Slashdot Mirror
Writer: How My Mom Got Hacked
HughPickens.com writes Alina Simone writes in the NYT that her mother received a ransom note on the Tuesday before Thanksgiving.."Your files are encrypted," it announced. "To get the key to decrypt files you have to pay 500 USD." If she failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data would be lost forever. "By the time my mom called to ask for my help, it was already Day 6 and the clock was ticking," writes Simone. "My father had already spent all week trying to convince her that losing six months of files wasn't the end of the world (she had last backed up her computer in May). It was pointless to argue with her. She had thought through all of her options; she wanted to pay." Simone found that it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them and so she eventually helped her mother through the process of making a cash deposit to the Bitcoin "wallet" provided by her ransomers and she was able to decrypt her files. "From what we can tell, they almost always honor what they say because they want word to get around that they're trustworthy criminals who'll give you your files back," says Chester Wisniewski.
The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of "a very mature, well-oiled capitalist machine" says Wisniewski. "I think they like the idea they don't have to pretend they're not criminals. By using the fact that they're criminals to scare you, it's just a lot easier on them."
The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of "a very mature, well-oiled capitalist machine" says Wisniewski. "I think they like the idea they don't have to pretend they're not criminals. By using the fact that they're criminals to scare you, it's just a lot easier on them."
For home use get backblaze or another off-line storage site. Backblaze syncs about every 3 hrs.
We hit this in the office and laughed. We keep 3 daily backups in commvault, with multiple month of storage. We drop the PC in error and wipe it. Have VP yell at user and their management and send them bill from the other departments that they trashed. Restore information from commvalut. Run time takes less than hour for full restore. They learn not to open attachments that they do not kow source. We cannot block attachments since users move items though to/from customers.
Why does the payload need admin privileges to encrypt your files? Unless your account only has read access to your data, but that would be very cumbersome.
It needs admin privileges to clobber VSS.
Is there some straightforward way to give a Windows backup program a different user/priority, so that the backup files it generates can only be accessed/modified by itself? That way a rogue virus or even user stupidity cannot delete or encrypt the backups. It know how to do this with Unix, but my Windows-fu is not as strong.
Create a task in task scheduler and you can say what account to run it as, there are also GUI (shift-rightclick an exe) or CLI (runas command) options. Just make sure that the destination isn't also writable by your regular user. Make sure you have incremental backup and not just a full backup/synchronization though, otherwise you'll just overwrite the good versions with encrypted bad versions, you need to be able to go back in history and get a good version from before you were infected. Of course you are just a local escalation exploit away from that being hosed as well, for real security the only way to delete backups should be from the backup system.
Live today, because you never know what tomorrow brings
So really, its best feature is its marketing. I have both a macbook and a windows 8 machine... the procedure to setup and use backup is basically the same, using similar terminology.
Plug a device in. Oh look at that, the system asks me if I want to use it for backup. Click yes!
DONE.
My grandma could have done it.
Comment removed based on user account deletion
The mechanisms of Cryptowall work under any OS.
Except, as the AC said, it doesn't presently work under OS X. I've been reading for 20+ years how "Macs are just as vulnerable as Windows," and yet, somehow, that malware parity never seems to happen. Sure, every now and then there's a headline about Mac malware, but when you read the article it's either a theoretical vulnerability or, at worst, something that happened to a handful of people. You can claim it's because malware authors don't want to bother with Macs or whatever, but the end result is the same: Windows users are always dealing with more malware than Mac users, and, I'll bet, always will. So the modded-down-to-oblivion poster above is not wrong: getting a Mac would have prevented this attack, and many others.
Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot