. It doesn't matyer if you're the pope or president. You just loon like a complete dispshit. Put up or shut up.

Re: hey dummies

It doesn't matyer if you're the pope or president. You just loon like a complete dispshit.

Takes one to know one.

Re:hey dummies

[LordLimecat]

WHen youre talking about revenue, its typically a yearly thing, so no, "Trillions of dollars of revenue" is not accurate for any company on the face of the earth unless you were to append "over X many years".

Are you really being so pedantic as to point out that technically I could project a revenue of several hundred million dollars over the next several decades? Noone discusses revenue in those terms.

Broken article link

[KublaiKhan]

Or was this meant to trick us into reading about Zuckerberg?

Re:Broken article link

[stewsters]

Or is Mark Zuckerburg the gang behind cryptolocker, and this was a Freudian slip?

Re:Broken article link

A broken link is a link that is just that. Broken. It's a valid link, just the wrong one.

So, Zuckerberg is behind cryptolocker????

[wbr1]

Here is the correct link: http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

Re:So, Zuckerberg is behind cryptolocker????

[war4peace]

...And it's a fun read, too:

"English is not the CryptoLocker Group's first language" - apparently it's not IB Times's, either, as seen in the article: "CryptoLocker is not currently being sold to anyone other criminal gangs".
"it was being distributed by the Gameover Zeus malware, in some cases via the renowned Cutwail bonnet."
"malware is typical among cyber-criminals in Russia and easter Europe,"
"this was quickly cut to 1 bitcoin, 0.5 bitcoin and at the time of publication, 0.5 bitcoin." - yes, there's a deep cut from 0.5 to 0.5, for sure. We should all rejoice!

Re:So, Zuckerberg is behind cryptolocker????

Ahh! So "Easter bonnet" must be the codeword for the forthcoming attack on[No Carrier]

Error

Link points to unrelated article about Mark Zuckerberg.

Re:Error

[Drethon]

Are you sure it is unrelated? Facebook seems to be asking a lot of money for nothing tangible too...

Re:Error

[JWW]

Maybe this technology is related to Facebook.

Imagine, Facebook's users are generating unique, pithy, substantive and deep posts to put on Facebook, but this crypto locker stuff is just converting those awesome posts into worthless drivel about piddly silly details about the Facebook breakfast or exercise routine.

Wow!

That's amazing! Though I am not sure what Mark Zuckerburg has to do with this though...

Wrong link?

The link in the article points to a Mark Zuckerberg article.

Wrong link

The link goes to the Zuckerberg story.

Is execution enough?

With this level of evil, I think execution by prolonged torture may be appropriate for this scum. All these Russian brains being wasted on criminality.

Re:Is execution enough?

[tompaulco]

First, make them pay back everybody they ransomed, times 10, then execute them. If they don't have the money to pay back times 10 then we can find a company to pay back everybody times 10 and then make the perpetrators have to work for that company for free until their debt is paid off.

If Caught...

These guys really do deserve the death penalty.

Re:If Caught...

Who, Zuckerberg?

Re:If Caught...

[houstonbofh]

Who, Zuckerberg?

I am still deciding...

Re:If Caught...

Who, Zuckerberg?

I am still deciding...

If Zuckerberg is 50% as sleezy as depicted in "The Social Network", he is a pox upon society and like other CEOs must be sent to Gitmo where he can teach the terrorists how to become CEOs.

Re:If Caught...

[tqk]

If Zuckerberg is 50% as sleezy as depicted in "The Social Network", ...

Not that I'm defending him, but you do know that was a Hollywood production, yes? When have that bunch *ever* portrayed an actual event with any degree approaching accuracy?

Re:If Caught...

These guys really do deserve the death penalty.

...and who are you to decide who gets to live and who doesn't?

Re:If Caught...

[ulatekh]

[Y]ou do know that was a Hollywood production, yes? When have that bunch *ever* portrayed an actual event with any degree approaching accuracy?

Primary Colors? Granted, the real Bill Clinton seems fictional.
Wag The Dog? We live that every day.
Sneakers? Surprisingly accurate about real hacking.
Max Headroom? Just around the corner...about twenty minutes from now, in fact.
Robocop? Could be shot in present-day Detroit. No need for expensive sets!

I could go on. Hollywood gets it right occasionally.

Correct Link

[DavidGilbert99]

Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

Re:Correct Link

[bondsbw]

Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

DavidGilbert99, please fix your damn article. You wrote the article, you wrote the summary, both with attention-getting headlines. And they both passed different sets of editors (assuming the editors even exist) and they are both incorrect with the $30M figure.

The only story behind this is how little they netted, not how much.

Re:Correct Link

[bondsbw]

Ok, you fixed the numbers in the article but have decided that with a bit of fuzzy math it's alright to keep perpetuating the attention-grabbing headline.

Re:Correct Link

[gnasher719]

DavidGilbert99, please fix your damn article. You wrote the article, you wrote the summary, both with attention-getting headlines. And they both passed different sets of editors (assuming the editors even exist) and they are both incorrect with the $30M figure.

The article that got linked now correctly says $300,000.

It also shows the value of a solution like Time Machine, which keeps older versions of files around for a long time.

Better Than Commercial Software?

Does CryptoLocker actually do what it says when a person pays? That's better than a lot of commercial software I've used. The gaming, media, and high-level engineering software industries are particularly bad on this point.

Re:Better Than Commercial Software?

[SJHillman]

We got hit by CryptoLocker twice back in November (in one case, it wreaked havoc on network shares because the user had way more permissions than necessary due to office politics). We didn't pay the ransom, but we worked with a vendor who was very familiar with CryptoLocker. According to them, every time people paid, they got the key as promised.

Re:Better Than Commercial Software?

[cjjjer]

So in other words you may have been working with the CryptoLocker gang? Would make sense that members pose as a vendor who can "fix" the issue. I am sure it would be just as lucrative...

Re:Better Than Commercial Software?

[ekgringo]

We knew someone at a sister company that was infected with CryptoLocker. He had no backups (they have no IT infrastructure) so he paid the ransom to recover his files. It appeared to start decryption, but the machine was old and we had to let it run over the weekend to complete. Windows Security Essentials had to be disabled in order for the decryption to work, but it re-enabled itself and blocked the decryption. By the time Monday rolled around, the decryption sever had been shut down or his ransom window had expired and so he ended up losing his data anyway.

Re:Better Than Commercial Software?

[wbr1]

No one can -fix- cryptolocker. It is pay and hope the key is delivered and works of have a recent backup. Otherwise you and all your attached storage are fucked.

Re:Better Than Commercial Software?

So, uh, what good is Windows Security Essentials at all if it allows this shit in the first place?

Re:Better Than Commercial Software?

[SJHillman]

That seems unlikely, as this vendor has a long-term support contract with us and gained nothing extra from giving us help with it. But make sure you know who you can trust ahead of time.

Re:Better Than Commercial Software?

