Slashdot Mirror

← Back to Stories (view on slashdot.org)

CryptoLocker Gang Earns $30 Million In Just 100 Days

Posted by timothy on from the only-need-to-win-a-few dept.

DavidGilbert99 writes "A report from Dell Secureworks earlier this week reported that up to 250,000 systems have been infected with the pernicious ransomware known as CryptoLocker. Digging a little deeper, David Gilbert at IBTimes UK found that the average ransom being paid was $300, and than on a very conservative basis just 0.4% of people paid the ransom. What does this all add up to? $30 million for the gang controlling CryptoLocker — and this could be 'many times bigger.'"

44 of 202 comments (clear)

  1. hey dummies by Anonymous Coward · · Score: 5, Informative

    The link is wrong

    1. Re:hey dummies by bondsbw · · Score: 5, Informative

      And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    2. Re:hey dummies by girlintraining · · Score: 3, Funny

      And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

      You can't expect journalists to have a grasp of basic math. Or the general public for that matter. Otherwise the headline "Company X settles 'largest lawsuit in history' at Y billion dollars" wouldn't have the impact it does after realizing Company X's revenue was Z trillion dollars. And who knows -- with the instability of bitcoin pricing, it might well be worth $30 million next week... -_-

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:hey dummies by girlintraining · · Score: 4, Informative

      Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

      You seem to be laboring under the delusion that companies only exist, and earn profit, for one year. Then they return to their ancestral home in the profit river, where they lay their nest eggs and golden parachutes for the next generation, and then die.

      Alas, companies make revenue year over year... and some of the biggest frauds this country has seen have taken decades before the government acted to stop it. So "Trillions of dollars of revenue" is not an inaccurate statement. At least not if you have more brains than an anonymous coward...

      --
      #fuckbeta #iamslashdot #dicemustdie
  2. Broken article link by KublaiKhan · · Score: 2

    Or was this meant to trick us into reading about Zuckerberg?

    --
    In Xanadu did Kubla Khan
    A stately pleasure dome decree
    1. Re:Broken article link by stewsters · · Score: 3, Funny

      Or is Mark Zuckerburg the gang behind cryptolocker, and this was a Freudian slip?

  3. So, Zuckerberg is behind cryptolocker???? by wbr1 · · Score: 5, Informative

    Here is the correct link: http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

    --
    Silence is a state of mime.
    1. Re:So, Zuckerberg is behind cryptolocker???? by war4peace · · Score: 4, Funny

      ...And it's a fun read, too:

      "English is not the CryptoLocker Group's first language" - apparently it's not IB Times's, either, as seen in the article: "CryptoLocker is not currently being sold to anyone other criminal gangs".
      "it was being distributed by the Gameover Zeus malware, in some cases via the renowned Cutwail bonnet."
      "malware is typical among cyber-criminals in Russia and easter Europe,"
      "this was quickly cut to 1 bitcoin, 0.5 bitcoin and at the time of publication, 0.5 bitcoin." - yes, there's a deep cut from 0.5 to 0.5, for sure. We should all rejoice!

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  4. Correct Link by DavidGilbert99 · · Score: 2, Informative

    Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

    1. Re:Correct Link by bondsbw · · Score: 3, Insightful

      Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

      DavidGilbert99, please fix your damn article. You wrote the article, you wrote the summary, both with attention-getting headlines. And they both passed different sets of editors (assuming the editors even exist) and they are both incorrect with the $30M figure.

      The only story behind this is how little they netted, not how much.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  5. Better Than Commercial Software? by Anonymous Coward · · Score: 2, Funny

    Does CryptoLocker actually do what it says when a person pays? That's better than a lot of commercial software I've used. The gaming, media, and high-level engineering software industries are particularly bad on this point.

    1. Re:Better Than Commercial Software? by SJHillman · · Score: 2

      We got hit by CryptoLocker twice back in November (in one case, it wreaked havoc on network shares because the user had way more permissions than necessary due to office politics). We didn't pay the ransom, but we worked with a vendor who was very familiar with CryptoLocker. According to them, every time people paid, they got the key as promised.

    2. Re:Better Than Commercial Software? by ekgringo · · Score: 4, Interesting

      We knew someone at a sister company that was infected with CryptoLocker. He had no backups (they have no IT infrastructure) so he paid the ransom to recover his files. It appeared to start decryption, but the machine was old and we had to let it run over the weekend to complete. Windows Security Essentials had to be disabled in order for the decryption to work, but it re-enabled itself and blocked the decryption. By the time Monday rolled around, the decryption sever had been shut down or his ransom window had expired and so he ended up losing his data anyway.

