Slashdot Mirror
Writer: How My Mom Got Hacked
HughPickens.com writes Alina Simone writes in the NYT that her mother received a ransom note on the Tuesday before Thanksgiving.."Your files are encrypted," it announced. "To get the key to decrypt files you have to pay 500 USD." If she failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data would be lost forever. "By the time my mom called to ask for my help, it was already Day 6 and the clock was ticking," writes Simone. "My father had already spent all week trying to convince her that losing six months of files wasn't the end of the world (she had last backed up her computer in May). It was pointless to argue with her. She had thought through all of her options; she wanted to pay." Simone found that it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them and so she eventually helped her mother through the process of making a cash deposit to the Bitcoin "wallet" provided by her ransomers and she was able to decrypt her files. "From what we can tell, they almost always honor what they say because they want word to get around that they're trustworthy criminals who'll give you your files back," says Chester Wisniewski.
The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of "a very mature, well-oiled capitalist machine" says Wisniewski. "I think they like the idea they don't have to pretend they're not criminals. By using the fact that they're criminals to scare you, it's just a lot easier on them."
The peddlers of ransomware are clearly businesspeople who have skillfully tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay. They are appropriating all the tools of e-commerce and their operations are part of "a very mature, well-oiled capitalist machine" says Wisniewski. "I think they like the idea they don't have to pretend they're not criminals. By using the fact that they're criminals to scare you, it's just a lot easier on them."
I found it interesting that these criminals made a point of honouring their promise to provide the tools to decrypt the encrypted data.
At first, this didn't make sense to me. They are criminals; why do they have to honour anything?
But thinking about it some more, it works in their favour. Say I am a desperate person looking to get my files back, and I ask around if anyone has had any success with paying the ransom. If get responses saying "yes", then of course I am more likely to pay too, and this works in favour of the criminals' bottom line.
In addition, it dosn't cost the criminals much to provide the decryption tools, unlike if this was a kidnapping of a real person where there is the risk of the kidnapper getting caught during a hostage exchange.
Deal with reality - the world as it is - rather than ideality - the world as you would like it to be.
This is exactly the sort of crime that the government should be able to solve, there are so many fingerprints left, double that with the bitcoins (which aren't actually anonymous).
Granted, the $500 itself might not be worth much attention, but over and over and it adds up to a lot.
Plus this is the sort of nonsense that your government is supposed to do something about. If not stopped now, the problem just grows.
These criminals do this because there is low risk of getting caught and if caught, the punishment isn't likely to be high.
If I were in charge, I'd task the NSA with catching them, then publicly execute them on TV. While some people will say, "oh, that is overkill and not fair", I'd say, "yea, but it sure will give these criminals pause in the future, won't it?"
Our company also got hacked. Management sent everyone home, restored from backups. Then we spent a bunch of time figuring out what files were modified in the last 36 hours, and redoing that work over. Note that the hackers target only certain file types, eg. .doc, and .pdf, but not .xls, so were talking mostly about documentation. Unfortunately, our PC's are now limping along because the virus scanner is running all the time now, and so chews up resources.
Our company is Windows-centric for everything except code development (which is Linux using a VM under Windows), and this is a clear example of why Linux is more secure than Windows. Not necessarily inherently, but because Windows desktops are the "mainstream". And hackers target the mainstream!
To wit, I switched to Windows for a year, but subsequently, every search I did to fix Windows problems required putting "Windows" in the search box. This inevitably led to ever more heinously cunning hacker/virus/spyware results which had to be waded through. Try as you might to avoid them, eventually one of them ends up getting you. It ends up being about as much fun as a potato-sack race through a mine-field.
Find the hackers, kill them in public, and move on. A low life deserves nothing more.
But that's just a sentiment.
Once you're in their jaws, I suspect that your feelings may vary - and not as if any of us are going to reward her for towing the unified line
Actually, that's maybe the solution - you cough up your own cash to reward those that "say no to extortion" - It's not a massive leap, the majority of our governments already do this with our taxes already. Sure, it costs more in the long run (those SAS/SEAL raids where everybody ends up dead and poorer) - but it's nice to take a principled stand in the abstract (when your loved one isn't going to die as a hostage, nor as a soldier sent to rescue them).
The French - they mainly just seem to pay up, and walk away with their hostages unharmed.
Now I'm sure there may be some objections to this (I've got some myself) - but our governments seem to have managed to overlook their scruples and the urge to teach lessons when a few banks asked for a bit of cash (or we'd have all descended into anarchy, seemingly).
My point, I'm not sure. It's vaguely around the point that we don't 'pay when extorted' - and yet we all pretty much do. What's interesting is the type of extortion your government buckles and pays for.
next up is them rebating her some money back for their "Victim get a Victim" refferal program.
You could easily imagine something like this being the next step, having them say "We'll decrypt your files for $500, but if you send this attachment to ten friends you can decrypt for $250".