[i+kan+reed]

So, you made a donation to organized crime. How charitable.

Re:Better Than Commercial Software?

[zeugma-amp]

So, you made a donation to organized crime. How charitable.

As did this police department ...

US local police department pays CryptoLocker ransom

=snip=

A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports.

The police department spokesman claimed that the infection had been mopped up and their systems secured, with no personal information stolen.

=end snip=

Re:Better Than Commercial Software?

Even the scummiest of criminals knows that if you don't deliver once, then no one is going to want to deal with you again, so if you're going to fuck someone over, it had better be enough to live on for a while. How would you feel if your crack dealer robbed you? You'd be pissed and take your stolen car radio to another dealer next time and your first dealer wouldn't have many more customers to rob in the future.

Re:Better Than Commercial Software?

[Kardos]

They have absolutely no way of knowing if any sensitive information was stolen from a PC that has been owned by crypto ransomware.

Re:Better Than Commercial Software?

Was he able to get his money back at least?

Re:Better Than Commercial Software?

That seems unlikely, as this vendor has a long-term support contract with us and gained nothing extra from giving us help with it. But make sure you know who you can trust ahead of time.

What exactly did they help you with? Files encrypted by CryptoLocker can not be decrypted without the key. Just removing CryptoLocker so it doesn't do further damage is something most AV software can do.

Re:Better Than Commercial Software?

[Bill,+Shooter+of+Bul]

Yes they do. Just delcare everything to be non-sensitive. Much easier than doing any kind of research.

Re:Better Than Commercial Software?

We did the same - but not because we had no backups but because the person who was infected was actually rather privileged and had read/write access and drives mapped to many servers and it encrypted them all. We paid 2BTC which at the time was about $400 as it would have cost us much more in staffing and OT to restore the files across the servers in addition to the data that was lost due to being encrypted before that days backup ran.

I find your story suspect because the same thing happened to us with MSE but after re-downloading and re-running the virus after MSE trashed it, it picked up where it left off and continued to decrypt the rest of the files. In addition, it had downloaded the private key from wherever and put it on the system so we could have decrypted the files ourselves if for whatever reason the virus was unable.

I have to admit, it was ingenious. They seemed to put as much effort into the decryption/restoration part of the virus as they did the infection/encryption. I suppose this is because if it was known that even if you paid there was a good chance you wouldn't get your data back then you wouldn't pay - but still - i was impressed.

Re:Better Than Commercial Software?

I seem to remember hearing about a 3rd party tool that will do the decryption with the key that they gave you and it is better written and doesn't crash.

Re:Better Than Commercial Software?

[lw54]

I'm aware of several consulting clients who were hit by CryptoLocker to various degrees. Most restored their data from a previous backup. Two paid the ransom. Several waited too late to get us involved and were left without a backup and unable to pay the past due ransom.

Re:Better Than Commercial Software?

[TheCarp]

> I have to admit, it was ingenious. They seemed to put as much effort into the decryption/restoration
> part of the virus as they did the infection/encryption. I suppose this is because if it was known that
> even if you paid there was a good chance you wouldn't get your data back then you wouldn't pay -
> but still - i was impressed.

If you think about it, the story where they hit the police, who paid, and got their files back is amazing advertising for them. There is now a high profile, widely circulated story which shows positively: they actually do what they promise to do. I bet that has seriously helped them get paid.

I mean sure, in a normal "service" they could have just done that one right and screwed everyone else, but, as an "IT Service" (lol) doing it right once means they can do it right over and over, so why not?

If you are going to be the gang that everybody hates, and wants to see go away, you may as well be the gang everybody hates and wishes would go away, but is known for at least honoring your extortion contracts. Nobody wants to pay you, if they think they are scewed either way, why would they?

At least if they hate you but know they really are getting what they pay for.... its not like it costs that much more to do right.

Re:Better Than Commercial Software?

[DigiShaman]

Look at it this way: So some thug walks up to you and blows your kneecap off, and then threatens to blow your head off next if you don't hand over some money. What are you doing to do? Not saying it's right, but should an entire business fall on the sword out of principle? They could be left bankrupt from the damage.

Re:Better Than Commercial Software?

[nctritech]

A company with a proper data backup plan will not be seriously affected by this thing. Unfortunately, the vast majority of the small businesses I work with don't have a backup plan at all. Plugging in an external hard drive and setting up the backup software that came with it is NOT a sufficient backup plan, people! They unfortunately found this out the hard way and lost everything on one of their computers. Giving hundreds of dollars to a criminal enterprise was not an acceptable solution to the business owner, and I can't say I disagreed, especially since the old files weren't of much importance to the business anyway.

CryptoLocker should teach everyone to back up their work twice over and keep one backup isolated and very preferably off-site. Data is very easy to lose at the worst possible time.

Re:Better Than Commercial Software?

[nctritech]

They should have proper backup procedures. Sadly, most don't back up at all. If they're hit with this thing, they have to weigh the negative of paying criminals against the value of the data to them. If it's important enough, they don't really have many options.

Re:Better Than Commercial Software?

[LordLimecat]

Proper backups may or may not protect against this. The encryption is non-obvious, so if its with important-to-archive files that you dont use daily, it is very possible that the backups with good copies of the data will have grandfathered out by the time you realize you were hit.

Re:Better Than Commercial Software?

[SJHillman]

A proper data backup plan will prevent crippling devastation, but to say "not seriously affected" is somewhat ignorant. On a large network, it can take significant time to restore all affected files - especially if you need to bring in your offsite backups like we did because it wasn't detected until that set had been moved to our other location. In the meantime, we had hundreds of users calling in and complaining they couldn't access many files. We didn't want to do a blanket restore because that would wipe out many changes to unaffected files.

TL;DR: A proper backup plan is a storm cellar in a tornado. It keeps you alive, but there's still significant resources invested in clean-up.

Re: Better Than Commercial Software?

[nctritech]

Most of the people I work with are smaller corporations with less than 100GB of data, and the way I set them up guarantees that if the server hardware and filesystem aren't part of the problem, I can restore the data very quickly. Typically there are no network services at all other than Samba, so they don't even have databases to worry about. I can see how a larger or more active technical environment wouldn't be nearly so simple to recover though...my own office included. Having a 3TB mirror of everything doesn't change the horrible amount of time involved in copying that data from one drive to another and getting network services back up can be very frustrating.

Re:Better Than Commercial Software?

Not saying it's right, but should an entire business fall on the sword out of principle? They could be left bankrupt from the damage.

Once you've paid the Danegeld, you'll never get rid of the Dane.

Do you really think that crooks who have found an easy mark will just walk away? You'll get hit over and over and over. Stop that shit before it begins, because it will cripple your business.

Re:Better Than Commercial Software?

[ulatekh]

Why would anyone trust Microsoft security software when it was Microsoft Windows' own pathetic security that created the need for all this whack-a-mole virus-scanning in the first place?

