CryptoLocker Gang Earns $30 Million In Just 100 Days

hey dummies by Anonymous Coward · 2013-12-19 03:08 · Score: 5, Informative

The link is wrong

Re:hey dummies by bondsbw · 2013-12-19 03:21 · Score: 5, Informative

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

--
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
Re:hey dummies by Anonymous Coward · 2013-12-19 03:27 · Score: 1

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.
Yup. Maybe it was author of the article who paid the $30 million "second chance ransom"
Re:hey dummies by girlintraining · 2013-12-19 03:34 · Score: 3, Funny

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.
You can't expect journalists to have a grasp of basic math. Or the general public for that matter. Otherwise the headline "Company X settles 'largest lawsuit in history' at Y billion dollars" wouldn't have the impact it does after realizing Company X's revenue was Z trillion dollars. And who knows -- with the instability of bitcoin pricing, it might well be worth $30 million next week... -_-

--
#fuckbeta #iamslashdot #dicemustdie
Re:hey dummies by Anonymous Coward · 2013-12-19 03:53 · Score: 1

And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.
You can't expect journalists to have a grasp of basic math. Or the general public for that matter. Otherwise the headline "Company X settles 'largest lawsuit in history' at Y billion dollars" wouldn't have the impact it does after realizing Company X's revenue was Z trillion dollars. And who knows -- with the instability of bitcoin pricing, it might well be worth $30 million next week... -_-
Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.
http://money.cnn.com/magazines/fortune/fortune500/
Trillions would be the GDP of entire countries. So, yeah, "Y Billion Dollars" is a pretty freaking huge deal, especially when you consider the largest PROFIT in a company is Exxon Mobil with 44.8 billion. Lawsuits affect profit, not revenue.
Re:hey dummies by GameboyRMH · 2013-12-19 04:03 · Score: 1

Things Slashdot editors aren't so good with: Junior-high level math, URLs.

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Re:hey dummies by Dynedain · 2013-12-19 04:05 · Score: 1

So the author confused .4% with 0.4 (aka 40%) to get the $30M figure. So much for editors in publishing.

--
I'm out of my mind right now, but feel free to leave a message.....
Re:hey dummies by girlintraining · 2013-12-19 04:11 · Score: 4, Informative

Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.
You seem to be laboring under the delusion that companies only exist, and earn profit, for one year. Then they return to their ancestral home in the profit river, where they lay their nest eggs and golden parachutes for the next generation, and then die.
Alas, companies make revenue year over year... and some of the biggest frauds this country has seen have taken decades before the government acted to stop it. So "Trillions of dollars of revenue" is not an inaccurate statement. At least not if you have more brains than an anonymous coward...

--
#fuckbeta #iamslashdot #dicemustdie
Re:hey dummies by bondsbw · 2013-12-19 04:24 · Score: 1

The author changed the article. You can tell because the link is "www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607" but the headline now says "CryptoLocker Gang Earns Millions in Just 100 Days" (changing from "$30 million" to just "millions").
Where before the headline was based on bad math, the new headline is based on fuzzy math because someone indicated that the earnings could be many times more than what was reported.

--
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
Re:hey dummies by bondsbw · 2013-12-19 06:32 · Score: 1

The article never mentions this as "per day". And the author has since changed the number from $30M to $300K, so I'm pretty sure it meant over the 100 day period.

--
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
Re:hey dummies by Anonymous Coward · 2013-12-19 07:29 · Score: 1

Actually it seems that you are the one who does not know the difference between revenue and sales. Sales are one component of Revenue. Thus, for any company Revenue >= Sales. http://smallbusiness.chron.com/difference-between-revenue-sales-31110.html
In fact if you look at your very own list from Forbes, you will see that both ICBC's $134.77 and Wal-mark's [sic] $469.2 are sales figures, and the reason ICBC is listed ahead of Wal-mart is because Forbes has used some weird combination of sales, profits, assets and market cap to determine the order of "biggest".
Re:hey dummies by LordLimecat · 2013-12-19 09:21 · Score: 1

WHen youre talking about revenue, its typically a yearly thing, so no, "Trillions of dollars of revenue" is not accurate for any company on the face of the earth unless you were to append "over X many years".
Are you really being so pedantic as to point out that technically I could project a revenue of several hundred million dollars over the next several decades? Noone discusses revenue in those terms.

Broken article link by KublaiKhan · 2013-12-19 03:08 · Score: 2

Or was this meant to trick us into reading about Zuckerberg?

--
In Xanadu did Kubla Khan
A stately pleasure dome decree

Re:Broken article link by stewsters · 2013-12-19 03:10 · Score: 3, Funny

Or is Mark Zuckerburg the gang behind cryptolocker, and this was a Freudian slip?

So, Zuckerberg is behind cryptolocker???? by wbr1 · 2013-12-19 03:09 · Score: 5, Informative

Here is the correct link: http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

--
Silence is a state of mime.

Re:So, Zuckerberg is behind cryptolocker???? by war4peace · 2013-12-19 04:25 · Score: 4, Funny

...And it's a fun read, too:
"English is not the CryptoLocker Group's first language" - apparently it's not IB Times's, either, as seen in the article: "CryptoLocker is not currently being sold to anyone other criminal gangs".
"it was being distributed by the Gameover Zeus malware, in some cases via the renowned Cutwail bonnet."
"malware is typical among cyber-criminals in Russia and easter Europe,"
"this was quickly cut to 1 bitcoin, 0.5 bitcoin and at the time of publication, 0.5 bitcoin." - yes, there's a deep cut from 0.5 to 0.5, for sure. We should all rejoice!

--
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)

Correct Link by DavidGilbert99 · 2013-12-19 03:14 · Score: 2, Informative

Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

Re:Correct Link by bondsbw · 2013-12-19 04:13 · Score: 3, Insightful

Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

DavidGilbert99, please fix your damn article. You wrote the article, you wrote the summary, both with attention-getting headlines. And they both passed different sets of editors (assuming the editors even exist) and they are both incorrect with the $30M figure.
The only story behind this is how little they netted, not how much.

--
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
Re:Correct Link by bondsbw · 2013-12-19 04:21 · Score: 1

Ok, you fixed the numbers in the article but have decided that with a bit of fuzzy math it's alright to keep perpetuating the attention-grabbing headline.