    3. Re:Better Than Commercial Software? by i+kan+reed · · Score: 3, Insightful

      So, you made a donation to organized crime. How charitable.

    4. Re:Better Than Commercial Software? by zeugma-amp · · Score: 4, Interesting

      So, you made a donation to organized crime. How charitable.

      As did this police department ...

      US local police department pays CryptoLocker ransom

      =snip=

      A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports.

      The police department spokesman claimed that the infection had been mopped up and their systems secured, with no personal information stolen.

      =end snip=

      --
      This is an ex-parrot!
    5. Re:Better Than Commercial Software? by Bill,+Shooter+of+Bul · · Score: 3, Informative

      Yes they do. Just delcare everything to be non-sensitive. Much easier than doing any kind of research.

      --
      Well.. maybe. Or Maybe not. But Definitely not sort of.
    6. Re:Better Than Commercial Software? by nctritech · · Score: 2

      A company with a proper data backup plan will not be seriously affected by this thing. Unfortunately, the vast majority of the small businesses I work with don't have a backup plan at all. Plugging in an external hard drive and setting up the backup software that came with it is NOT a sufficient backup plan, people! They unfortunately found this out the hard way and lost everything on one of their computers. Giving hundreds of dollars to a criminal enterprise was not an acceptable solution to the business owner, and I can't say I disagreed, especially since the old files weren't of much importance to the business anyway.

      CryptoLocker should teach everyone to back up their work twice over and keep one backup isolated and very preferably off-site. Data is very easy to lose at the worst possible time.

    7. Re:Better Than Commercial Software? by LordLimecat · · Score: 2

      Proper backups may or may not protect against this. The encryption is non-obvious, so if its with important-to-archive files that you dont use daily, it is very possible that the backups with good copies of the data will have grandfathered out by the time you realize you were hit.

  6. Alright NSA, why is this going on? by Anonymous Coward · · Score: 3, Insightful

    You're in every goddamn device on the planet but you can't shut this sort of shit down?

    Another reason to execute y'all for treason.

    1. Re:Alright NSA, why is this going on? by Anonymous Coward · · Score: 4, Funny

      oh, you've just made cold fjord sad, you insensitive clod

    2. Re:Alright NSA, why is this going on? by Anonymous Coward · · Score: 2, Interesting

      cold fjord is to Slashdot what Jeffrey Toobin is to the mainstream media, a fucking government shill that spills lots of lies and distortions.
      So when one talks about executing his buddies for treason, it can only get on his sensibilities.

  7. See? Business model entirely without DRM. by Erikderzweite · · Score: 3, Interesting

    Just look at those guys: they don't need to take our freedoms with draconian DRMs and bought legislation. Their programs can be freely copied, in fact, their whole business model depends on the software being copied at no cost!

    What do they earn their money with, you ask? With high-quality cryptographic security service! Truly, a business model of the future.

    They are not blaming pesky pirates for their losses, they don't whine that someone uses their work without permission. They work harder, are creative and produce high-quality product. And that is their key to success!

    1. Re:See? Business model entirely without DRM. by wvmarle · · Score: 2

      I would say this malware IS DRM. Because what it does is it encrypts the content, and then demands money to have it decrypted. Sounds very much like your average DRM scheme.

      A key difference appears to be that this one actually works - at least there is no mention in the article of it having been broken yet.

    2. Re:See? Business model entirely without DRM. by mrchaotica · · Score: 2

      The only difference is that one makes sure I don't exceed my rights, while the other makes sure I can't execute my rights without paying ransom.

      Both DRM and cryptolocker encrypt your data with a key you don't know.

      The difference is that DRM attempts to let you use that key (to decrypt your data under the conditions that the DRM-imposer "allows") while simultaneously hiding the key from you (so that you can't decrypt your data under other conditions).

      Cryptolocker, on the other hand, just gives you the key (after paying the ransom, obviously) -- there is none of the "simultaneously allowed and disallowed" nonsense that's inherent to DRM.

      In other words, DRM tries to restrict your access to your data (which is inherently impossible). Cryptolocker essentially "steals" your data by encrypting it so that it stops being yours until you pay to get it back.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  8. NSA etc by RichMan · · Score: 2

    Where are the vaunted security agencies in providing protection for citizens? Should not the government have a hand in protecting its citizens?

    1. Re:NSA etc by SJHillman · · Score: 2

      Get this labeled as "cyber-terrorism" (which is basically is) and they'll be all over it.