Re:Better Than Commercial Software?

[dissy]

ekgringo said:
We knew someone ...*snip*

i kan reed replies:
So, you made... *snip*

dissy injects:
At least your username is pretty accurate. well played
.

Re:Better Than Commercial Software?

[L4t3r4lu5]

This is why I've recenly implemented offline backups. Previously we had overnight backups to files with a two week archive, but it was to online NAS devices. Now we have encrypted USB HDDs taken offsite each night.

£300 for two of them; The same we'd pay for a CryptoLocker key.

Alright NSA, why is this going on?

You're in every goddamn device on the planet but you can't shut this sort of shit down?

Another reason to execute y'all for treason.

Re:Alright NSA, why is this going on?

oh, you've just made cold fjord sad, you insensitive clod

Re:Alright NSA, why is this going on?

Anyone care to explain the joke for those who don't read everything cold fjord writes?

Re:Alright NSA, why is this going on?

cold fjord is to Slashdot what Jeffrey Toobin is to the mainstream media, a fucking government shill that spills lots of lies and distortions.
So when one talks about executing his buddies for treason, it can only get on his sensibilities.

Re:Alright NSA, why is this going on?

[mlw4428]

Treason, as defined by the US Constitution, is either aiding an enemy or starting a war with the US:

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort. No Person shall be convicted of Treason unless on the Testimony of two Witnesses to the same overt Act, or on Confession in open Court. The Congress shall have Power to declare the Punishment of Treason, but no Attainder of Treason shall work Corruption of Blood, or Forfeiture except during the Life of the Person attainted.

I grow tired of people throwing around that term as if they're some sort of uber-patriotic person who, for all of their patriotism, hasn't read the damned Constitution.

Re:Alright NSA, why is this going on?

I'd argue that the NSA is at war with the people of the US. They are aiding the enemy, as they provide our intelligence -- including our email and phone metadata -- to "allies" of the government. The federal government has the power under the NDAA to indefinitely detain, without trial, citizens if the suspect they are party to "terrorism." They have used military drones to assassinate US citizens traveling abroad. They even use the term "war on terror" to justify this, which makes me believe they define us as "terrorists" and are indeed at war with the citizenry.

Re:Alright NSA, why is this going on?

Oh sure. Next, you'll be expecting them to offer victims a free full restore of their lost systems.

It's not up to the fucking NSA to make sure people realize why it matters to back their shit the fuck up. If your data matters enough to pay $300 to a foreign criminal, then it probably matters enough for you to invest in a backup solution.

Also, it's bad enough these assholes watch me, I sure as fuck don't need them policing the internet. Neither do you.

Oddly enough, the captcha for this is "backup"

Windows

Microsoft security at work once again.

Why would anyone install this?

I don't understand what a user gets for their $300. It sounds like even after you pay, you're basically just back to where you were, before you installed the software. So why bother using it at all? Is this company just feeding on NSA paranoia?

Re:Why would anyone install this?

[SJHillman]

I can't tell if you're a troll or just an average AC....

Re:Why would anyone install this?

[tibit]

You must be so confused. It's ransomware: it encrypts your files with a public key. The private key is controlled by the gang. You don't pay, you end up with a bunch of random-looking data substituted for your files, since the gang destroys the unique private key after the time is up. Yes, you're basically just back to where you were, before you "installed" the software. The "bother" is with the software being ransomware. It's malware. It installs itself when you don't pay attention, like most people out there...

Re:Why would anyone install this?

[temcat]

Come on, that was sarcasm.

Re:Why would anyone install this?

[sunsurfandsand]

It's ransomware: it encrypts your files with a public key. The private key is controlled by the gang. You don't pay, you end up with a bunch of random-looking data substituted for your files, since the gang destroys the unique private key after the time is up.

Unfortunately, I couldn't afford the $300. Fortunately, I never liked my data anyway.

Re:Why would anyone install this?

[tibit]

'Twas detector malfunction, please accept my apologies ;)

See? Business model entirely without DRM.

[Erikderzweite]

Just look at those guys: they don't need to take our freedoms with draconian DRMs and bought legislation. Their programs can be freely copied, in fact, their whole business model depends on the software being copied at no cost!

What do they earn their money with, you ask? With high-quality cryptographic security service! Truly, a business model of the future.

They are not blaming pesky pirates for their losses, they don't whine that someone uses their work without permission. They work harder, are creative and produce high-quality product. And that is their key to success!

Re:See? Business model entirely without DRM.

[tibit]

That's what makes it even sadder. True but oh so sad...

Re:See? Business model entirely without DRM.

These guys are clearly job creators and so I think we need to give them some tax cuts immediately or they might stop innovating!

Re:See? Business model entirely without DRM.

[wvmarle]

I would say this malware IS DRM. Because what it does is it encrypts the content, and then demands money to have it decrypted. Sounds very much like your average DRM scheme.

A key difference appears to be that this one actually works - at least there is no mention in the article of it having been broken yet.

Re:See? Business model entirely without DRM.

[mrchaotica]

Nah, it's just regular cryptography. The definition of DRM requires that the owner of the data and the attacker be the same entity.

Re:See? Business model entirely without DRM.

[mlts]

Don't forget highly reliable, dependable software coupled with (as per previous postings) top tier customer support.

Re:See? Business model entirely without DRM.

[gnasher719]

Nah, it's just regular cryptography. The definition of DRM requires that the owner of the data and the attacker be the same entity.

DRM = Digital Rights Management. If I download videos or audiobooks with DRM, I have rights to use them, and the DRM controls these rights. My rights, not the rights of the movie or book company. So does this software. It controls _my_ rights to access the data. The only difference is that one makes sure I don't exceed my rights, while the other makes sure I can't execute my rights without paying ransom.

Re:See? Business model entirely without DRM.

[mrchaotica]

The only difference is that one makes sure I don't exceed my rights, while the other makes sure I can't execute my rights without paying ransom.

Both DRM and cryptolocker encrypt your data with a key you don't know.

The difference is that DRM attempts to let you use that key (to decrypt your data under the conditions that the DRM-imposer "allows") while simultaneously hiding the key from you (so that you can't decrypt your data under other conditions).

Cryptolocker, on the other hand, just gives you the key (after paying the ransom, obviously) -- there is none of the "simultaneously allowed and disallowed" nonsense that's inherent to DRM.

In other words, DRM tries to restrict your access to your data (which is inherently impossible). Cryptolocker essentially "steals" your data by encrypting it so that it stops being yours until you pay to get it back.

Re:See? Business model entirely without DRM.

[ruir]

They are in the wrong industry. They should run for politics, much easier to dig into pockets. They already have the ethics to start with.

Math?

250,000 x 300 x .004 = 300,000, not $30M. Or do I have something wrong?

Re:Math?

250,000 * .004 * $300 = $300,000, not $30 million. I think someone confused 0.4% with 40%.

