Slashdot Mirror

← Back to Stories (view on slashdot.org)

CryptoLocker Gang Earns $30 Million In Just 100 Days

Posted by timothy on from the only-need-to-win-a-few dept.

DavidGilbert99 writes "A report from Dell Secureworks earlier this week reported that up to 250,000 systems have been infected with the pernicious ransomware known as CryptoLocker. Digging a little deeper, David Gilbert at IBTimes UK found that the average ransom being paid was $300, and than on a very conservative basis just 0.4% of people paid the ransom. What does this all add up to? $30 million for the gang controlling CryptoLocker — and this could be 'many times bigger.'"

14 of 202 comments (clear)

  1. hey dummies by Anonymous Coward · · Score: 5, Informative

    The link is wrong

    1. Re:hey dummies by bondsbw · · Score: 5, Informative

      And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    2. Re:hey dummies by girlintraining · · Score: 4, Informative

      Wal-Mart has the highest revenue in the US - 469.2 billion according to the Fortune 500.

      You seem to be laboring under the delusion that companies only exist, and earn profit, for one year. Then they return to their ancestral home in the profit river, where they lay their nest eggs and golden parachutes for the next generation, and then die.

      Alas, companies make revenue year over year... and some of the biggest frauds this country has seen have taken decades before the government acted to stop it. So "Trillions of dollars of revenue" is not an inaccurate statement. At least not if you have more brains than an anonymous coward...

      --
      #fuckbeta #iamslashdot #dicemustdie
  2. So, Zuckerberg is behind cryptolocker???? by wbr1 · · Score: 5, Informative

    Here is the correct link: http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607

    --
    Silence is a state of mime.
    1. Re:So, Zuckerberg is behind cryptolocker???? by war4peace · · Score: 4, Funny

      ...And it's a fun read, too:

      "English is not the CryptoLocker Group's first language" - apparently it's not IB Times's, either, as seen in the article: "CryptoLocker is not currently being sold to anyone other criminal gangs".
      "it was being distributed by the Gameover Zeus malware, in some cases via the renowned Cutwail bonnet."
      "malware is typical among cyber-criminals in Russia and easter Europe,"
      "this was quickly cut to 1 bitcoin, 0.5 bitcoin and at the time of publication, 0.5 bitcoin." - yes, there's a deep cut from 0.5 to 0.5, for sure. We should all rejoice!

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  3. Re:Alright NSA, why is this going on? by Anonymous Coward · · Score: 4, Funny

    oh, you've just made cold fjord sad, you insensitive clod

  4. Re:Error by Drethon · · Score: 4, Funny

    Are you sure it is unrelated? Facebook seems to be asking a lot of money for nothing tangible too...

  5. Said every IT person. Ever. by girlintraining · · Score: 4, Insightful

    "So, do you have a current backup?"
    -- Every tech support number you'll call, anywhere. Ever.

    And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Said every IT person. Ever. by wbr1 · · Score: 5, Informative
      Unfortunately, an external drive backup using your scheme is of little to no use against this threat. It will encrypt all attached drives, network, USB or otherwise, so long as the user has permissions. It will start with commonly needed file extensions first.

      Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.

      --
      Silence is a state of mime.
  6. Re:Better Than Commercial Software? by ekgringo · · Score: 4, Interesting

    We knew someone at a sister company that was infected with CryptoLocker. He had no backups (they have no IT infrastructure) so he paid the ransom to recover his files. It appeared to start decryption, but the machine was old and we had to let it run over the weekend to complete. Windows Security Essentials had to be disabled in order for the decryption to work, but it re-enabled itself and blocked the decryption. By the time Monday rolled around, the decryption sever had been shut down or his ransom window had expired and so he ended up losing his data anyway.

  7. Re:Justice by mlts · · Score: 4, Interesting

    IMHO, CryptoLocker is just the first shot across the bow.

    Long term, maybe it will be a good thing, similar to the old PC days where BIOS killing viruses finally got people to actually care about average security or else keep buying new computers.

    Of course, malware like this pretty much trashes almost every single backup system known to man. The enterprise is less affected because of programs like NetBackup that pull data, so malicious software is unable to touch previous backups. However, the main form of backups people do (if they bother to do anything) is copying to a secondary hard disk, which allows the backups to be accessed by malware and destroyed. Services like Mozy sort of help, but they might not keep a previous version of a file that hasn't been corrupted by ransomware, especially if the software is relatively slow and encrypts files over a long period of time to escape detection.

    What I am waiting to see is Cryptolocker's descendant. This software will install itself through a hole in a Web browser or add-ons. It will install a low level Windows driver. It will then generate a private key and keep it local to the machine, sending a backup to the ransomware's servers. The software will gradually encrypt files over time. However, when an encrypted file is accessed, it will decrypt it on the fly... for a time.

    Then, once it completes encrypting files, it will stop decrypting on the fly, purges the private keys it used, then demand ransom. Since this was done over a period of weeks to months, even backups stored on Mozy or other places will be locked out.

  8. Re:Better Than Commercial Software? by zeugma-amp · · Score: 4, Interesting

    So, you made a donation to organized crime. How charitable.

    As did this police department ...

    US local police department pays CryptoLocker ransom

    =snip=

    A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports.

    The police department spokesman claimed that the infection had been mopped up and their systems secured, with no personal information stolen.

    =end snip=

    --
    This is an ex-parrot!
  9. Brain-dead default: the gift that keeps on giving by istartedi · · Score: 4, Interesting

    Microsoft's brain-dead default of "hide file extensions" is cited in the article as part of the social engineering aspect that gets users to click on the files. It's the gift that keeps on giving... to black hats.

    Hiding the file extension does NOTHING to make things easier on the user or make the UI any cleaner. It's not like we have 40 column displays where the file extension is "too long" and going to take away "screen real estate".

    This has been going on literally for DECADES NOW. How can Microsoft be so blind? Whenever I get a new Windows box, it's the first thing I disable because if I don't, I'll just end up creating files with names like, "DailyLog.txt.txt".

    Whoever is at MS, insisting that this remain the default needs to be hauled out, shot, drawn, quartered, and the pieces sent to be displayed in the lobbies of their 4 largest offices.

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  10. Try this to fix the infection... by weeboo0104 · · Score: 5, Informative

    I believe I got hit by this about a week ago when I clicked on an advert linked on Chicago Tribune's website.

    A fullscreen message appeared saying my computer had been encrypted and I had to pay $300 to decrypt it. I pulled my network cable out and had to power off my PC because the keyboard would not work. I was able to boot back up, but when I logged in both regularly and in Safe-Mode, a full white screen saying "please connect to the Internet" appeared and I couldn't use the keyboard again.

    I pressed F8 on boot and booted into Safe-Mode Command line only. Once I logged in and saw the command line, I typed rstrui.exe (windows System Recovery) and using the Restore Wizard, restored to a checkpoint from a day earlier. I restarted my PC again and let it boot normally and once I was able to log in without seeing the message, reconnected my network cable.

    My PC was never encrypted. The message only said it was. The clincher was before I booted Windows in Safe-Mode, I used a Knoppix DVD to mount the Windows partition and copy off my personal data before I started the recovery process. The data was perfectly readable and not encrypted.

    --
    It is easier to build strong children than to repair broken men. -Frederick Douglass