Slashdot Mirror
Many Australians Forced To Pay For "Unbreakable" Cryptolocker Ransomware
An anonymous reader writes: Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus [Cryptolocker]. The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam. The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers. Bad news for Australians: this is just one of many targetting the country.
They'll open anything that lands in their inbox.
Gets Cryptolocker installed. Via Group Policy, it prevents, among other things, anything being executed from the user's temp directory/ies - which is where email attachments are placed for whatever operation they require - picture preview, etc. It's not a guarantee, but it presents a big obstacle to any attacker attempting to fool a user into executing their code simply by opening an email.
Not affiliated, just a happy user.
They sentenced me to twenty years of boredom
Like the movie Ransom with Mel Gibson.
But having backup of your files is always a good idea.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Quick, you should pass a law for all that non taxable revenue....
Restore from backup and be more careful next time.
Compared to the amount we get overcharged by companies in America, just the extra my clients have paid for cad over the last 10 years would easily cover that cover that ($10000 for a 2 user license last year for example). So who are the real crooks?
Judging from the comments, very much so.
Maybe they learn something from this... If not, there is allways the next time!
Private Number: "Hello I am from Telstra Internet Services and you have a problem with your computer"
Me: F**k o** you scamming c***
*End Call*
Been getting those at least once a month now.
1) Make sure users, especially Windows users, are well educated enough to not run things or accept things that pop up in the browser or is sent in an email.
2) Make sure that all users have Adblockers, No-Script etc installed by default. It is more trouble initially, but it gives you a chance to stop and think, and after a while you will have trained yourself and your browser to allow you to do your work with a minimum of pain.
3) Always run Windows in a VM under Linux - and make regular, dated backups of the Windows disk images (the VM disk images!). If shit happens, you can quickly go back to a version that works.
Of those three, the first point is far the most important.
Backup in depth:
'real time' (ie Apple's time machine)
+ Daily
+ Weekly (put aside)
+ Monthly (stored offsite)
+ Yearly (stored off-offsite)
blindly antisocialist = antisocial
Hasn't the time come yet to create a super national institution/task force (like interpol for "real" world) to stop this and to put to jailforever the persons who receive the money? Really not yet?? Do not tell me it's not possible, because it's not true at all.
Scam would imply this is some kind of fraud or swindle, like a con artist trying to trick you. This is plain extortion, they've kidnapped your data and is holding it ransom. If bad things really do happen if you don't pay, it's not a scam any more than being robbed at gunpoint is.
Live today, because you never know what tomorrow brings
I hope that the ATO is getting their fair of the GST on these ransomware demands.... The lack of tax on overseas purchases are taking our jeeerbs!
I know someone who personally accounts for 4 of those installations. On the same computer. Because she's fallen for the same frikkin scam four times. Every time I ask her "why did you open an email claiming to be from the IRS, when we don't have an IRS in Australia", she tells me "because it sounded real". You should see the grammar in these scam emails, too: they're written like "please effective the transactionments with the rapid or we can has your cheeseburgers". Yet she's still fallen for it. Four. Times.
Fortunately, I back that site up effectively.
You are all cows. Cows say moo. MOOOOOOOOO! MOOOOOOOO! Moo cows MOOOOOOO! Moo say the cows. YOU COWS!!
...we start lists at zero around here.
0 - Prevention is preferable to cure, avoid giving your PC the power to crash your life in the first place.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
They do hundreds a day and have a script - your reverse pfish is not in the script to deal with so even if they are gullible enough it's not going to happen.
The best I've done is ask one Indian lady on the line why she's working for such criminals despite having perfect English - that got a bit of an offscript response. I no longer have a phone on my landline so no longer have to put up with those scammers.
Now that's just pathetic - modded down for pointing out the vector of infection by some fanboy that wants to pretend even MS products being discontinued are perfect.
There is nothing inaccurate in the above post. Not liking reality is no reason to mod down a post describing reality.
you would... ... not ...
Comment removed based on user account deletion
Do Australians have to pay just a bit more ransom for the luxury of being hacked in Australia?
I mean: this happens all over the world. If it just hit them, then they were lucky up till now.
Don't fight for your country, if your country does not fight for you.
Sue Microsoft for making shitty software.
But you morons deserved to pay for your ignorance. You shouldn't even have to learn about computers to avoid this scam. But you're not. And after a while it's not my job to care that you got fucked over because of your own incompetence at life.
Hopefully you have learned your lesson and it will never happen again. But what you've lost, you have lost. Live with it as a learning experience.
Yeah, sure, there's probably a lot of russians, but most of them are americans using cracked and insecure russian computers for this. How do I know? Because most of the spam I get from russian IP addresses are from american companies in us dollars sent to me in the UK.