I think you mean .04 not .004

250,000 * .04 * $300 = $3,000,000

Re:Math?

"0.4% of people paid the ransom"

0.4 / 100 (0.4% / 100%) = .004

Re: Math?

.04 = 4%.... Article says .4%...

Re:Math?

No.

Re:Math?

250,000 * .004 * $300 = $300,000, not $30 million. I think someone confused 0.4% with 40%.

I think you mean .04 not .004

250,000 * .04 * $300 = $3,000,000

No, he means .004. Apparently the writers of this article aren't the only ones bad at math.

0.4 = 40%, 0.04 = 4%, 0.004 = 0.4%.

Re:Math?

[wile_e_wonka]

I wish I had some mod points to mod this side conversation about .4% as "funny." Like, who exactly has infiltrated /. that doesn't understand this? Soon, they're going to need to remove "News for Nerds" as false.

Re:Math?

Now if we can only determine the connection between Zuckerberg and Verizon, we can blow this CryptoLocker thing wide open.
http://verizonmath.blogspot.ca/2006/12/verizon-doesnt-know-dollars-from-cents.html

Re:Math?

you are 10.0% correct

Re:Math?

[suso]

Now if we can only determine the connection between Zuckerberg and Verizon, we can blow this CryptoLocker thing wide open.
http://verizonmath.blogspot.ca/2006/12/verizon-doesnt-know-dollars-from-cents.html

Its amazing that this is the only comment that mentioned Verizon math. Maybe I'm not on the right site. This is Slashdot correct?

Math Fail?

According to my math, wouldn't this only be $300,000?
250,000 * 0.004 = 1,000
1,000 * $300 = $300,000

The only way to get $30 mill is to multiply by 0.4 when calculating 0.4%

NSA etc

[RichMan]

Where are the vaunted security agencies in providing protection for citizens? Should not the government have a hand in protecting its citizens?

Re:NSA etc

[SJHillman]

Get this labeled as "cyber-terrorism" (which is basically is) and they'll be all over it.

Re:NSA etc

[KiloByte]

You got it wrong: the NSA does cyber-terrorism, it doesn't fight it. Just like the PATRIOTUSA act was 100% promoting terrorism (spreading fear for political gain) rather than combatting it.

Re:NSA etc

From Webster's Dictionary:
terrorism noun \ter-r-i-zm\
: the use of violent acts to frighten the people in an area as a way of trying to achieve a political goal
: the systematic use of terror especially as a means of coercion

terror noun \ter-r, te-rr\
: a very strong feeling of fear

I'm coerced into not flying because I'm filled with a strong feeling of fear of being groped by a TSA agent.* I'm coerced into driving the speed limit due to the systematic use of fear of detention and harassment by the police.

In my experience, those who make the most noise about an enemy are typically guilty of the deeds they accuse the other of.

*I have only flown once since 2001, and will never fly again while the TSA is still in charge of airport security. Without any exaggeration, I was abused as a child and am filled with a very strong feeling of fear of being groped again.

Re: NSA etc

whaaat? some people pay really good money to let a stranger touch them.

Math?

[nmoore]

250,000 * .004 * $300 = $300,000, not $30 million. I think someone confused 0.4% with 40%.

Where's the money going?

[dysmal]

My guess is a government alphabet soup (KGB/CIA/NSA/whatever) agency. Seriously. Times are tough. Governments around the world are strapped for cash. How else is a government agency going have an operations budget? More importantly, why wouldn't an agency do this?

Re:Where's the money going?

[TheloniousToady]

You're right, it must be one of those. But they're actually doing you a service if you think about it. You see, all conspiracies exist solely to feed the paranoia of conspiracy theorists. Otherwise, there would be nothing for us to be afraid of. And what fun would that be?

Like roads and bridges, government conspiracies actually are built for the public good, but not for the obvious reasons: not for charitable reasons such as gathering data to protect The People, and not even for the cynical reasons of wielding power, making money, or even the sheer fun of doing evil. It's all about entertaining the public by feeding their paranoia. And all of us on Slashdot can be particularly thankful for that in this season of giving.

(Note to humor-challenged moderators: it's a joke, not a troll)

Justice

When they find these guys I hope they get a fair trail.. .. After which they're thrown in to a locked room with everyone who's lost data to their twisted scheme.

No sysadmins, though. You should know better. If a system you've been overseeing looses more than a day's worth of data to cryptolocker it means you had inadequate backups and and you should be ashamed.

Cryptolocker has been a wakeup call to everyone. It's a worst case nightmare. A hostile program targeting end-user systems with important data, intentionally destroying data.(And really good spear-phishing/social engineering work to help it find it's target!) It's made everyone re-evaluate backup plans, user privileges and privilege separation. Even things like shadow copies will keep you safe. (What's that called? File system versioning?)

Usually everyone thinks about accidental data loss, system failure, and data theft. Hostile, intentional data destruction is usually not even considered.

Re:Justice

[SJHillman]

We got hammered by CryptoLocker twice in November. Unfortunately, the backups of one of our affected fileservers crashed the same day, but we still lost very little data (none critical). The worst part is that it hits every mapped drive that the user has write-access to, and some of our legacy accounting and payroll systems require exactly those permissions. It's a real eye-opener, but what really gets you going is when you realize that CryptoLocker is actually pretty tame compared to what it could be - it only targets certain extensions, is easy to remove, is easy to block, and doesn't touch Windows.

Re:Justice

[stewsters]

Your data is far more important to most people that windows. You could just re-install if that is the case (which you probably should consider if you were hit with this). One issue I have with security is that almost everyone stores their most valuable files in a location that any program they start can edit. Its really easy for users, but means things like this are so much worse.

They should popularize a system where you can choose what programs have access to particular directories. I would imagine it would work something like the permissions for android, where when installing it says that it needs access to these particular permissions and your music library. For instance, I could have a documents folder that only my word processor can access, I could have a video folder that only vlc can access, and I could set it so my browser could not access anything but its configuration directory. Browsers already try to do this, but it would be nice to force it from the system. It doesn't stop a stupid user from downloading bad programs, but it should help reduce the effect of application bugs being exploited.

Re:Justice

[JaredOfEuropa]

This. I found this bit of info on Bitlocker surprising as well: "When first run, the payload installs itself in the Documents and Settings folder with a random name, and adds a key to the registry that causes it to run on startup." Is this still even possible on modern (ish) operating systems (Windows 7 / Windows 8). Windows seems to ask for permission whenever an .exe is executed, and you'd certainly think it would ask for permission when a program modifies that part of the registry.

Re:Justice

[SJHillman]

One issue is that it doesn't just affect the infected machine, but also every mapped drive. Reinstalling all of those systems would have been a nightmare's worth of downtime. Unfortunately, most of the mapped drives are a result of legacy systems with very finicky requirements that we can't move off of yet for one reason or another. I agree, your access control system would be nice (although I imagine the initial implementations would be a minor nightmare as proprietary apps try to lock out other programs that could otherwise read that data).

