Slashdot Mirror
Many Australians Forced To Pay For "Unbreakable" Cryptolocker Ransomware
An anonymous reader writes: Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus [Cryptolocker]. The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam. The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers. Bad news for Australians: this is just one of many targetting the country.
Gets Cryptolocker installed. Via Group Policy, it prevents, among other things, anything being executed from the user's temp directory/ies - which is where email attachments are placed for whatever operation they require - picture preview, etc. It's not a guarantee, but it presents a big obstacle to any attacker attempting to fool a user into executing their code simply by opening an email.
Not affiliated, just a happy user.
They sentenced me to twenty years of boredom
but shouldn't they be used to this? i mean EVERYTHING in that country evolved to kill them. what's a bit of ransomware compared to magpies attacking their eyes when they go shopping? ever touched gympie gympie? just look at children armed with dingo sticks on their way to school... WTF is ransomware compared to that? on a scale of 1 to 10, this sofrware must be -5.
Quick, you should pass a law for all that non taxable revenue....
That is a very misinformed post
http://saveie6.com/
The real risk are the Drop Bears. Suicidal little buggers. Gotten worse since they figured out how to make explosives.
Seriously, a lot of Australians are just idiots. Computer technology has proliferated in the last 20 odd years but brains haven't. Almost everyone now has some kind of computer and has to use one for work but cant seem to grasp the basics of security. I have to wonder if these people would open a package some random stranger gave them on the street.
Combine this with the fact there is a large subculture glorifying idiocy and backwards thinking in this country (that's about to become a serious problem, but that is for another thread) and it's little wonder that people are getting Cryptolockers.
I have no sympathy for them, its the sysadmins that have to restore backups that I feel sorry for. Inevitably Braindead Bruce will get angry at the sysadmin when they find out that Bruce didn't keep backups of his important files (read: porn and car pictures).
Calling someone a "hater" only means you can not rationally rebut their argument.
Not necessarily. Synology NAS users fell victim of this. Synology took way too long to alert their users, instead, pretending nothing was happening, or silently ignoring the issue of their failure to update their software (which is OSS and already fixed). Eventually they addressed it, but the time they took was disgraceful, and even then, they failed to alert their registered users what was affecting their products.
So how about you not blaming the victims until you have facts to hand? Email is merely one vector, crytoplocker is run by various criminal organisations and uses an army of distributed machines hunting for exploitable servers. Do you actually check server longs? Thought so. Typical know-it-all dweeb.
The ones who took stuff and held it to ransom?
I'm assuming not the ones to sell a product to make a profit.
$5000 per user per year, That's $2.50 per hour for a full time employee.
If your clients paid those people $2.50 more per hour (or hired someone else), would they be as productive with a free CAD tool?
Maybe they learn something from this... If not, there is allways the next time!
Private Number: "Hello I am from Telstra Internet Services and you have a problem with your computer"
Me: F**k o** you scamming c***
*End Call*
Been getting those at least once a month now.
1) Make sure users, especially Windows users, are well educated enough to not run things or accept things that pop up in the browser or is sent in an email.
2) Make sure that all users have Adblockers, No-Script etc installed by default. It is more trouble initially, but it gives you a chance to stop and think, and after a while you will have trained yourself and your browser to allow you to do your work with a minimum of pain.
3) Always run Windows in a VM under Linux - and make regular, dated backups of the Windows disk images (the VM disk images!). If shit happens, you can quickly go back to a version that works.
Of those three, the first point is far the most important.
Backup in depth:
'real time' (ie Apple's time machine)
+ Daily
+ Weekly (put aside)
+ Monthly (stored offsite)
+ Yearly (stored off-offsite)
blindly antisocialist = antisocial
Scam would imply this is some kind of fraud or swindle, like a con artist trying to trick you. This is plain extortion, they've kidnapped your data and is holding it ransom. If bad things really do happen if you don't pay, it's not a scam any more than being robbed at gunpoint is.
Live today, because you never know what tomorrow brings
I hope that the ATO is getting their fair of the GST on these ransomware demands.... The lack of tax on overseas purchases are taking our jeeerbs!
And how exactly do you plan to convince Russia to hand over its citizens?
I'll never forget the last thing grandma said to me before she died: "What are you doing in here with that knife?!?"
I know someone who personally accounts for 4 of those installations. On the same computer. Because she's fallen for the same frikkin scam four times. Every time I ask her "why did you open an email claiming to be from the IRS, when we don't have an IRS in Australia", she tells me "because it sounded real". You should see the grammar in these scam emails, too: they're written like "please effective the transactionments with the rapid or we can has your cheeseburgers". Yet she's still fallen for it. Four. Times.