    2. Re:NSA etc by KiloByte · · Score: 2

      You got it wrong: the NSA does cyber-terrorism, it doesn't fight it. Just like the PATRIOTUSA act was 100% promoting terrorism (spreading fear for political gain) rather than combatting it.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  9. Re:Error by Drethon · · Score: 4, Funny

    Are you sure it is unrelated? Facebook seems to be asking a lot of money for nothing tangible too...

  10. Re:Justice by SJHillman · · Score: 2

    We got hammered by CryptoLocker twice in November. Unfortunately, the backups of one of our affected fileservers crashed the same day, but we still lost very little data (none critical). The worst part is that it hits every mapped drive that the user has write-access to, and some of our legacy accounting and payroll systems require exactly those permissions. It's a real eye-opener, but what really gets you going is when you realize that CryptoLocker is actually pretty tame compared to what it could be - it only targets certain extensions, is easy to remove, is easy to block, and doesn't touch Windows.

  11. Said every IT person. Ever. by girlintraining · · Score: 4, Insightful

    "So, do you have a current backup?"
    -- Every tech support number you'll call, anywhere. Ever.

    And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Said every IT person. Ever. by thebes · · Score: 3, Insightful

      And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive".

      And how many people that do use an external drive actually unplug it after the fact?

    2. Re:Said every IT person. Ever. by Anonymous Coward · · Score: 2, Interesting

      your forgetting that almost no one changes their own oil any more, people are just too lazy and that's the only answer. that is why certain companies have stopped including dip sticks with their engines and instead require you to go to a service center to check your oil levels. one failed sensor and your engine is toast..

      and you expect people to perform their own backups? your analogy is correct but you miss the fact that you are not the average person as you have the common sense not to run your car for 15,000 miles with out thinking to change your oil. for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster

    3. Re:Said every IT person. Ever. by wbr1 · · Score: 5, Informative
      Unfortunately, an external drive backup using your scheme is of little to no use against this threat. It will encrypt all attached drives, network, USB or otherwise, so long as the user has permissions. It will start with commonly needed file extensions first.

      Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.

      --
      Silence is a state of mime.
    4. Re:Said every IT person. Ever. by swb · · Score: 2

      And you also need enough of the right kind of backups.

      Basic drag-and-drop copy backups for desktop users where they keep the backup device connected and online for convenience or scheduling would be of limited value due to the fact that they do could be crypto-lockered. Your backup needs to be of a type that can't be compromised by cryptolocker, either in a format it doesn't attack or on a system/media that is isolated from a desktop infection.

      Further, you need enough retention in your backup so that you can restore the data to a state prior to the infection. A client I work with that got hit but didn't report it until days later. A short retention cycle backup where only a few copies are kept might prevent the backup from even containing useful information. Fortunately for my client, we had 21 days of online retention and were easily able to restore files to a pre-modified state.

      I also like to advise that data access be restricted so that the totality of information stored isn't vulnerable to one person's computer going haywire. It always amazes me how many places find the "dumping ground" method of organization useful, where all data is accessible by all users. Unfortunately once you get there, it's hard to change because there's little coherency to the information, making it difficult to segment and often represents organizational challenges in trying to establish limits.

    5. Re:Said every IT person. Ever. by Bob+the+Super+Hamste · · Score: 2

      Engines that are low on oil tend to run hot, and they tend to run hard. They don't accelerate, they feel like they're losing power, and dear god do they make noise as they die. All that overheating metal is going rat-a-tak-tak and war-warrrrr-waaaaahhhhhrrrrr.... as it dies, smoking and belching steam.

      Sadly you have just described all of the vehicles my mother and step father have owned over the last 25 years. Far too many people treat things like they are disposable, even big ticket things like vehicles, so not taking care of relatively inexpensive things like a computer doesn't surprise me much at all.

      --
      Time to offend someone
    6. Re:Said every IT person. Ever. by tepples · · Score: 2

      And how many people that do use an external drive actually unplug it after the fact?

      Anyone who uses an external USB flash drive, for one.

  12. Re:Justice by stewsters · · Score: 2

    Your data is far more important to most people that windows. You could just re-install if that is the case (which you probably should consider if you were hit with this). One issue I have with security is that almost everyone stores their most valuable files in a location that any program they start can edit. Its really easy for users, but means things like this are so much worse.

    They should popularize a system where you can choose what programs have access to particular directories. I would imagine it would work something like the permissions for android, where when installing it says that it needs access to these particular permissions and your music library. For instance, I could have a documents folder that only my word processor can access, I could have a video folder that only vlc can access, and I could set it so my browser could not access anything but its configuration directory. Browsers already try to do this, but it would be nice to force it from the system. It doesn't stop a stupid user from downloading bad programs, but it should help reduce the effect of application bugs being exploited.