Re:Justice

[SJHillman]

It requires the user to run it in the first place, usually as an email attachment. And users have long since been conditioned to click Yes/Run/Continue on every pop-up box that gets between them and their perceived goal. As annoying as it is, I like the things that ask "Block? Yes/No" rather than "Allow? Yes/No" because it helps stop some of this click-yes-without-reading behavior.

The bright side of CryptoLocker's registry access is that it leaves a list of every file that it hit, which helped a lot when restoring from backups as we didn't need to test or restore absolutely every file.

Re:Justice

[mlts]

IMHO, CryptoLocker is just the first shot across the bow.

Long term, maybe it will be a good thing, similar to the old PC days where BIOS killing viruses finally got people to actually care about average security or else keep buying new computers.

Of course, malware like this pretty much trashes almost every single backup system known to man. The enterprise is less affected because of programs like NetBackup that pull data, so malicious software is unable to touch previous backups. However, the main form of backups people do (if they bother to do anything) is copying to a secondary hard disk, which allows the backups to be accessed by malware and destroyed. Services like Mozy sort of help, but they might not keep a previous version of a file that hasn't been corrupted by ransomware, especially if the software is relatively slow and encrypts files over a long period of time to escape detection.

What I am waiting to see is Cryptolocker's descendant. This software will install itself through a hole in a Web browser or add-ons. It will install a low level Windows driver. It will then generate a private key and keep it local to the machine, sending a backup to the ransomware's servers. The software will gradually encrypt files over time. However, when an encrypted file is accessed, it will decrypt it on the fly... for a time.

Then, once it completes encrypting files, it will stop decrypting on the fly, purges the private keys it used, then demand ransom. Since this was done over a period of weeks to months, even backups stored on Mozy or other places will be locked out.

Re:Justice

Most of the people affected are running XP.

Re:Justice

[JesseMcDonald]

What I am waiting to see is Cryptolocker's descendant. [...] The software will gradually encrypt files over time. However, when an encrypted file is accessed, it will decrypt it on the fly... for a time.

Then, once it completes encrypting files, it will stop decrypting on the fly, purges the private keys it used, then demand ransom. Since this was done over a period of weeks to months, even backups stored on Mozy or other places will be locked out.

Wouldn't the backup software also get the decrypted data? Or is the ransomware treating requests by the backup software differently than requests by other programs?

Re:Justice

[mlts]

Depends on OS. Windows uses snapshot functionality, and in theory, it wouldn't be hard for malware to not bother intercepting the files opened under a backup context so they get backed up encrypted compared to files opened directly by the user.

EFS on NTFS works in a similar fashion. If I back up a directory full of EFS protected files, they are stored encrypted. If I fire up a utility like WinRAR which opens files as an application does, Windows will decrypt the files automatically.

Re:Justice

[mlts]

I've been hacking together a system on a Windows Server 2012 box, where the clients copy their documents to a directory in their own individual shares, then when done, the directories get moved to another directory not accessible to the clients. Then, later in the night, the deduplication process fires off, so for the most part, only changed in the stored documents are stored. Of course, this may not help if the malware is smart enough to do its dirty work slowly over a period of time where old backups are cycled out.

As the parent stated, probably the best way to deal with this is what the parent stated -- something like the Qubes OS project where every application not just has its own memory space, but has its own filesystem completely separate from the other programs. Add to this a backup program that pulls data from a machine (where the client can only start backups, but cannot access backed up info unless it is directly pushed from the server), and this would provide some answer to ransomware.

The scary thing: Ransomware has been around, but CryptoLocker is really the first shot across the bow that uses browser (or browser add-on) holes, Trojans, and other weaknesses to actively do its dirty work. It also is extremely well engineered where the keys are not findable once the software does its nasty deeds.

Re:Justice

[mlts]

Depends on the OS. Server operating systems will have a SmartScreen filter that requests to be set up once the machine is running, and will immediately prompt if it encounters unsigned applications and disallow them to run.

This capability is present in Windows 7 and newer (AppLocker), but it isn't turned on unless someone has the "pro" version and access to gpedit.

Re:Justice

You could do that with a shell script and bitlocker if you wanted to. Cipher.exe can robustly wipe unused space on a disk while a user is using it and they won't notice. Key is stored in the certificate store and is easily deleted. Everything more or less runs in user mode. Same goes with most disk encryption software; if you can break the client-server communication and force a key change, you've won the battle.

Worms with an automatic spread feature are weak to honeypots; AV vendors would be able to spot something far in advance and apply an update that'd trash the thing. That's what makes cryptolocker so devastating; they're using compromised and spoofed email accounts to distribute it and it's targeting small businesses using undocumented, purchased vector attacks. Some of these attacks go for $10k+ a pop; I have no doubt in my mind these guys are making money hand over fist. Medium and bigger Enterprise businesses have had their rears covered for years. No telling how much actual economic damage this malware has really done or will do but this is FAR from over. FAR FAR from over.

My company got hit about a month back; it came in through a banner ad. We were using storagecraft shadowprotect. I was here until 2 AM but we were back up in the morning, literally zero data-loss. The way I found out was users were opening files off a file-share and getting garble. I'm getting hit up now for a automated desktop backup scheme and while I have my ass covered by 600gb of enterprise grade storage and a 4-disk hot potato in the trunk backup scheme, we still need to do it.

Re:Justice

[mlts]

If the data is stored on SSD, it even is easier... just encrypt the files and force a TRIM on empty space.

Previous to this, ransomware was in the wings, but it was relatively amateurish. It used relatively small keys, or spread via a vector that was already plugged by most AV stuff. Now, with zero-days used to get the software onto machines, this is not just a threat, but a big money-maker for the bad guys.

Zuckerberg

[Frankie70]

That's where the Mark Zuckerberg Link comes in. Zuckerberg will sell FB stock worth 2.3 billion$ & give the CryptoLocker guys 30 million $ from that.

Good job with the quality control guys!

Subject speaks for itself. Slashdot loses crediibility for every irrelevant article that gets published.

motive always equals results

free the innocent stem cells

Not computers, but Windows.

Huge difference.

Reamde?

This is straight out of a freaking Neal Stephenson novel!

Said every IT person. Ever.

[girlintraining]

"So, do you have a current backup?"
-- Every tech support number you'll call, anywhere. Ever.

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?

Re:Said every IT person. Ever.

[thebes]

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive".

And how many people that do use an external drive actually unplug it after the fact?

Re:Said every IT person. Ever.

your forgetting that almost no one changes their own oil any more, people are just too lazy and that's the only answer. that is why certain companies have stopped including dip sticks with their engines and instead require you to go to a service center to check your oil levels. one failed sensor and your engine is toast..

and you expect people to perform their own backups? your analogy is correct but you miss the fact that you are not the average person as you have the common sense not to run your car for 15,000 miles with out thinking to change your oil. for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster

Re:Said every IT person. Ever.