Fortunately, I back that site up effectively.
Of course Australians are a massive target. Unlike the Americans and Europeans they have jobs and money.
No point targeting the Euros as they have enough problems with their banks running out of cash and them having to live on $100/week. The USA ??....lol....they're either all on food stamps or they can't pay the electric bill, let alone have enough left over to send as bitcoin for a ransom.
Nah....it's a canny move by the ransomware authors. Hit the affluent, ignore the destitute.
Or would the employees be more productive with a $2.50 pay rise?
DUMB.
== Jez ==
Do you miss Firefox? Try Pale Moon.
Current ransomware will just destroy your data. But wait until the crimeware authors switch to "pay us X btc, or we'll make make your online activitiy look like that of a terrorist."
...we start lists at zero around here.
0 - Prevention is preferable to cure, avoid giving your PC the power to crash your life in the first place.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
It's only ever killed one person from memory - a twenty metre tall tree does that to you if it falls on you, stinging leaves or not. However there's plenty of immature trees with leaves at heights that can sting anyone walking past.
http://anpsa.org.au/APOL2007/sep07-s2.html
It hurts like stinging ant bites, a bit of pain to start with and then it fades a bit but is still there. Adding water later makes it hurt again, as much or more than the initial sting. There's not a lot you can do other than try to remove the tiny stinging hairs (especially before you get wet) and put up with it for a day or so. It's possible that some sort of resistance is built up or people stung frequently just get better at ignoring it, because after being stung a few times it's just one of those things that hurts but you'll be over it quicker than bad sunburn.
Sounds exactly like the United States.
Do not look at laser with remaining good eye.
I think I've found the flaw in your idea:
"Restore from backup "
What backup? The sort of people that get stung by this are the sort too stupid to make backups. Assuming they even know how.
They do hundreds a day and have a script - your reverse pfish is not in the script to deal with so even if they are gullible enough it's not going to happen.
The best I've done is ask one Indian lady on the line why she's working for such criminals despite having perfect English - that got a bit of an offscript response. I no longer have a phone on my landline so no longer have to put up with those scammers.
In Australia we call them waiters, and no, I like the girls too much to be interested.
Now that's just pathetic - modded down for pointing out the vector of infection by some fanboy that wants to pretend even MS products being discontinued are perfect.
There is nothing inaccurate in the above post. Not liking reality is no reason to mod down a post describing reality.
WTF is ransomware compared to that?
Current ransomware will just destroy your data. But wait until the crimeware authors switch to "pay us X btc, or we'll make make your online activitiy look like that of a terrorist."
And you'll have the crimeware alibi as well to provide reasonable doubt. Wouldn't get a cent out of me.
Not necessarily. Stupid Synology NAS users fell victim of this.
FTFY. You don't leave it open for Internet access.
you would... ... not ...
If you survive the raid on your house.
Think "swatting", just done for profit and on a larger scale. And these criminals usually don't get caught, unlike the usual revenge swatter.
Comment removed based on user account deletion
FTFY.
I mean: this happens all over the world. If it just hit them, then they were lucky up till now.
Don't fight for your country, if your country does not fight for you.
Because America, Fuck Yeah!, that's how.
CryptoWall/CTB-Locker/Cryptolocker (or whatever the variant's name is this month) seems to have difficulty with or is rather slow at getting to data stored in the container for the Volume Snapshot Service. For businesses that do not allow their users to run as administrators (or have them elevate from a privileged account), they can typically restore a reasonably recent snapshot of data folder by folder using the Previous Versions option.
If the user is an admin, I've found that the window for recovery using VSS is smaller, but certainly better than nothing. Network shares should be restored from backups or VSS from the server (if Windows). I haven't figured out what to do with flash drives quite yet....even most data recovery software doesn't find much since the files are never really erased, just overwritten with encrypted copies.
It's not Microsoft's fault. Pretty much any operating system can have this problem. There's a version of Cryptolocker that attacks Mac OSX machines as well. Unless you want to be stuck inside something like iOS, where you can only run an approved list of programs, then you're going to end up with people who run anything and everything causing security problems for themselves.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
It seems like it shouldn't be too hard to MD5 / SHA / whatever hash every file of the types that are targeted - a la tripwire.
Do such solutions exist for the various targeted OSs?
blindly antisocialist = antisocial
So, make a public announcement offering double the number of bitcoins the extortionist is demanding as a reward for the person's capture?
FTFY.
Don't kid yourself.
"What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
The real risk are the Drop Bears. Suicidal little buggers. Gotten worse since they figured out how to make explosives.
The drop bears have become Muslims?
Kinda like suddenly running into the middle of a busy road and getting hit by a car. Even though pedestrians have the right of way, any court of law would blame the pedestrian.