--
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
Re:Correct Link by gnasher719 · 2013-12-19 06:18 · Score: 1

DavidGilbert99, please fix your damn article. You wrote the article, you wrote the summary, both with attention-getting headlines. And they both passed different sets of editors (assuming the editors even exist) and they are both incorrect with the $30M figure.
The article that got linked now correctly says $300,000.

It also shows the value of a solution like Time Machine, which keeps older versions of files around for a long time.

Better Than Commercial Software? by Anonymous Coward · 2013-12-19 03:15 · Score: 2, Funny

Does CryptoLocker actually do what it says when a person pays? That's better than a lot of commercial software I've used. The gaming, media, and high-level engineering software industries are particularly bad on this point.

Re:Better Than Commercial Software? by SJHillman · 2013-12-19 03:25 · Score: 2

We got hit by CryptoLocker twice back in November (in one case, it wreaked havoc on network shares because the user had way more permissions than necessary due to office politics). We didn't pay the ransom, but we worked with a vendor who was very familiar with CryptoLocker. According to them, every time people paid, they got the key as promised.
Re:Better Than Commercial Software? by cjjjer · 2013-12-19 03:48 · Score: 1

So in other words you may have been working with the CryptoLocker gang? Would make sense that members pose as a vendor who can "fix" the issue. I am sure it would be just as lucrative...
Re:Better Than Commercial Software? by ekgringo · 2013-12-19 03:52 · Score: 4, Interesting

We knew someone at a sister company that was infected with CryptoLocker. He had no backups (they have no IT infrastructure) so he paid the ransom to recover his files. It appeared to start decryption, but the machine was old and we had to let it run over the weekend to complete. Windows Security Essentials had to be disabled in order for the decryption to work, but it re-enabled itself and blocked the decryption. By the time Monday rolled around, the decryption sever had been shut down or his ransom window had expired and so he ended up losing his data anyway.
Re:Better Than Commercial Software? by wbr1 · 2013-12-19 04:02 · Score: 1

No one can -fix- cryptolocker. It is pay and hope the key is delivered and works of have a recent backup. Otherwise you and all your attached storage are fucked.

--
Silence is a state of mime.
Re:Better Than Commercial Software? by Anonymous Coward · 2013-12-19 04:10 · Score: 1

So, uh, what good is Windows Security Essentials at all if it allows this shit in the first place?
Re:Better Than Commercial Software? by SJHillman · 2013-12-19 04:11 · Score: 1

That seems unlikely, as this vendor has a long-term support contract with us and gained nothing extra from giving us help with it. But make sure you know who you can trust ahead of time.
Re:Better Than Commercial Software? by i+kan+reed · 2013-12-19 04:15 · Score: 3, Insightful

So, you made a donation to organized crime. How charitable.
Re:Better Than Commercial Software? by zeugma-amp · 2013-12-19 04:58 · Score: 4, Interesting

So, you made a donation to organized crime. How charitable.
As did this police department ...
US local police department pays CryptoLocker ransom
=snip=
A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports.
The police department spokesman claimed that the infection had been mopped up and their systems secured, with no personal information stolen.
=end snip=

--
This is an ex-parrot!
Re:Better Than Commercial Software? by Kardos · 2013-12-19 05:30 · Score: 1

They have absolutely no way of knowing if any sensitive information was stolen from a PC that has been owned by crypto ransomware.
Re:Better Than Commercial Software? by Anonymous Coward · 2013-12-19 05:45 · Score: 1

That seems unlikely, as this vendor has a long-term support contract with us and gained nothing extra from giving us help with it. But make sure you know who you can trust ahead of time.
What exactly did they help you with? Files encrypted by CryptoLocker can not be decrypted without the key. Just removing CryptoLocker so it doesn't do further damage is something most AV software can do.
Re:Better Than Commercial Software? by Bill,+Shooter+of+Bul · 2013-12-19 05:58 · Score: 3, Informative

Yes they do. Just delcare everything to be non-sensitive. Much easier than doing any kind of research.

--
Well.. maybe. Or Maybe not. But Definitely not sort of.
Re:Better Than Commercial Software? by lw54 · 2013-12-19 06:59 · Score: 1

I'm aware of several consulting clients who were hit by CryptoLocker to various degrees. Most restored their data from a previous backup. Two paid the ransom. Several waited too late to get us involved and were left without a backup and unable to pay the past due ransom.
Re:Better Than Commercial Software? by TheCarp · 2013-12-19 07:39 · Score: 1

> I have to admit, it was ingenious. They seemed to put as much effort into the decryption/restoration
> part of the virus as they did the infection/encryption. I suppose this is because if it was known that
> even if you paid there was a good chance you wouldn't get your data back then you wouldn't pay -
> but still - i was impressed.
If you think about it, the story where they hit the police, who paid, and got their files back is amazing advertising for them. There is now a high profile, widely circulated story which shows positively: they actually do what they promise to do. I bet that has seriously helped them get paid.
I mean sure, in a normal "service" they could have just done that one right and screwed everyone else, but, as an "IT Service" (lol) doing it right once means they can do it right over and over, so why not?
If you are going to be the gang that everybody hates, and wants to see go away, you may as well be the gang everybody hates and wishes would go away, but is known for at least honoring your extortion contracts. Nobody wants to pay you, if they think they are scewed either way, why would they?
At least if they hate you but know they really are getting what they pay for.... its not like it costs that much more to do right.

--
"I opened my eyes, and everything went dark again"
Re:Better Than Commercial Software? by DigiShaman · 2013-12-19 08:08 · Score: 1

Look at it this way: So some thug walks up to you and blows your kneecap off, and then threatens to blow your head off next if you don't hand over some money. What are you doing to do? Not saying it's right, but should an entire business fall on the sword out of principle? They could be left bankrupt from the damage.

--
Life is not for the lazy.
Re:Better Than Commercial Software? by nctritech · 2013-12-19 08:48 · Score: 2

A company with a proper data backup plan will not be seriously affected by this thing. Unfortunately, the vast majority of the small businesses I work with don't have a backup plan at all. Plugging in an external hard drive and setting up the backup software that came with it is NOT a sufficient backup plan, people! They unfortunately found this out the hard way and lost everything on one of their computers. Giving hundreds of dollars to a criminal enterprise was not an acceptable solution to the business owner, and I can't say I disagreed, especially since the old files weren't of much importance to the business anyway.