[wbr1]

Unfortunately, an external drive backup using your scheme is of little to no use against this threat. It will encrypt all attached drives, network, USB or otherwise, so long as the user has permissions. It will start with commonly needed file extensions first.

Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.

Re:Said every IT person. Ever.

[swb]

And you also need enough of the right kind of backups.

Basic drag-and-drop copy backups for desktop users where they keep the backup device connected and online for convenience or scheduling would be of limited value due to the fact that they do could be crypto-lockered. Your backup needs to be of a type that can't be compromised by cryptolocker, either in a format it doesn't attack or on a system/media that is isolated from a desktop infection.

Further, you need enough retention in your backup so that you can restore the data to a state prior to the infection. A client I work with that got hit but didn't report it until days later. A short retention cycle backup where only a few copies are kept might prevent the backup from even containing useful information. Fortunately for my client, we had 21 days of online retention and were easily able to restore files to a pre-modified state.

I also like to advise that data access be restricted so that the totality of information stored isn't vulnerable to one person's computer going haywire. It always amazes me how many places find the "dumping ground" method of organization useful, where all data is accessible by all users. Unfortunately once you get there, it's hard to change because there's little coherency to the information, making it difficult to segment and often represents organizational challenges in trying to establish limits.

Re:Said every IT person. Ever.

Because of multiple persistent and well-funded ad campaigns with the goal to convince the average user that they are too stupid to use a computer.

Re:Said every IT person. Ever.

[girlintraining]

for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster

I don't agree. A toaster can be abused and run into the ground without hurting your wallet too much. People tend to sit up and take notice when you start talking about dropping half their yearly net income on something. Now, that doesn't mean they have common sense -- plenty of people have all the sense of a turnip, but to suggest they put a car in the same category as a toaster is absurd.

As for those sensors... no, it takes more than one failed sensor to blow up your engine. There is an oil pressure sensor, and an oil level sensor, at minimum, in the vehicles you mention. But let's ignore that and say they both simply give up the digital ghost without warning... the car's onboard computer will still trip out when you exceed the odometer tracking the miles since last oil change. But even if all of that technology fails, there is still one thing left to save your engine from mechanical oblivion: Your own eyes and ears.

Engines that are low on oil tend to run hot, and they tend to run hard. They don't accelerate, they feel like they're losing power, and dear god do they make noise as they die. All that overheating metal is going rat-a-tak-tak and war-warrrrr-waaaaahhhhhrrrrr.... as it dies, smoking and belching steam. If you fail to notice all of these signs, you don't deserve a car.

Re:Said every IT person. Ever.

I hate to break it to you but the average worker does not want to know how to use a computer...it gives them an excuse to do nothing and/or call the IT department and sit around drinking coffee. Nothing more pathetic than some asshole going "well, gosh, i'm just not that good with computers *shrug*" then turning around and twiddling his phone like a maniac. Excuse me, fucko, but that phone is a fucking computer and you seem to be using it just fine.

Re:Said every IT person. Ever.

[tlhIngan]

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?

Because it's dull and boring. Do you vacuum the floor of your house weekly? Or change the bedsheets? Clean the toilet? Dust (even just cleaning the dust out of your PC)?

The problem is it's a chore. A huge PITA to go and plug stuff in, drag and drop, and then unplug it.

The funny thing is that companies have been doing it the convenient way for ages - backups happen at night and all that stuff, with no intervention from the admin or users.

I happen to have current backups because all my PCs back themselves up over the network at night automatically. I don't do a single thing - it just happens. Once in a while they miss a backup because of an error, but it usually resolves itself in a couple of days. No muss, no fuss, it just works.

The real irony is Microsoft discontinued the software - Windows Home Server was perhaps the single most easy to use backup solution ever - once you install the connector software, the backups happen automatically overnight. And even better, it backs up network and disk drivers so as long as you have access to the backup via another system, you can copy the drivers so even if your PC is too new for the restore DVD, you can still instruct it to load the saved drivers (off USB key) and perform a network restore.

And it also was a de-dupe full image backup - you could restore to a blank hard drive and get back your system as it was, OS and all (and you can of course, browse a image backup by date and use Explorer to copy files off the backup if you only need to restore a few files or folders).

Honestly, one of the most slick backup solutions around for home use, and it's discontinued now.

Re:Said every IT person. Ever.

[joe_frisch]

Can it encrypt files on a different type of system? If you backup from a PC to a linux server, if the PC is infected can it corrupt the files on the linux machine. (sorry if this is an ignorant question)

I generally have one addition layer of protection - the linux server has a backup that only has root write permissions, so the windows machines can't write to the backup disks (though I assume this can be hacked as well). Then I have offsite backups, but they are only updated monthly.

Re:Said every IT person. Ever.

[reikae]

Because it's dull and boring. Do you vacuum the floor of your house weekly? Or change the bedsheets? Clean the toilet? Dust (even just cleaning the dust out of your PC)?

I don't change the bedsheets quite that often but otherwise yes. Are you suggesting that most people actually don't? I get your point but I think the comparisons are quite bad. Most people probably value a clean home, whereas few understand the value of backups (until they lose data).

Re:Said every IT person. Ever.

[Bob+the+Super+Hamste]

Engines that are low on oil tend to run hot, and they tend to run hard. They don't accelerate, they feel like they're losing power, and dear god do they make noise as they die. All that overheating metal is going rat-a-tak-tak and war-warrrrr-waaaaahhhhhrrrrr.... as it dies, smoking and belching steam.

Sadly you have just described all of the vehicles my mother and step father have owned over the last 25 years. Far too many people treat things like they are disposable, even big ticket things like vehicles, so not taking care of relatively inexpensive things like a computer doesn't surprise me much at all.

Re:Said every IT person. Ever.

It uses the Windows encryption API to encrypt the files, so if the external device can be managed by Windows, then, yes, the files can be encrypted. That means things like SAMBA shares. However, if the external files are read only then they are safe.

Re:Said every IT person. Ever.

Yes, it writes to shares too.

What'll save your ass is backups, or snapshots - Volume Shadow Copy on Windows, or btrfs (or ZFS?) snapshots on Linux. Or, of course, it plain not having write permissions to the shares.

Re:Said every IT person. Ever.

[HornWumpus]

Heard from an old lady who just ruined her new car:

I know I had oil, every time I started my car a light came on and told me I had oil.

Re:Said every IT person. Ever.

[tepples]

And how many people that do use an external drive actually unplug it after the fact?

Anyone who uses an external USB flash drive, for one.

Re:Said every IT person. Ever.

[wbr1]

File system and location matter not. If it is seen as a drive letter or sub folder in windows on the infected machine, and it has write/modify access, you are done.

Re:Said every IT person. Ever.