  13. Re:Error by JWW · · Score: 2

    Maybe this technology is related to Facebook.

    Imagine, Facebook's users are generating unique, pithy, substantive and deep posts to put on Facebook, but this crypto locker stuff is just converting those awesome posts into worthless drivel about piddly silly details about the Facebook breakfast or exercise routine.

  14. Re:Justice by mlts · · Score: 4, Interesting

    IMHO, CryptoLocker is just the first shot across the bow.

    Long term, maybe it will be a good thing, similar to the old PC days where BIOS killing viruses finally got people to actually care about average security or else keep buying new computers.

    Of course, malware like this pretty much trashes almost every single backup system known to man. The enterprise is less affected because of programs like NetBackup that pull data, so malicious software is unable to touch previous backups. However, the main form of backups people do (if they bother to do anything) is copying to a secondary hard disk, which allows the backups to be accessed by malware and destroyed. Services like Mozy sort of help, but they might not keep a previous version of a file that hasn't been corrupted by ransomware, especially if the software is relatively slow and encrypts files over a long period of time to escape detection.

    What I am waiting to see is Cryptolocker's descendant. This software will install itself through a hole in a Web browser or add-ons. It will install a low level Windows driver. It will then generate a private key and keep it local to the machine, sending a backup to the ransomware's servers. The software will gradually encrypt files over time. However, when an encrypted file is accessed, it will decrypt it on the fly... for a time.

    Then, once it completes encrypting files, it will stop decrypting on the fly, purges the private keys it used, then demand ransom. Since this was done over a period of weeks to months, even backups stored on Mozy or other places will be locked out.

  15. Re:Why would anyone install this? by sunsurfandsand · · Score: 2

    It's ransomware: it encrypts your files with a public key. The private key is controlled by the gang. You don't pay, you end up with a bunch of random-looking data substituted for your files, since the gang destroys the unique private key after the time is up.

    Unfortunately, I couldn't afford the $300. Fortunately, I never liked my data anyway.

  16. Brain-dead default: the gift that keeps on giving by istartedi · · Score: 4, Interesting

    Microsoft's brain-dead default of "hide file extensions" is cited in the article as part of the social engineering aspect that gets users to click on the files. It's the gift that keeps on giving... to black hats.

    Hiding the file extension does NOTHING to make things easier on the user or make the UI any cleaner. It's not like we have 40 column displays where the file extension is "too long" and going to take away "screen real estate".

    This has been going on literally for DECADES NOW. How can Microsoft be so blind? Whenever I get a new Windows box, it's the first thing I disable because if I don't, I'll just end up creating files with names like, "DailyLog.txt.txt".

    Whoever is at MS, insisting that this remain the default needs to be hauled out, shot, drawn, quartered, and the pieces sent to be displayed in the lobbies of their 4 largest offices.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  17. Try this to fix the infection... by weeboo0104 · · Score: 5, Informative

    I believe I got hit by this about a week ago when I clicked on an advert linked on Chicago Tribune's website.

    A fullscreen message appeared saying my computer had been encrypted and I had to pay $300 to decrypt it. I pulled my network cable out and had to power off my PC because the keyboard would not work. I was able to boot back up, but when I logged in both regularly and in Safe-Mode, a full white screen saying "please connect to the Internet" appeared and I couldn't use the keyboard again.

    I pressed F8 on boot and booted into Safe-Mode Command line only. Once I logged in and saw the command line, I typed rstrui.exe (windows System Recovery) and using the Restore Wizard, restored to a checkpoint from a day earlier. I restarted my PC again and let it boot normally and once I was able to log in without seeing the message, reconnected my network cable.

    My PC was never encrypted. The message only said it was. The clincher was before I booted Windows in Safe-Mode, I used a Knoppix DVD to mount the Windows partition and copy off my personal data before I started the recovery process. The data was perfectly readable and not encrypted.

    --
    It is easier to build strong children than to repair broken men. -Frederick Douglass
    1. Re:Try this to fix the infection... by NoImNotNineVolt · · Score: 2

      So I've got to ask... why were you clicking on advertisements?!

      --
      Chuuch. Preach. Tabernacle.
  18. Re:Justice by mlts · · Score: 2

    Depends on OS. Windows uses snapshot functionality, and in theory, it wouldn't be hard for malware to not bother intercepting the files opened under a backup context so they get backed up encrypted compared to files opened directly by the user.

    EFS on NTFS works in a similar fashion. If I back up a directory full of EFS protected files, they are stored encrypted. If I fire up a utility like WinRAR which opens files as an application does, Windows will decrypt the files automatically.