CryptoLocker should teach everyone to back up their work twice over and keep one backup isolated and very preferably off-site. Data is very easy to lose at the worst possible time.
Re:Better Than Commercial Software? by nctritech · 2013-12-19 08:50 · Score: 1

They should have proper backup procedures. Sadly, most don't back up at all. If they're hit with this thing, they have to weigh the negative of paying criminals against the value of the data to them. If it's important enough, they don't really have many options.
Re:Better Than Commercial Software? by LordLimecat · 2013-12-19 09:25 · Score: 2

Proper backups may or may not protect against this. The encryption is non-obvious, so if its with important-to-archive files that you dont use daily, it is very possible that the backups with good copies of the data will have grandfathered out by the time you realize you were hit.
Re:Better Than Commercial Software? by SJHillman · 2013-12-19 10:33 · Score: 1

A proper data backup plan will prevent crippling devastation, but to say "not seriously affected" is somewhat ignorant. On a large network, it can take significant time to restore all affected files - especially if you need to bring in your offsite backups like we did because it wasn't detected until that set had been moved to our other location. In the meantime, we had hundreds of users calling in and complaining they couldn't access many files. We didn't want to do a blanket restore because that would wipe out many changes to unaffected files.
TL;DR: A proper backup plan is a storm cellar in a tornado. It keeps you alive, but there's still significant resources invested in clean-up.
Re: Better Than Commercial Software? by nctritech · 2013-12-19 10:54 · Score: 1

Most of the people I work with are smaller corporations with less than 100GB of data, and the way I set them up guarantees that if the server hardware and filesystem aren't part of the problem, I can restore the data very quickly. Typically there are no network services at all other than Samba, so they don't even have databases to worry about. I can see how a larger or more active technical environment wouldn't be nearly so simple to recover though...my own office included. Having a 3TB mirror of everything doesn't change the horrible amount of time involved in copying that data from one drive to another and getting network services back up can be very frustrating.
Re:Better Than Commercial Software? by ulatekh · 2013-12-19 16:09 · Score: 1

Why would anyone trust Microsoft security software when it was Microsoft Windows' own pathetic security that created the need for all this whack-a-mole virus-scanning in the first place?

--
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters
Re:Better Than Commercial Software? by dissy · 2013-12-19 16:41 · Score: 1

ekgringo said:
We knew someone ...*snip*
i kan reed replies:
So, you made... *snip*
dissy injects:
At least your username is pretty accurate. well played
.
Re:Better Than Commercial Software? by L4t3r4lu5 · 2013-12-20 00:50 · Score: 1

This is why I've recenly implemented offline backups. Previously we had overnight backups to files with a two week archive, but it was to online NAS devices. Now we have encrypted USB HDDs taken offsite each night.

Â£300 for two of them; The same we'd pay for a CryptoLocker key.

--
Finally had enough. Come see us over at https://soylentnews.org/

Alright NSA, why is this going on? by Anonymous Coward · 2013-12-19 03:18 · Score: 3, Insightful

You're in every goddamn device on the planet but you can't shut this sort of shit down?

Another reason to execute y'all for treason.

Re:Alright NSA, why is this going on? by Anonymous Coward · 2013-12-19 03:31 · Score: 4, Funny

oh, you've just made cold fjord sad, you insensitive clod
Re:Alright NSA, why is this going on? by Anonymous Coward · 2013-12-19 05:07 · Score: 2, Interesting

cold fjord is to Slashdot what Jeffrey Toobin is to the mainstream media, a fucking government shill that spills lots of lies and distortions.
So when one talks about executing his buddies for treason, it can only get on his sensibilities.
Re:Alright NSA, why is this going on? by mlw4428 · 2013-12-19 05:33 · Score: 1

Treason, as defined by the US Constitution, is either aiding an enemy or starting a war with the US:

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort. No Person shall be convicted of Treason unless on the Testimony of two Witnesses to the same overt Act, or on Confession in open Court. The Congress shall have Power to declare the Punishment of Treason, but no Attainder of Treason shall work Corruption of Blood, or Forfeiture except during the Life of the Person attainted.

I grow tired of people throwing around that term as if they're some sort of uber-patriotic person who, for all of their patriotism, hasn't read the damned Constitution.

See? Business model entirely without DRM. by Erikderzweite · 2013-12-19 03:23 · Score: 3, Interesting

Just look at those guys: they don't need to take our freedoms with draconian DRMs and bought legislation. Their programs can be freely copied, in fact, their whole business model depends on the software being copied at no cost!

What do they earn their money with, you ask? With high-quality cryptographic security service! Truly, a business model of the future.

They are not blaming pesky pirates for their losses, they don't whine that someone uses their work without permission. They work harder, are creative and produce high-quality product. And that is their key to success!

Re:See? Business model entirely without DRM. by tibit · 2013-12-19 03:28 · Score: 1

That's what makes it even sadder. True but oh so sad...

--
A successful API design takes a mixture of software design and pedagogy.
Re:See? Business model entirely without DRM. by wvmarle · 2013-12-19 04:04 · Score: 2

I would say this malware IS DRM. Because what it does is it encrypts the content, and then demands money to have it decrypted. Sounds very much like your average DRM scheme.
A key difference appears to be that this one actually works - at least there is no mention in the article of it having been broken yet.
Re:See? Business model entirely without DRM. by mrchaotica · 2013-12-19 04:13 · Score: 1

Nah, it's just regular cryptography. The definition of DRM requires that the owner of the data and the attacker be the same entity.

--
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Re:See? Business model entirely without DRM. by mlts · 2013-12-19 04:21 · Score: 1

Don't forget highly reliable, dependable software coupled with (as per previous postings) top tier customer support.
Re:See? Business model entirely without DRM. by gnasher719 · 2013-12-19 06:23 · Score: 1

Nah, it's just regular cryptography. The definition of DRM requires that the owner of the data and the attacker be the same entity.
DRM = Digital Rights Management. If I download videos or audiobooks with DRM, I have rights to use them, and the DRM controls these rights. My rights, not the rights of the movie or book company. So does this software. It controls _my_ rights to access the data. The only difference is that one makes sure I don't exceed my rights, while the other makes sure I can't execute my rights without paying ransom.
Re:See? Business model entirely without DRM. by mrchaotica · 2013-12-19 07:01 · Score: 2

The only difference is that one makes sure I don't exceed my rights, while the other makes sure I can't execute my rights without paying ransom.
Both DRM and cryptolocker encrypt your data with a key you don't know.
The difference is that DRM attempts to let you use that key (to decrypt your data under the conditions that the DRM-imposer "allows") while simultaneously hiding the key from you (so that you can't decrypt your data under other conditions).
Cryptolocker, on the other hand, just gives you the key (after paying the ransom, obviously) -- there is none of the "simultaneously allowed and disallowed" nonsense that's inherent to DRM.
In other words, DRM tries to restrict your access to your data (which is inherently impossible). Cryptolocker essentially "steals" your data by encrypting it so that it stops being yours until you pay to get it back.