[callmebill]

So maybe a good backup situation (for individuals) would be: 1. Keep flash drive in USB hole a. Leave it unmounted somehow 2. At backup time: i. Mount the flash drive ii. Copy files iii. Unmount 3. ... 4. Profit!

Re:Said every IT person. Ever.

If it shows up as a drive that Windows can write to, then CryptoLocker will encrypt it.

If you have a backup program that writes to a network stream (i.e. you're not mounting the backupspace), your backup should be intact.

Re:Said every IT person. Ever.

[mlts]

This may be archaic, but this is one application where tape backups can come in handy. Once data is stashed on a tape and the tape dismounted, it is out of reach to malware looking for anything online to disrupt. WORM tapes even more so, since once the session is closed, it is there for good, so malware can't erase the data that is previously written.

Maybe one idea that might help with this is an external hard drive with a large UDF filesystem. Files can be easily copied to it, but once written, they cannot be deleted. Of course, the malware can fill up the drive with garbage or files similar to the relevant ones making it useless for backups, but the data already written would still be accessible.

Re:Said every IT person. Ever.

[mlts]

The only non-enterprise backup utility that can do this client-server motif these days is Retrospect. However, the licensing fees for the server version are atrocious. It works OK with disks, but apparently with optical media like Blu-Rays, it has a very limited hardware list, and anything not on the list will not be allowed to even read backups.

Of course, there is always NetBackup, but the ticket for entry into that ballgame will be six digits.

Re:Said every IT person. Ever.

[nctritech]

For small business Linux storage servers, I personally use rsync to maintain a mirror of a Linux server's shared folder repository and copy out mirrored files that change to a rolling backup snapshot structure which is also shared out as read-only. If something encrypts all their documents, they have 60 days worth of backup snapshots and one of those will be massive from the huge number of files changing out when cron fires off rsync. Recovery is so simple, too.

rsync -av $BACKUP/backup.$AGE_IN_DAYS/ $SAMBA_SHARED_FOLDER/

Re:Said every IT person. Ever.

[Cro+Magnon]

So, that means it would also f**k up my Dropbox stuff?

Re:Said every IT person. Ever.

[LordLimecat]

drag and drop from "My documents" to "My external drive".

Reality check: That backup system almost never works; users as a practical matter tend not to remember to do something like that, because its tedious and takes forever and requires you to do it by hand.

Suggest an automated backup solution that they can periodically check, or stop yelling at them because you failed to provide a decent solution. Crashplan is a rather good one that I recommend, because it starts reliably blasting emails out when backups dont happen, and it does "incrementals forever" in a way that has proven to be highly reliable.

Re:Said every IT person. Ever.

[LordLimecat]

Clearly you dont work with many end users. Most that I know DO leave them plugged in; for those that dont, it tends to screw any automatic backup system they might have.

Re:Said every IT person. Ever.

One of my customers (retiree in an assisted-living home) has a 2GB flash drive on his computer, so he can install his Golf98 game. It couldn't install on his computer because it the drive was so large (around 100GB or so) it rolled the counter over and thought it had -782378223MB (or something similar) available.

So I pulled out one of my old USB sticks, plugged it into an open port on the back of the system, and installed the game to drive E:. It works fine, as long as no one unplugs it.

Re:Said every IT person. Ever.

[Solandri]

Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.

An always-attached USB drive is not a backup. It's just additional storage where you happen to be keeping a copy of your files.

The whole point of a backup is that you have a safe copy of your files should you accidentally delete the wrong thing, a lightning bolt fries your equipment, burglars break in and steal the computer equipment you've left sitting out in the open, a fire burns down your house, or yes, some virus encrypts all your files.

Make the backup, detach the drive, and either store it in a drawer at work or put it in a locked fireproof safe. Leaving it always attached defeats the purpose of a backup.

Re:Said every IT person. Ever.

[Capt.DrumkenBum]

You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you?

You have obviously never met my mother.

on a side note

[die+standing]

Crypto-Smasher V3.10 was used by Gary and Wyatt to make Lisa... just sayin.

Correct the headline please

Why not correct the blatantly false headline? Slashdot has editors, please edit! $30 million is 100 times more than the math actually adds up to. On Slashdot, I would expect simple math to be verified!

Good for them...

... I make 50 million every 2 days in eve online.

lecture someone else on the Constitution

like maybe our government.

After 9/11, anything is "aid and comfort"

[tepples]

Since 2001-09-12, the day after a terrorist attack on the World Trade Center, the list of things deemed "giving [enemies] Aid and Comfort" has exploded.

Re:After 9/11, anything is "aid and comfort"

[mlw4428]

You missed the point entirely. The crime can't be treason, because the state can't be an enemy of the state. I'm not saying it's not unconstitutional or that what they're doing is legal...it just isn't treason. It's like charging someone pulled over for speeding with murder. The crime doesn't fit the definition you're giving it.

Re:After 9/11, anything is "aid and comfort"

Since 2001-09-12, the day after a terrorist attack on the World Trade Center, the list of things deemed "giving [enemies] Aid and Comfort" has exploded.

Exploded? What, did the plant a bomb on that too?

Re:After 9/11, anything is "aid and comfort"

[tepples]

Yes. When the United States expanded its police state, certain far-right religious fundamentalists in the Middle East achieved their goal of reducing Americans' freedom. The terrorists won.

Re:After 9/11, anything is "aid and comfort"

[ulatekh]

Thank you. I thought I was the only one that noticed this.

Re:After 9/11, anything is "aid and comfort"

They hate us for our freedom? Really going with that?

Re:After 9/11, anything is "aid and comfort"

Al-Qaeda had a goal. Bin-Laden made demands. 9-11 was about American foreign policy in the middle east. The U.S. has appeased the terrorists by moving some of its military out of the Arabian peninsula (a Bin-Laden demand) and removing an arab secularist from power (Iraq). Our influence in the middle east is still strong and we still support Israel. "The terrorists" is not an entity, Al-Qaeda is the relevant enemy. Al-Qaeda has not won. No matter what you think you are saying by "the terrorists won", you are still parroting U.S. propaganda. Building an American police state is entirely an American aspiration.

Attacker *is* the 0wn3r

[tepples]

The definition of DRM requires that the owner of the data and the attacker be the same entity.

If CryptoLocker has a chance to run, then the attacker has pretty much owned the machine.

Brain-dead default: the gift that keeps on giving

[istartedi]

Microsoft's brain-dead default of "hide file extensions" is cited in the article as part of the social engineering aspect that gets users to click on the files. It's the gift that keeps on giving... to black hats.

Hiding the file extension does NOTHING to make things easier on the user or make the UI any cleaner. It's not like we have 40 column displays where the file extension is "too long" and going to take away "screen real estate".

This has been going on literally for DECADES NOW. How can Microsoft be so blind? Whenever I get a new Windows box, it's the first thing I disable because if I don't, I'll just end up creating files with names like, "DailyLog.txt.txt".