You could easily see that working really, really well... and creating a massive increase in infection.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This is the thing that makes Time Machine such a great asset to the Mac for non-technical users. The Mac in theory is not that much less hackable, but an attacker (a) will generally not be able to encrypt all the files in the system, only ones for that user and (b) the user will simply be able to go back through the TM backup and recover un-encrypted files.
I think TM plays a really a big part in the Mac still not having many (any?) exploits in the wild, because easiest ways to extract money, Mac users are protected against.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Best advice is GET THE HELL OFF WINDOWS!! I have a thriving little business upgrading people who are still on XP over to either XUbuntu or Mint. I've gotten calls after an upgrade with the user saying "I got this weird error when I open this email", and it turned out that the user had an email with the Cryptolocker vector, and the odd error was the malware *trying* (and failing) to encrypt files on an ext4 filesystem... At this point in time, THAT aint happening....
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
So, the only thing between Cryptolocker and your user's files was the FILESYSTEM? And you think the problem was the OS?
Seriously, this thing was actually running on your Linux distribution (as you yourself admit) and the only thing that saved you was that it wasn't (yet) adapted to the filesystem. So, pray tell, how is Linux the magical mystery sauce which saves the day?
you say that as if the other major operating systems didn't have that feature for years
Come on, I am not saying that in any way. I'm saying that Time Machine is a system that really is so easy to enable that real, nontechnical people ACTUALLY USE IT, and that the features it has makes malware like this a non-starter.
Yes, all of us technical folk have been using various things to backup stuff forever. But Time Machine brings versioned backup to the everyday user (an important aspect of the protection is keeping older versions since a simpler mirroring backup means a users files could still easily all be lost on next backup that overwrites the mirror).
The reason why this is possible is again a combination of hardware and software - Time Machine as software alone is not nearly so powerful as it is combined with a unit that doubles as a WiFi router and backup disk, which is recognized as such by the system. Literally my mom can set it up and actually use it. I cannot imagine the countless disasters this has averted for people without technical family members to help them with issues.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The most common attack vector for this particular malware and many like it is email attachments.
That was true 4-6 years ago, but not today. Now we're seeing most of this stuff getting installed via zero-day exploits in browsers and plugins like Java and Flash, and distributed via third-party advertising networks. It's a lot harder to blame someone for getting compromised via a browser plugin they didn't even know they had.
The best protection these days is still to block all advertising, run with limited permissions, and have automated external backups with versioning. If the user is capable, blocking all third-party scripting is also incredibly effective.
It's 2015 anyone in the world can still send an email with file attachments to anyone using whatever FROM address they'd like without any prior trust relationship, vetting or authorization by receiver.
You just listed some of the best features of email.
It is *our* fault for installing AV software and going back to picking our noses
Now this is true. Antivirus software has been a joke for a decade.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
Just wait 10-20 years and commercial quantum-computers will be common enough that the key can be re-created and the data recovered. So if you have been hit by "ransomware," clone the disk and put both copies in a closet somewhere. Every year or two, copy the disk again.
In 5-10 years police agencies will admit to having such technology and people who committed serious crimes since the "Five Eyes" started sucking down as much of the Internet as they can and who have successfully evaded detection due to strong encryption may find themselves getting that "knock on the door."
Criminals who are very high-profile targets (think: Terrorism, top drug lords, etc.), they national police agencies either already have the ability to go back and decrypt all past recorded traffic and previously-seized computers or they will have it within a year or two, assuming the encryption is the kind that is in common use today (e.g. https: or PGP-like encryption with reasonable, not super-long key lengths). As to whether the police will admit to having this capability before the decade is out is an open question. If they don't, they'll either have to delay arresting people or cook up some form of parallel construction to make their case.
By the way, watch your national governments - if they haven't done so already they will try to eliminate or greatly extend statutes of limitation for the kinds of crimes associated with encryption, starting with those that are most scary to the public such as anything related to terrorism, high-level drug trafficking, and human trafficking. Or, instead of trying to generally extend/eliminate the statute of limitations, they may change the law to suspend the clock when encryption is used, so the time it takes from the day the evidence is seized or sniffed to the day it is decrypted doesn't "count."
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I've been reading for 20+ years how "Macs are just as vulnerable as Windows," and yet, somehow, that malware parity never seems to happen. Sure, every now and then there's a headline about Mac malware, but when you read the article it's either a theoretical vulnerability or, at worst, something that happened to a handful of people.
I've been reading for 20+ years about these things called Macs that are far safer than Windows, and yet, somehow, nobody actually uses them.
Thieves will always go for max reward for minimum risk. Sure, they hit lots of mom and pop computers running Windows, but I imagine the real money is in medium-sized businesses. How many organizations do you know that could be persuaded to maybe pay a $300k ransom but they store all that data on OSX, or even on Linux?
If medium-sized companies tended to run OSX, you'd see Cryptolocker for OSX. No, you won't see it anytime soon, because those businesses aren't going to switch to OSX anytime soon.
From an OS security standpoint, there really isn't anything in OSX or Linux that would prevent something from Cryptolocker from working. Neither does security beyond the user-level by default, and typically the browser (which is what tends to get exploited) has access to all user data.