--
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Re:See? Business model entirely without DRM. by ruir · 2013-12-19 17:17 · Score: 1

They are in the wrong industry. They should run for politics, much easier to dig into pockets. They already have the ethics to start with.

NSA etc by RichMan · 2013-12-19 03:24 · Score: 2

Where are the vaunted security agencies in providing protection for citizens? Should not the government have a hand in protecting its citizens?

Re:NSA etc by SJHillman · 2013-12-19 03:29 · Score: 2

Get this labeled as "cyber-terrorism" (which is basically is) and they'll be all over it.
Re:NSA etc by KiloByte · 2013-12-19 03:37 · Score: 2

You got it wrong: the NSA does cyber-terrorism, it doesn't fight it. Just like the PATRIOTUSA act was 100% promoting terrorism (spreading fear for political gain) rather than combatting it.

--
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.

Math? by nmoore · 2013-12-19 03:24 · Score: 1, Interesting

250,000 * .004 * $300 = $300,000, not $30 million. I think someone confused 0.4% with 40%.

Re:Why would anyone install this? by SJHillman · 2013-12-19 03:26 · Score: 1

I can't tell if you're a troll or just an average AC....

Where's the money going? by dysmal · 2013-12-19 03:28 · Score: 1

My guess is a government alphabet soup (KGB/CIA/NSA/whatever) agency. Seriously. Times are tough. Governments around the world are strapped for cash. How else is a government agency going have an operations budget? More importantly, why wouldn't an agency do this?

Re:Where's the money going? by TheloniousToady · 2013-12-19 04:03 · Score: 1

You're right, it must be one of those. But they're actually doing you a service if you think about it. You see, all conspiracies exist solely to feed the paranoia of conspiracy theorists. Otherwise, there would be nothing for us to be afraid of. And what fun would that be?
Like roads and bridges, government conspiracies actually are built for the public good, but not for the obvious reasons: not for charitable reasons such as gathering data to protect The People, and not even for the cynical reasons of wielding power, making money, or even the sheer fun of doing evil. It's all about entertaining the public by feeding their paranoia. And all of us on Slashdot can be particularly thankful for that in this season of giving.
(Note to humor-challenged moderators: it's a joke, not a troll)

Re:Why would anyone install this? by tibit · 2013-12-19 03:28 · Score: 1

You must be so confused. It's ransomware: it encrypts your files with a public key. The private key is controlled by the gang. You don't pay, you end up with a bunch of random-looking data substituted for your files, since the gang destroys the unique private key after the time is up. Yes, you're basically just back to where you were, before you "installed" the software. The "bother" is with the software being ransomware. It's malware. It installs itself when you don't pay attention, like most people out there...

--
A successful API design takes a mixture of software design and pedagogy.

Zuckerberg by Frankie70 · 2013-12-19 03:30 · Score: 1

That's where the Mark Zuckerberg Link comes in. Zuckerberg will sell FB stock worth 2.3 billion$ & give the CryptoLocker guys 30 million $ from that.

Re:Error by Drethon · 2013-12-19 03:35 · Score: 4, Funny

Are you sure it is unrelated? Facebook seems to be asking a lot of money for nothing tangible too...

Re:Justice by SJHillman · 2013-12-19 03:36 · Score: 2

We got hammered by CryptoLocker twice in November. Unfortunately, the backups of one of our affected fileservers crashed the same day, but we still lost very little data (none critical). The worst part is that it hits every mapped drive that the user has write-access to, and some of our legacy accounting and payroll systems require exactly those permissions. It's a real eye-opener, but what really gets you going is when you realize that CryptoLocker is actually pretty tame compared to what it could be - it only targets certain extensions, is easy to remove, is easy to block, and doesn't touch Windows.

Said every IT person. Ever. by girlintraining · 2013-12-19 03:37 · Score: 4, Insightful

"So, do you have a current backup?"
-- Every tech support number you'll call, anywhere. Ever.

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?

--
#fuckbeta #iamslashdot #dicemustdie

Re:Said every IT person. Ever. by thebes · 2013-12-19 03:46 · Score: 3, Insightful

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive".
And how many people that do use an external drive actually unplug it after the fact?
Re:Said every IT person. Ever. by Anonymous Coward · 2013-12-19 03:58 · Score: 2, Interesting

your forgetting that almost no one changes their own oil any more, people are just too lazy and that's the only answer. that is why certain companies have stopped including dip sticks with their engines and instead require you to go to a service center to check your oil levels. one failed sensor and your engine is toast..
and you expect people to perform their own backups? your analogy is correct but you miss the fact that you are not the average person as you have the common sense not to run your car for 15,000 miles with out thinking to change your oil. for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster
Re:Said every IT person. Ever. by wbr1 · 2013-12-19 04:05 · Score: 5, Informative

Unfortunately, an external drive backup using your scheme is of little to no use against this threat. It will encrypt all attached drives, network, USB or otherwise, so long as the user has permissions. It will start with commonly needed file extensions first.
Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.

--
Silence is a state of mime.
Re:Said every IT person. Ever. by swb · 2013-12-19 04:13 · Score: 2

And you also need enough of the right kind of backups.
Basic drag-and-drop copy backups for desktop users where they keep the backup device connected and online for convenience or scheduling would be of limited value due to the fact that they do could be crypto-lockered. Your backup needs to be of a type that can't be compromised by cryptolocker, either in a format it doesn't attack or on a system/media that is isolated from a desktop infection.
Further, you need enough retention in your backup so that you can restore the data to a state prior to the infection. A client I work with that got hit but didn't report it until days later. A short retention cycle backup where only a few copies are kept might prevent the backup from even containing useful information. Fortunately for my client, we had 21 days of online retention and were easily able to restore files to a pre-modified state.
I also like to advise that data access be restricted so that the totality of information stored isn't vulnerable to one person's computer going haywire. It always amazes me how many places find the "dumping ground" method of organization useful, where all data is accessible by all users. Unfortunately once you get there, it's hard to change because there's little coherency to the information, making it difficult to segment and often represents organizational challenges in trying to establish limits.
Re:Said every IT person. Ever. by girlintraining · 2013-12-19 04:27 · Score: 1

for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster
I don't agree. A toaster can be abused and run into the ground without hurting your wallet too much. People tend to sit up and take notice when you start talking about dropping half their yearly net income on something. Now, that doesn't mean they have common sense -- plenty of people have all the sense of a turnip, but to suggest they put a car in the same category as a toaster is absurd.
As for those sensors... no, it takes more than one failed sensor to blow up your engine. There is an oil pressure sensor, and an oil level sensor, at minimum, in the vehicles you mention. But let's ignore that and say they both simply give up the digital ghost without warning... the car's onboard computer will still trip out when you exceed the odometer tracking the miles since last oil change. But even if all of that technology fails, there is still one thing left to save your engine from mechanical oblivion: Your own eyes and ears.
Engines that are low on oil tend to run hot, and they tend to run hard. They don't accelerate, they feel like they're losing power, and dear god do they make noise as they die. All that overheating metal is going rat-a-tak-tak and war-warrrrr-waaaaahhhhhrrrrr.... as it dies, smoking and belching steam. If you fail to notice all of these signs, you don't deserve a car.

--
#fuckbeta #iamslashdot #dicemustdie
Re:Said every IT person. Ever. by tlhIngan · 2013-12-19 04:51 · Score: 1

And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?
Because it's dull and boring. Do you vacuum the floor of your house weekly? Or change the bedsheets? Clean the toilet? Dust (even just cleaning the dust out of your PC)?
The problem is it's a chore. A huge PITA to go and plug stuff in, drag and drop, and then unplug it.
The funny thing is that companies have been doing it the convenient way for ages - backups happen at night and all that stuff, with no intervention from the admin or users.
I happen to have current backups because all my PCs back themselves up over the network at night automatically. I don't do a single thing - it just happens. Once in a while they miss a backup because of an error, but it usually resolves itself in a couple of days. No muss, no fuss, it just works.
The real irony is Microsoft discontinued the software - Windows Home Server was perhaps the single most easy to use backup solution ever - once you install the connector software, the backups happen automatically overnight. And even better, it backs up network and disk drivers so as long as you have access to the backup via another system, you can copy the drivers so even if your PC is too new for the restore DVD, you can still instruct it to load the saved drivers (off USB key) and perform a network restore.
And it also was a de-dupe full image backup - you could restore to a blank hard drive and get back your system as it was, OS and all (and you can of course, browse a image backup by date and use Explorer to copy files off the backup if you only need to restore a few files or folders).
Honestly, one of the most slick backup solutions around for home use, and it's discontinued now.
Re:Said every IT person. Ever. by joe_frisch · 2013-12-19 05:16 · Score: 1

Can it encrypt files on a different type of system? If you backup from a PC to a linux server, if the PC is infected can it corrupt the files on the linux machine. (sorry if this is an ignorant question)
I generally have one addition layer of protection - the linux server has a backup that only has root write permissions, so the windows machines can't write to the backup disks (though I assume this can be hacked as well). Then I have offsite backups, but they are only updated monthly.
Re:Said every IT person. Ever. by reikae · 2013-12-19 05:17 · Score: 1

Because it's dull and boring. Do you vacuum the floor of your house weekly? Or change the bedsheets? Clean the toilet? Dust (even just cleaning the dust out of your PC)?
I don't change the bedsheets quite that often but otherwise yes. Are you suggesting that most people actually don't? I get your point but I think the comparisons are quite bad. Most people probably value a clean home, whereas few understand the value of backups (until they lose data).
Re:Said every IT person. Ever. by Bob+the+Super+Hamste · 2013-12-19 05:24 · Score: 2

Engines that are low on oil tend to run hot, and they tend to run hard. They don't accelerate, they feel like they're losing power, and dear god do they make noise as they die. All that overheating metal is going rat-a-tak-tak and war-warrrrr-waaaaahhhhhrrrrr.... as it dies, smoking and belching steam.
Sadly you have just described all of the vehicles my mother and step father have owned over the last 25 years. Far too many people treat things like they are disposable, even big ticket things like vehicles, so not taking care of relatively inexpensive things like a computer doesn't surprise me much at all.

--
Time to offend someone
Re:Said every IT person. Ever. by HornWumpus · 2013-12-19 06:11 · Score: 1

Heard from an old lady who just ruined her new car:

I know I had oil, every time I started my car a light came on and told me I had oil.

--
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Re:Said every IT person. Ever. by tepples · 2013-12-19 06:13 · Score: 2

And how many people that do use an external drive actually unplug it after the fact?
Anyone who uses an external USB flash drive, for one.
Re:Said every IT person. Ever. by wbr1 · 2013-12-19 06:15 · Score: 1

File system and location matter not. If it is seen as a drive letter or sub folder in windows on the infected machine, and it has write/modify access, you are done.

--
Silence is a state of mime.
Re:Said every IT person. Ever. by callmebill · 2013-12-19 06:31 · Score: 1

So maybe a good backup situation (for individuals) would be: 1. Keep flash drive in USB hole a. Leave it unmounted somehow 2. At backup time: i. Mount the flash drive ii. Copy files iii. Unmount 3. ... 4. Profit!
Re:Said every IT person. Ever. by mlts · 2013-12-19 07:54 · Score: 1

This may be archaic, but this is one application where tape backups can come in handy. Once data is stashed on a tape and the tape dismounted, it is out of reach to malware looking for anything online to disrupt. WORM tapes even more so, since once the session is closed, it is there for good, so malware can't erase the data that is previously written.
Maybe one idea that might help with this is an external hard drive with a large UDF filesystem. Files can be easily copied to it, but once written, they cannot be deleted. Of course, the malware can fill up the drive with garbage or files similar to the relevant ones making it useless for backups, but the data already written would still be accessible.
Re:Said every IT person. Ever. by mlts · 2013-12-19 07:58 · Score: 1

The only non-enterprise backup utility that can do this client-server motif these days is Retrospect. However, the licensing fees for the server version are atrocious. It works OK with disks, but apparently with optical media like Blu-Rays, it has a very limited hardware list, and anything not on the list will not be allowed to even read backups.
Of course, there is always NetBackup, but the ticket for entry into that ballgame will be six digits.
Re:Said every IT person. Ever. by nctritech · 2013-12-19 08:55 · Score: 1

For small business Linux storage servers, I personally use rsync to maintain a mirror of a Linux server's shared folder repository and copy out mirrored files that change to a rolling backup snapshot structure which is also shared out as read-only. If something encrypts all their documents, they have 60 days worth of backup snapshots and one of those will be massive from the huge number of files changing out when cron fires off rsync. Recovery is so simple, too.

rsync -av $BACKUP/backup.$AGE_IN_DAYS/ $SAMBA_SHARED_FOLDER/
Re:Said every IT person. Ever. by Cro+Magnon · 2013-12-19 09:13 · Score: 1

So, that means it would also f**k up my Dropbox stuff?