Whoever is at MS, insisting that this remain the default needs to be hauled out, shot, drawn, quartered, and the pieces sent to be displayed in the lobbies of their 4 largest offices.

The cost of Microsoft's NSA backdoors

Modern computer hardware has inbuilt mechanisms that can make modern OSs far, far less vulnerable to attack. However, to evolve the OS software in this manner would lock out nefarious actions by intelligence agencies. So, for instance, Microsoft's Windows product are terrible by design- riddled with lousy coding, horrendous misuse of the memory management functions of the CPU, and no ability to truly isolate tasks running on separate cores. Amongst this chaos, Microsoft is free to introduce THOUSANDS of back-doors fro the use of the NSA and partners, using the crapness of the codebase as a standard 'plausible deniability' excuse.

Watch, for instance, how quickly the usual vile shills spout the line "do not suggest intent when incompetence will suffice as an explanation".

So those criminal gangs from Israel, that operate with impunity in zionist controlled regions of ex-Soviet states, are free to abuse the users of Windows in whatever ways they can imagine. The criminals usually have direct access to the NSA documents detailing the back-door exploits, due to the absolute partnership of Israeli and American intelligence agencies. Half of the US congress at least work as unofficial agents of Israel, and ensure that what the NSA knows, so does Israeli intelligence. And what Israeli intelligence knows, so do the criminal gangs in nations like the Ukraine.

The degree to which these criminals push their luck is driven by criminal logic. BUT the more criminals get away with a play, the more it is psychologically understood that the criminal mind will wish to expand in that area, even if it is obvious a public backlash is approaching.

Ransomware is a direct consequence of the ambitions of the NSA, the desire Bill Gates has to serve what he calls "the elite", and the servile relationship America has with the twin depravities of Israel and Saudi Arabia. No-one in power gives a damn about the inconvenience suffered by you and yours. The concerns of the racist lunatics that run Saudi Arabia and Israel trump yours, and those of other ordinary Americans, every time.

Try this to fix the infection...

[weeboo0104]

I believe I got hit by this about a week ago when I clicked on an advert linked on Chicago Tribune's website.

A fullscreen message appeared saying my computer had been encrypted and I had to pay $300 to decrypt it. I pulled my network cable out and had to power off my PC because the keyboard would not work. I was able to boot back up, but when I logged in both regularly and in Safe-Mode, a full white screen saying "please connect to the Internet" appeared and I couldn't use the keyboard again.

I pressed F8 on boot and booted into Safe-Mode Command line only. Once I logged in and saw the command line, I typed rstrui.exe (windows System Recovery) and using the Restore Wizard, restored to a checkpoint from a day earlier. I restarted my PC again and let it boot normally and once I was able to log in without seeing the message, reconnected my network cable.

My PC was never encrypted. The message only said it was. The clincher was before I booted Windows in Safe-Mode, I used a Knoppix DVD to mount the Windows partition and copy off my personal data before I started the recovery process. The data was perfectly readable and not encrypted.

Re:Try this to fix the infection...

You lucked out and caught it in time.

Someone I work with got it and didn't notice it changed her desktop wallpaper until hours later.

By then all her docs were encrypted (and some on network shares but we had backups).

The encryption is slow so it may not have had time to get any of your files or it got some but not all. If it hits a large file (such as a 9GB Outlook PST file like this user had) it'll delay it even more.

Basically if you open regedit and check
"HKEY_CURRENT_USER\Software\CryptoLocker\Files" you'll see all the files it encrypted.

We didn't pay, we just told the user to pretend she's a new hire cause she lost everything :)

Re:Try this to fix the infection...

[NoImNotNineVolt]

So I've got to ask... why were you clicking on advertisements?!

Re:Try this to fix the infection...

[Taibhsear]

I did the same thing to fix a friend's laptop. It was windows 8 though and giving me shit so I ultimately had to just rip the drive out and mount to another system. It was a pain in the ass but still recoverable.

Re:Try this to fix the infection...

Probably by accident. I, myself, have clicked several ads by accident through the years. Deliberately? Never.

Re:Try this to fix the infection...

[TwoBit]

But there was still a browser exploit involved, right? What version of what browser was being used?

What is the Market telling us?

It seems to be telling us by price signalling that this is the more efficient way to earn money.

Re:Zuckerberg

Wow, never have I seen so many unmoderated redundant and offtopic comments in a thread!

Re:Brain-dead default: the gift that keeps on givi

[NoImNotNineVolt]

I'm seriously in love with your sig. Thank you for making the interwebs a better place.

REAMDE

The plot of the book REAMDE centers around ransomware malware like this one. That is a great book!

Laptop appendage

[tepples]

Good luck fitting your laptop back in its case with the USB flash drive hanging out of it. Or do you work only with desktop users?

Re:Laptop appendage

[LordLimecat]

Laptop users that I've worked with tend to use cloud backup, which I tend to encourage because its the only way the backups get done.

extortion - what amount

The ransom amount is fairly important. Consider at what point it is cheaper for one or possibly several vitims to get together and hire someone to track these criminals down and break their legs (or put a .22 in the back of their heads)
Even events of victims going after lower level 'farmed' operatives of these criminals would put a dampener on the same kind of activities.

Ad networks responsible.

And this is why I won't give up my ad blockers (and noscript) regardless of what "damage" I am doing to the net economy. It's a shame that the advertising networks are not held responsible for serving up this malware.

Re:Brain-dead default: the gift that keeps on givi

[Applehu+Akbar]

In my residential IT practice, I have encountered users - business professionals - who insist on keeping file extensions hidden.

Re:Brain-dead default: the gift that keeps on givi

Whoever is at MS, insisting that file extensions remain the sole means of marking a file as executable needs to be hauled out, shot, drawn, quartered, and the pieces sent to be displayed in the lobbies of their 4 largest offices.

FTFY

Re:Title wrong too.

[Technician]

Change title from earns to extorts. It is ransomware.

Cloud backup service's storage cap

[tepples]

Laptop users that I've worked with tend to use cloud backup, which I tend to encourage

Guess what a laptop user does when he runs into the cloud backup service's storage cap. He cuts down the set of folders that get backed up. Expanding offline backup capacity doesn't have an annual fee per GB like what iCloud, Dropbox, and SkyDrive charge.

Re:Brain-dead default: the gift that keeps on givi

[dkman]

I agree whole-heartedly with this.

I used to have a whole list of tweaks I would do to explorer on an XP machine to make it "ready for use". The first item on that list was to turn off Hide Extensions.

That, and show hidden files, are the only one's I still do routinely.

The first time an email cropped up exploiting the malware.jpg.exe "oo lookie, a picture" issue this (hiding information from the user) should have been dropped as the default.

Since when has hiding information ever made anything better? But what should we expect when they deciding to remove visual cues from their latest OS? Flat buttons anyone? Hidden magic corners (Linux distros jumped on board with that one too). Mobile OS's using picture buttons when you can't hover to see what it's going to do before clicking on it... but I digress