So there is a much better, more secure, more useable and more professional product out there than Microsoft Windows, and its even free (Gnu/Linux), yet many dumbasses still choose to buy and use Windows instead and also not even back up their files, even though Windows has a decades long history of being easily hacked and Microsoft has a decades long history of doing little to nothing effective about it. Any company that comes up with shit like UAC is very clearly clueless.
There must be some level at which you just have to say choosing Windows then becoming a victim to this kind of attack is pretty much self-inflicted.
The ringleader of the cryptolocker gang is Evgeniy Bogachev, aka "lucky12345" and "slavik". He's praised as a hero back home.
The simple facts are that most of these programs trace back to organized crime in Russia, which takes advantage of the fact that Russia shelters them from extradition.
Now, do I even need to go into any of the absurdity that you posted? Meh, let's do it for fun.
1. Malware != advertising spam
2. Advertizing spam is spread by botnets with service purchased from the operators of the botnets. The companies whose products are being plugged are not the same people who compromised or run the botnets (the latter two which can also be separate entities)
3. The most common currency to ask for in advertizing spam is US dollars because it's the most universal currency on the planet (the second most common spam currency to see is euros). It's the same reason that most spam is in English. However, some spammers do tailor their spam lists by region.
4. The US has never been against an extradition treaty with Russia - the US always seeks bilateral extradition treaties where possible. Russia is always against extradition treaties - not just with the US, but with everyone. Extradition is a violation of article 61 of the Russian constitution: "A Russian citizen cannot be sent beyond the borders of the Russian Federation or given to another state"
5. The UN inspection team did have the rights to go into any company in Iraq, under resolution 1441 - which was introduced and highly sought after by the US.
6. The US never vetoed any resolutions related to Iraq.
7. The US did not have any chemical companies operating in Iraq at the time of the inspections. Iraq was under sanctions.
You are correct on one aspect, however: The US does in all extradition treaties require exemption of US soldiers for actions involved in armed conflict.
I'll never forget the last thing grandma said to me before she died: "What are you doing in here with that knife?!?"
FTFY.
Didn't you get the memo? It's not the South that's standing in the way of the Progressive New World Order any more, it's "Rurl 'Merica".
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
Not necessarily. Stupid Synology NAS users fell victim of this.
FTFY. You don't leave it open for Internet access.
This. File system sharing protocols are inherently insecure. Doesn't matter if it's Samba, CIFS, NFS, and whatever Microsoft is calling the Windows version of SMB these days - they all have serious vulnerabilities that can be exploited from a public interface. Don't expose them to the world.
If you want to share files on the public Internet, there are better ways. Lots of ways to do it on a web-based platform. And share copies of stuff, and keep your system isolated. If you are using these Internet-based sharing things for traveling, use some kind of VPN instead.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
That is a very misinformed post
Is that full disclosure or something?
I have (had, really) a lady friend who was fairly young and lived in a tiny place called Cann River. We met online and I, being a pervert, went to Australia to meet them in person. I stayed for a couple of weeks the first time and then for about a month the second time and all was well and good. Anyhow, not long after I left, she was on her way to work at a coffee shop/cafe type of deal and was walking there when she was attacked and suffered some real damage from a magpie.
I do not really have a point, I seldom do, but I did find it amusing that you mention it. We did not end up wed and live happily ever after feeding our babies to dingos. In fact, I never saw her again though I did return to Australia another time but that was for entirely different reasons.
"So long and thanks for all the fish."
Sociological issues aside, getting bit by one of these scams is functionally equivalent to having your hard drive become corrupted, and the obvious solution is the same -- restore your data from backup.
The thing that motivates people to pay $$$ to the scammers (and thus motivates the scammers to keep causing trouble) is that too many people don't back up their data, and thus it costs them less to pay off the scammers than it would to reconstruct whatever was on their hard drive.
Given the low cost of hard drives these days, it seems to me that every computer sold should come with a second hard drive pre-installed and a Time Machine-style automatic incremental backup system already activated -- and maybe even a shiny red button somewhere that says "revert computer to yesterday's state", or something. That way the "I don't think about how my computer works, it's just a magic box to me" crowd would no longer face an expensive new crisis every six months.
I don't care if it's 90,000 hectares. That lake was not my doing.
So, make a public announcement offering double the number of bitcoins the extortionist is demanding as a reward for the person's capture?
"The extortionist" is usually an entire gang of people, not just one person. I don't know how many bitcoins you'd have to offer to get someone to capture the Russian Mafia, and I can't imagine that gambit ending well in any case.
I don't care if it's 90,000 hectares. That lake was not my doing.
Australians are known for that.