--
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Re:Said every IT person. Ever. by LordLimecat · 2013-12-19 09:30 · Score: 1

drag and drop from "My documents" to "My external drive".
Reality check: That backup system almost never works; users as a practical matter tend not to remember to do something like that, because its tedious and takes forever and requires you to do it by hand.
Suggest an automated backup solution that they can periodically check, or stop yelling at them because you failed to provide a decent solution. Crashplan is a rather good one that I recommend, because it starts reliably blasting emails out when backups dont happen, and it does "incrementals forever" in a way that has proven to be highly reliable.
Re:Said every IT person. Ever. by LordLimecat · 2013-12-19 09:31 · Score: 1

Clearly you dont work with many end users. Most that I know DO leave them plugged in; for those that dont, it tends to screw any automatic backup system they might have.
Re:Said every IT person. Ever. by Solandri · 2013-12-19 09:56 · Score: 1

Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.
An always-attached USB drive is not a backup. It's just additional storage where you happen to be keeping a copy of your files.

The whole point of a backup is that you have a safe copy of your files should you accidentally delete the wrong thing, a lightning bolt fries your equipment, burglars break in and steal the computer equipment you've left sitting out in the open, a fire burns down your house, or yes, some virus encrypts all your files.

Make the backup, detach the drive, and either store it in a drawer at work or put it in a locked fireproof safe. Leaving it always attached defeats the purpose of a backup.
Re:Said every IT person. Ever. by Capt.DrumkenBum · 2013-12-19 10:36 · Score: 1

You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you?
You have obviously never met my mother.

--
If I were God, wouldn't I protect my churches from acts of me?

Re:Why would anyone install this? by temcat · 2013-12-19 03:50 · Score: 1

Come on, that was sarcasm.

on a side note by die+standing · 2013-12-19 03:53 · Score: 1

Crypto-Smasher V3.10 was used by Gary and Wyatt to make Lisa... just sayin.

Re:Justice by stewsters · 2013-12-19 03:54 · Score: 2

Your data is far more important to most people that windows. You could just re-install if that is the case (which you probably should consider if you were hit with this). One issue I have with security is that almost everyone stores their most valuable files in a location that any program they start can edit. Its really easy for users, but means things like this are so much worse.

They should popularize a system where you can choose what programs have access to particular directories. I would imagine it would work something like the permissions for android, where when installing it says that it needs access to these particular permissions and your music library. For instance, I could have a documents folder that only my word processor can access, I could have a video folder that only vlc can access, and I could set it so my browser could not access anything but its configuration directory. Browsers already try to do this, but it would be nice to force it from the system. It doesn't stop a stupid user from downloading bad programs, but it should help reduce the effect of application bugs being exploited.

Re:Justice by JaredOfEuropa · 2013-12-19 04:00 · Score: 1

This. I found this bit of info on Bitlocker surprising as well: "When first run, the payload installs itself in the Documents and Settings folder with a random name, and adds a key to the registry that causes it to run on startup." Is this still even possible on modern (ish) operating systems (Windows 7 / Windows 8). Windows seems to ask for permission whenever an .exe is executed, and you'd certainly think it would ask for permission when a program modifies that part of the registry.

--
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...

Re:If Caught... by houstonbofh · 2013-12-19 04:03 · Score: 1

Who, Zuckerberg?

I am still deciding...

Re:Math? by wile_e_wonka · 2013-12-19 04:03 · Score: 1

I wish I had some mod points to mod this side conversation about .4% as "funny." Like, who exactly has infiltrated /. that doesn't understand this? Soon, they're going to need to remove "News for Nerds" as false.

Re:Justice by SJHillman · 2013-12-19 04:06 · Score: 1

One issue is that it doesn't just affect the infected machine, but also every mapped drive. Reinstalling all of those systems would have been a nightmare's worth of downtime. Unfortunately, most of the mapped drives are a result of legacy systems with very finicky requirements that we can't move off of yet for one reason or another. I agree, your access control system would be nice (although I imagine the initial implementations would be a minor nightmare as proprietary apps try to lock out other programs that could otherwise read that data).

Re:Justice by SJHillman · 2013-12-19 04:09 · Score: 1

It requires the user to run it in the first place, usually as an email attachment. And users have long since been conditioned to click Yes/Run/Continue on every pop-up box that gets between them and their perceived goal. As annoying as it is, I like the things that ask "Block? Yes/No" rather than "Allow? Yes/No" because it helps stop some of this click-yes-without-reading behavior.

The bright side of CryptoLocker's registry access is that it leaves a list of every file that it hit, which helped a lot when restoring from backups as we didn't need to test or restore absolutely every file.

Re:Error by JWW · 2013-12-19 04:15 · Score: 2

Maybe this technology is related to Facebook.

Imagine, Facebook's users are generating unique, pithy, substantive and deep posts to put on Facebook, but this crypto locker stuff is just converting those awesome posts into worthless drivel about piddly silly details about the Facebook breakfast or exercise routine.

Re:Justice by mlts · 2013-12-19 04:29 · Score: 4, Interesting

IMHO, CryptoLocker is just the first shot across the bow.

Long term, maybe it will be a good thing, similar to the old PC days where BIOS killing viruses finally got people to actually care about average security or else keep buying new computers.

Of course, malware like this pretty much trashes almost every single backup system known to man. The enterprise is less affected because of programs like NetBackup that pull data, so malicious software is unable to touch previous backups. However, the main form of backups people do (if they bother to do anything) is copying to a secondary hard disk, which allows the backups to be accessed by malware and destroyed. Services like Mozy sort of help, but they might not keep a previous version of a file that hasn't been corrupted by ransomware, especially if the software is relatively slow and encrypts files over a long period of time to escape detection.

