Slashdot Mirror
Many Australians Forced To Pay For "Unbreakable" Cryptolocker Ransomware
An anonymous reader writes: Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus [Cryptolocker]. The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam. The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers. Bad news for Australians: this is just one of many targetting the country.
Gets Cryptolocker installed. Via Group Policy, it prevents, among other things, anything being executed from the user's temp directory/ies - which is where email attachments are placed for whatever operation they require - picture preview, etc. It's not a guarantee, but it presents a big obstacle to any attacker attempting to fool a user into executing their code simply by opening an email.
Not affiliated, just a happy user.
They sentenced me to twenty years of boredom
but shouldn't they be used to this? i mean EVERYTHING in that country evolved to kill them. what's a bit of ransomware compared to magpies attacking their eyes when they go shopping? ever touched gympie gympie? just look at children armed with dingo sticks on their way to school... WTF is ransomware compared to that? on a scale of 1 to 10, this sofrware must be -5.
The real risk are the Drop Bears. Suicidal little buggers. Gotten worse since they figured out how to make explosives.
Seriously, a lot of Australians are just idiots. Computer technology has proliferated in the last 20 odd years but brains haven't. Almost everyone now has some kind of computer and has to use one for work but cant seem to grasp the basics of security. I have to wonder if these people would open a package some random stranger gave them on the street.
Combine this with the fact there is a large subculture glorifying idiocy and backwards thinking in this country (that's about to become a serious problem, but that is for another thread) and it's little wonder that people are getting Cryptolockers.
I have no sympathy for them, its the sysadmins that have to restore backups that I feel sorry for. Inevitably Braindead Bruce will get angry at the sysadmin when they find out that Bruce didn't keep backups of his important files (read: porn and car pictures).
Calling someone a "hater" only means you can not rationally rebut their argument.
Scam would imply this is some kind of fraud or swindle, like a con artist trying to trick you. This is plain extortion, they've kidnapped your data and is holding it ransom. If bad things really do happen if you don't pay, it's not a scam any more than being robbed at gunpoint is.
Live today, because you never know what tomorrow brings
I know someone who personally accounts for 4 of those installations. On the same computer. Because she's fallen for the same frikkin scam four times. Every time I ask her "why did you open an email claiming to be from the IRS, when we don't have an IRS in Australia", she tells me "because it sounded real". You should see the grammar in these scam emails, too: they're written like "please effective the transactionments with the rapid or we can has your cheeseburgers". Yet she's still fallen for it. Four. Times.
Fortunately, I back that site up effectively.
Do a reverse fish. Tell them that you'll give them anything they want, but you've run out of prepaid broadband credit. They need to send you $30 so you can buy another voucher.
I hate printers.
Current ransomware will just destroy your data. But wait until the crimeware authors switch to "pay us X btc, or we'll make make your online activitiy look like that of a terrorist."
...we start lists at zero around here.
0 - Prevention is preferable to cure, avoid giving your PC the power to crash your life in the first place.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Oh, surely you can do better than that?
"which computer? I have seven"
"all of them sir"
"even the ones not connected to the internet? which one do you want me to turn on?"
"any computer, sir"
"so, what are the error messages?"
and so on. Had one of them on the line for almost 20 minutes. In the end he screamed obscenities at me and HE hung up. I told one girl her mother would be ashamed of her, I told another one I couldn't get to the computer because I had a broken leg. Even told another that the call would be traced because I was on a silent number and in the witness protection scheme and the SSB would be breaking down their door any minute.
It's quite a challenge, coming up with something original that'll disrupt their script and waste their time. I plan to learn some insults in Hindi, that'll be fun.
"Your computer is sending us error messages sir"
Hindi: f*ck off you untouchable pig-f*cking corpse-handler. Your mother suckles..... well, you get the idea.
They sentenced me to twenty years of boredom
In Australia we call them waiters, and no, I like the girls too much to be interested.
WTF is ransomware compared to that?
Current ransomware will just destroy your data. But wait until the crimeware authors switch to "pay us X btc, or we'll make make your online activitiy look like that of a terrorist."
And you'll have the crimeware alibi as well to provide reasonable doubt. Wouldn't get a cent out of me.
If you survive the raid on your house.
Think "swatting", just done for profit and on a larger scale. And these criminals usually don't get caught, unlike the usual revenge swatter.
Comment removed based on user account deletion
CryptoWall/CTB-Locker/Cryptolocker (or whatever the variant's name is this month) seems to have difficulty with or is rather slow at getting to data stored in the container for the Volume Snapshot Service. For businesses that do not allow their users to run as administrators (or have them elevate from a privileged account), they can typically restore a reasonably recent snapshot of data folder by folder using the Previous Versions option.
If the user is an admin, I've found that the window for recovery using VSS is smaller, but certainly better than nothing. Network shares should be restored from backups or VSS from the server (if Windows). I haven't figured out what to do with flash drives quite yet....even most data recovery software doesn't find much since the files are never really erased, just overwritten with encrypted copies.