Moreover, the reason why it won't happen isn't because russia won't hand over citizens, but the USA have been against it for decades.
Why weren't UN inspectors able to get into any chemical company in Iraq and check he didn't make chemical weapons? Because the UN resolution that would allow UN inspectors to do that was vetoed by the USA because there was no way to prevent the inspectors inspecting US companies.
International courts and the Hague are ingored by the USA who will not hand over their military personnell, EVEN IF it's only to ask questions in an incident where a squaddie killed a civilian when they were in germany and were back on the base and sent back to the USA before the police found out who it was. Or the airforce pilot who shot a column of british tanks in the iraq war.
The USA would refuse any convention that allowed this extraction unless there were an explicit "but not us" for the USA.
Russians? Not in it. It's your aged and raddled brain pretending that the cold war was still on.
CryptoWall/CTB-Locker/Cryptolocker (or whatever the variant's name is this month) seems to have difficulty with or is rather slow at getting to data stored in the container for the Volume Snapshot Service. For businesses that do not allow their users to run as administrators (or have them elevate from a privileged account), they can typically restore a reasonably recent snapshot of data folder by folder using the Previous Versions option.
If the user is an admin, I've found that the window for recovery using VSS is smaller, but certainly better than nothing. Network shares should be restored from backups or VSS from the server (if Windows). I haven't figured out what to do with flash drives quite yet....even most data recovery software doesn't find much since the files are never really erased, just overwritten with encrypted copies.
It seems like it shouldn't be too hard to MD5 / SHA / whatever hash every file of the types that are targeted - a la tripwire.
Do such solutions exist for the various targeted OSs?
blindly antisocialist = antisocial
Kinda like suddenly running into the middle of a busy road and getting hit by a car. Even though pedestrians have the right of way, any court of law would blame the pedestrian.
So there is a much better, more secure, more useable and more professional product out there than Microsoft Windows, and its even free (Gnu/Linux), yet many dumbasses still choose to buy and use Windows instead and also not even back up their files, even though Windows has a decades long history of being easily hacked and Microsoft has a decades long history of doing little to nothing effective about it. Any company that comes up with shit like UAC is very clearly clueless.
There must be some level at which you just have to say choosing Windows then becoming a victim to this kind of attack is pretty much self-inflicted.
That is a sticky situation.
It can still get on via angler malware kit. The type from yahoo.
It is run only from ram making it impossible to block or detect.
Malware kits? You sound like Another Satisfied Microsoft Customer.
I've seen individual *nix machines that were hacked into by a determined individual who put a lot of time and effort into doing it. I've never seen automated self-perpetuating malware for *nix in the wild. I've seen a few proof-of-concept viruses, but not in the wild. Odd, considering the majority of servers on the net are some form of *nix. That's a lot of beefy machines with loads of interesting data and tons of bandwidth, why you would think that'd make a tempting target...
Seems the *nix world learned their lesson from the Morris worm, you remember, the one from 1988? Yeah after that they took security seriously. With all their billions of dollars and skilled talent you would think Microsoft could do something similar? Oh well, just keep buying Windows, the next version will be better right?
Hiring an assassin to hunt them down and kill them would be a good use for a kickstarter campaign.
Perhaps a few dead hackers would send a message to them.
Here's hoping.
American idiots. PROOFREAD.
Sociological issues aside, getting bit by one of these scams is functionally equivalent to having your hard drive become corrupted, and the obvious solution is the same -- restore your data from backup.
The thing that motivates people to pay $$$ to the scammers (and thus motivates the scammers to keep causing trouble) is that too many people don't back up their data, and thus it costs them less to pay off the scammers than it would to reconstruct whatever was on their hard drive.
Given the low cost of hard drives these days, it seems to me that every computer sold should come with a second hard drive pre-installed and a Time Machine-style automatic incremental backup system already activated -- and maybe even a shiny red button somewhere that says "revert computer to yesterday's state", or something. That way the "I don't think about how my computer works, it's just a magic box to me" crowd would no longer face an expensive new crisis every six months.
I don't care if it's 90,000 hectares. That lake was not my doing.
over to a Google Chromebook to obviate the need to worry about crap like this for my personal "browsing the Web" machine. I use Macs for work, but at home, I'm likely going Chromebook.
It seems to me it would be better in the long run for everyone to put their money together and hire some muscle. I hear the DOJ/FBI does mercenary work for the RIAA/MPAA. Maybe with the right "campaign contributions" (US politicians don't care where in the world the bribe comes from) they can get some hired goons to pay these malware people a visit and make them an offer they can't refuse.
Australians are known for that.