What I am waiting to see is Cryptolocker's descendant. This software will install itself through a hole in a Web browser or add-ons. It will install a low level Windows driver. It will then generate a private key and keep it local to the machine, sending a backup to the ransomware's servers. The software will gradually encrypt files over time. However, when an encrypted file is accessed, it will decrypt it on the fly... for a time.

Then, once it completes encrypting files, it will stop decrypting on the fly, purges the private keys it used, then demand ransom. Since this was done over a period of weeks to months, even backups stored on Mozy or other places will be locked out.

Re:Why would anyone install this? by sunsurfandsand · 2013-12-19 05:27 · Score: 2

It's ransomware: it encrypts your files with a public key. The private key is controlled by the gang. You don't pay, you end up with a bunch of random-looking data substituted for your files, since the gang destroys the unique private key after the time is up.

Unfortunately, I couldn't afford the $300. Fortunately, I never liked my data anyway.

After 9/11, anything is "aid and comfort" by tepples · 2013-12-19 06:00 · Score: 1

Since 2001-09-12, the day after a terrorist attack on the World Trade Center, the list of things deemed "giving [enemies] Aid and Comfort" has exploded.

Re:After 9/11, anything is "aid and comfort" by mlw4428 · 2013-12-19 07:26 · Score: 1

You missed the point entirely. The crime can't be treason, because the state can't be an enemy of the state. I'm not saying it's not unconstitutional or that what they're doing is legal...it just isn't treason. It's like charging someone pulled over for speeding with murder. The crime doesn't fit the definition you're giving it.
Re:After 9/11, anything is "aid and comfort" by tepples · 2013-12-19 08:45 · Score: 1

Yes. When the United States expanded its police state, certain far-right religious fundamentalists in the Middle East achieved their goal of reducing Americans' freedom. The terrorists won.
Re:After 9/11, anything is "aid and comfort" by ulatekh · 2013-12-19 16:12 · Score: 1

Thank you. I thought I was the only one that noticed this.

--
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters

Re:Is execution enough? by tompaulco · 2013-12-19 06:02 · Score: 1

First, make them pay back everybody they ransomed, times 10, then execute them. If they don't have the money to pay back times 10 then we can find a company to pay back everybody times 10 and then make the perpetrators have to work for that company for free until their debt is paid off.

--
If you are not allowed to question your government then the government has answered your question.

Attacker *is* the 0wn3r by tepples · 2013-12-19 06:02 · Score: 1

The definition of DRM requires that the owner of the data and the attacker be the same entity.

If CryptoLocker has a chance to run, then the attacker has pretty much owned the machine.

Brain-dead default: the gift that keeps on giving by istartedi · 2013-12-19 06:06 · Score: 4, Interesting

Microsoft's brain-dead default of "hide file extensions" is cited in the article as part of the social engineering aspect that gets users to click on the files. It's the gift that keeps on giving... to black hats.

Hiding the file extension does NOTHING to make things easier on the user or make the UI any cleaner. It's not like we have 40 column displays where the file extension is "too long" and going to take away "screen real estate".

This has been going on literally for DECADES NOW. How can Microsoft be so blind? Whenever I get a new Windows box, it's the first thing I disable because if I don't, I'll just end up creating files with names like, "DailyLog.txt.txt".

Whoever is at MS, insisting that this remain the default needs to be hauled out, shot, drawn, quartered, and the pieces sent to be displayed in the lobbies of their 4 largest offices.

--
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?

Re:Justice by JesseMcDonald · 2013-12-19 06:10 · Score: 1

What I am waiting to see is Cryptolocker's descendant. [...] The software will gradually encrypt files over time. However, when an encrypted file is accessed, it will decrypt it on the fly... for a time.

Then, once it completes encrypting files, it will stop decrypting on the fly, purges the private keys it used, then demand ransom. Since this was done over a period of weeks to months, even backups stored on Mozy or other places will be locked out.

Wouldn't the backup software also get the decrypted data? Or is the ransomware treating requests by the backup software differently than requests by other programs?

--
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat

Try this to fix the infection... by weeboo0104 · 2013-12-19 06:49 · Score: 5, Informative

I believe I got hit by this about a week ago when I clicked on an advert linked on Chicago Tribune's website.

A fullscreen message appeared saying my computer had been encrypted and I had to pay $300 to decrypt it. I pulled my network cable out and had to power off my PC because the keyboard would not work. I was able to boot back up, but when I logged in both regularly and in Safe-Mode, a full white screen saying "please connect to the Internet" appeared and I couldn't use the keyboard again.

I pressed F8 on boot and booted into Safe-Mode Command line only. Once I logged in and saw the command line, I typed rstrui.exe (windows System Recovery) and using the Restore Wizard, restored to a checkpoint from a day earlier. I restarted my PC again and let it boot normally and once I was able to log in without seeing the message, reconnected my network cable.

My PC was never encrypted. The message only said it was. The clincher was before I booted Windows in Safe-Mode, I used a Knoppix DVD to mount the Windows partition and copy off my personal data before I started the recovery process. The data was perfectly readable and not encrypted.

--
It is easier to build strong children than to repair broken men. -Frederick Douglass

Re:Try this to fix the infection... by Anonymous Coward · 2013-12-19 07:48 · Score: 1

You lucked out and caught it in time.
Someone I work with got it and didn't notice it changed her desktop wallpaper until hours later.
By then all her docs were encrypted (and some on network shares but we had backups).
The encryption is slow so it may not have had time to get any of your files or it got some but not all. If it hits a large file (such as a 9GB Outlook PST file like this user had) it'll delay it even more.
Basically if you open regedit and check
"HKEY_CURRENT_USER\Software\CryptoLocker\Files" you'll see all the files it encrypted.
We didn't pay, we just told the user to pretend she's a new hire cause she lost everything :)
Re:Try this to fix the infection... by NoImNotNineVolt · 2013-12-19 07:55 · Score: 2

So I've got to ask... why were you clicking on advertisements?!

--
Chuuch. Preach. Tabernacle.
Re:Try this to fix the infection... by Taibhsear · 2013-12-19 08:16 · Score: 1

I did the same thing to fix a friend's laptop. It was windows 8 though and giving me shit so I ultimately had to just rip the drive out and mount to another system. It was a pain in the ass but still recoverable.
Re:Try this to fix the infection... by TwoBit · 2013-12-19 12:42 · Score: 1

But there was still a browser exploit involved, right? What version of what browser was being used?

Re:Justice by mlts · 2013-12-19 07:24 · Score: 2

Depends on OS. Windows uses snapshot functionality, and in theory, it wouldn't be hard for malware to not bother intercepting the files opened under a backup context so they get backed up encrypted compared to files opened directly by the user.

EFS on NTFS works in a similar fashion. If I back up a directory full of EFS protected files, they are stored encrypted. If I fire up a utility like WinRAR which opens files as an application does, Windows will decrypt the files automatically.

Re:Justice by mlts · 2013-12-19 07:47 · Score: 1

I've been hacking together a system on a Windows Server 2012 box, where the clients copy their documents to a directory in their own individual shares, then when done, the directories get moved to another directory not accessible to the clients. Then, later in the night, the deduplication process fires off, so for the most part, only changed in the stored documents are stored. Of course, this may not help if the malware is smart enough to do its dirty work slowly over a period of time where old backups are cycled out.

As the parent stated, probably the best way to deal with this is what the parent stated -- something like the Qubes OS project where every application not just has its own memory space, but has its own filesystem completely separate from the other programs. Add to this a backup program that pulls data from a machine (where the client can only start backups, but cannot access backed up info unless it is directly pushed from the server), and this would provide some answer to ransomware.

The scary thing: Ransomware has been around, but CryptoLocker is really the first shot across the bow that uses browser (or browser add-on) holes, Trojans, and other weaknesses to actively do its dirty work. It also is extremely well engineered where the keys are not findable once the software does its nasty deeds.

Re:Justice by mlts · 2013-12-19 07:49 · Score: 1

Depends on the OS. Server operating systems will have a SmartScreen filter that requests to be set up once the machine is running, and will immediately prompt if it encounters unsigned applications and disallow them to run.

This capability is present in Windows 7 and newer (AppLocker), but it isn't turned on unless someone has the "pro" version and access to gpedit.

Re:Brain-dead default: the gift that keeps on givi by NoImNotNineVolt · 2013-12-19 07:54 · Score: 1

I'm seriously in love with your sig. Thank you for making the interwebs a better place.

--
Chuuch. Preach. Tabernacle.

Re:Math? by suso · 2013-12-19 09:12 · Score: 1

Now if we can only determine the connection between Zuckerberg and Verizon, we can blow this CryptoLocker thing wide open.
http://verizonmath.blogspot.ca/2006/12/verizon-doesnt-know-dollars-from-cents.html

Its amazing that this is the only comment that mentioned Verizon math. Maybe I'm not on the right site. This is Slashdot correct?

Re:If Caught... by tqk · 2013-12-19 09:31 · Score: 1

If Zuckerberg is 50% as sleezy as depicted in "The Social Network", ...

Not that I'm defending him, but you do know that was a Hollywood production, yes? When have that bunch *ever* portrayed an actual event with any degree approaching accuracy?

--
"Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.

Laptop appendage by tepples · 2013-12-19 09:44 · Score: 1

Good luck fitting your laptop back in its case with the USB flash drive hanging out of it. Or do you work only with desktop users?

Re:Laptop appendage by LordLimecat · 2013-12-20 03:42 · Score: 1

Laptop users that I've worked with tend to use cloud backup, which I tend to encourage because its the only way the backups get done.

Re:Justice by mlts · 2013-12-19 11:39 · Score: 1

If the data is stored on SSD, it even is easier... just encrypt the files and force a TRIM on empty space.

Previous to this, ransomware was in the wings, but it was relatively amateurish. It used relatively small keys, or spread via a vector that was already plugged by most AV stuff. Now, with zero-days used to get the software onto machines, this is not just a threat, but a big money-maker for the bad guys.

Re:Brain-dead default: the gift that keeps on givi by Applehu+Akbar · 2013-12-19 12:18 · Score: 1

In my residential IT practice, I have encountered users - business professionals - who insist on keeping file extensions hidden.

Re:If Caught... by ulatekh · 2013-12-19 16:07 · Score: 1

[Y]ou do know that was a Hollywood production, yes? When have that bunch *ever* portrayed an actual event with any degree approaching accuracy?

Primary Colors? Granted, the real Bill Clinton seems fictional.
Wag The Dog? We live that every day.
Sneakers? Surprisingly accurate about real hacking.
Max Headroom? Just around the corner...about twenty minutes from now, in fact.
Robocop? Could be shot in present-day Detroit. No need for expensive sets!

I could go on. Hollywood gets it right occasionally.

--
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters

Re:Why would anyone install this? by tibit · 2013-12-20 03:24 · Score: 1

'Twas detector malfunction, please accept my apologies ;)

--
A successful API design takes a mixture of software design and pedagogy.

Re:Title wrong too. by Technician · 2013-12-20 04:03 · Score: 1

Change title from earns to extorts. It is ransomware.

--
The truth shall set you free!

Cloud backup service's storage cap by tepples · 2013-12-20 04:41 · Score: 1

Laptop users that I've worked with tend to use cloud backup, which I tend to encourage

Guess what a laptop user does when he runs into the cloud backup service's storage cap. He cuts down the set of folders that get backed up. Expanding offline backup capacity doesn't have an annual fee per GB like what iCloud, Dropbox, and SkyDrive charge.

Re:Brain-dead default: the gift that keeps on givi by dkman · 2013-12-20 05:16 · Score: 1

I agree whole-heartedly with this.

I used to have a whole list of tweaks I would do to explorer on an XP machine to make it "ready for use". The first item on that list was to turn off Hide Extensions.

That, and show hidden files, are the only one's I still do routinely.

The first time an email cropped up exploiting the malware.jpg.exe "oo lookie, a picture" issue this (hiding information from the user) should have been dropped as the default.

Since when has hiding information ever made anything better? But what should we expect when they deciding to remove visual cues from their latest OS? Flat buttons anyone? Hidden magic corners (Linux distros jumped on board with that one too). Mobile OS's using picture buttons when you can't hover to see what it's going to do before clicking on it... but I digress

--
I refuse to sign

Slashdot Mirror

CryptoLocker Gang Earns $30 Million In Just 100 Days

127 of 202 comments (clear)