Badly-Coded Ransomware Locks User Files and Throws Away Encryption Key

An anonymous reader writes: A new ransomware family was not tested by its developer and is encrypting user files and then throwing away the encryption key because of an error in its programming. The ransomware author wanted to cut down costs by using a static encryption key for all users, but the ransomware kept generating random keys which it did not store anywhere. The only way to recover files is if users had a previous backup. You can detect it by the ransom message which has the same ID:qDgx5Bs8H

App that apps other apps apps itself!

Apps!

Like the old viruses

So it's like the old fashion viruses that actually cause damage to your system then.

Re:Like the old viruses

[davester666]

Yes. It's the "erase your files" kind of virus...

Re:Like the old viruses

Hell yes! Those were the good old days. Corrupt and destroy, for no reason other than sheer malice. Yeah!

Re:Like the old viruses

As far as the developer is concerned, it works just as well/better than proper ransom ware. People will shower him with money and he doesn't even have to bother with the keys.

Re:Like the old viruses

[bytesex]

No, he's poisoning the well for them. Now people will think: my data is lost and cannot be recovered, even if I pay. I think this developer is going to get a few very unpleasant house calls - these people don't do regular law enforcement.

Re:Like the old viruses

[Tyrannicsupremacy]

Do not negotiate with terrorists. Excellent outcome.

This would have never happened.

If the author decided on an open source project, the community could have found and developed a fix during beta testing.

Re:This would have never happened.

Actually, TFA does admonish the author for not testing his malware, interestingly enough.

Re:This would have never happened.

That and they could've implemented a proper Code of Conduct which would've discouraged online abuse and decreased the overall level of butthurt, allowing women and minorities to be involved in greater numbers, who in turn surely would've found the error due to their diverse worldviews.

Re:This would have never happened.

[BarbaraHudson]

Worse, they give the instructions on how to fix it. Here is their rationale"

At BleepingComputer we never disclose bugs in a ransomware infection as that will just alert the developer and cause them to fix the weakness. In this particular case, though, we are going to tell the developer how to fix his mistake so that he doesn't continue to destroy his victim's data going forward. In our opinion, if a person becomes infected, we would rather they have a fighting chance of recovering their files rather than no chance at all.

So now, instead of abandoning it because it's broken, he can fix it and continue on his merry way:

The problem is that the AES key was not properly padded when it was converted into a Base64 string. When the PowerShell script tried to decode this string, it failed, and instead of the variable $RgDhcxSdghWd containing his decoded AES string, it now contained a NULL or empty value. If he had added one one more = character to the string, it would have worked as intended and everyone would have had the same AES key.

That's as stupid as pointing out to the guillotine operator who is about to behead you that the guillotine won't work because there's a knot in the rope.

Re: This would have never happened.

Maybe they did. But lost their development box in the process

Re:This would have never happened.

It's more like if the developer was prison guard, he would be giving away key to prison for each passerby. Currently he locks you with wrong key and throws it away, thinking he has a copy. Except he doesn't. If he had used the right key, anyone could come and open the door.

Every other prison guard has their prison's door opening key with just them, but they give out the one with which you can lock the door.

Re:This would have never happened.

This guy gets it. If society would only encourage more obese autistic gluten-sensitive trans black women to be malware authors, at least the malware wouldn't work.

Re:This would have never happened.

[Harlequin80]

No this is the same as pointing out the the guillotine operator the the blade is going to hit the trigger of the big ass pile of tnt that is under the platform and it is going to kill him and everyone around him. And suggesting that perhaps you move it to the right a little.

Re:This would have never happened.

[KGIII]

Alerting the guillotine operator that there's a knot in the rope might be a prudent thing to do, if the knot is located where your head will only be partially lopped off and mean you get a more painful death.

Re:This would have never happened.

[Dunbal]

the guillotine won't work because there's a knot in the rope.

Methinks you have a fundamental misunderstanding of how guillotines work. Lucky for you no one uses them anymore!

Re:This would have never happened.

[Lumpy]

And that is what he wants. He is one of those fools that wants to bleed to death in agony.

Re:This would have never happened.

[KGIII]

I may be wrong but I'm pretty sure the user is a she. We finally get a girl on the internet and you gotta go scare 'em away! Oh sure, "but they're not a real girl!" That's what you'll probably say. Well, if they identify as a girl you can sex 'em and it's not even gay! Hah! That's what I say!

Err, actually I say it doesn't much matter but that's a topic for another day. I guess.

Re: This would have never happened.

Maybe he doesn't believe in gravity. He could be American you know!

Re: This would have never happened.

[someone1234]

Isn't there a rope/chain which helps you pull the blade back to the original position? If this rope is across a pulley, or hole, and has a knot, it won't wind down properly, likely halting the blade. I don't know all the nuances of the RL construct of a guillotine, but i'm fairly sure it could be constructed with a rope and it may have a blocking knot feature and still be called guillotine.

Re:This would have never happened.

[BarbaraHudson]

The author of this "ransomeware" wanted to use one key so that he wouldn't have to make a "complicated database lookup for each key." Complicated database lookup? It's two fields. Looks like they wanted to use the cheapest hosting plan possible by giving everyone the same key - no database needed. What a schmuck. What a maroon ...

Re:This would have never happened.

of course, because then he could sue everyone under the dmca for circumventing his encryption when they found out and shared the decryption key.

Re:This would have never happened.

[Zaiff+Urgulbunger]

If the author decided on an open source project, the community could have found and developed a fix during beta testing.

To be fair, the author probably coded it, posted it somewhere, tried it out and then... "oh shit!"
So they likely half-tested it, and it did half work.

Article gives coding advice to malware author

I particularly enjoyed how TFA explained that they usually make it a point not to point out mistakes in ransomeware to the author to avoid giving them a leg up, but then "made an exception" in this case and proceeded to give a short lecture to the author about how to fix his "bug".

What a role model

[Opportunist]

I always thought we should lock up those bastards and throw away the key. Shall we take it as a recommendation how he wants to be treated when we catch him?

Re: What a role model

Due to an error in the prison system, we can't release you even though you've served your time. We though it would save costs use the same key for all cells, but your cell accidentally has a different lock to which we don't have the key.

Hope you have a backup!

Re:What a role model

[ememisya]

That's one way of writing a format virus.

Re:What a role model

[12WTF$]

I always thought we should lock up those bastards and throw away the key. Shall we take it as a recommendation how he wants to be treated when we catch him?

My object all sublime.
I shall achieve in time —.
To let the punishment fit the crime —.
The punishment fit the crime —.

Re:What a role model

Ransomware creators should be tortured to death over the course of several years.

So should people who don't keep backups.

Re:What a role model

[JustAnotherOldGuy]

I always thought we should lock up those bastards and throw away the key. Shall we take it as a recommendation how he wants to be treated when we catch him?

Seems like a waste of a perfectly good prison cell. I'd be happier if he never made it to the prison alive.

Re:What a role model

People like you is the reason the world is shit.

Re:What a role model

[penguinoid]

What a dumbass. If he had actually succeeded with his programming, it would have meant that any victim could give or sell the encryption key to his other victims.

Too bad he didn't also have a random ID, or accidentally give out the contact info of a "legitimate" ransomware maker, so that he could piss off the other ransomware makers even more by his "killing" of data hostages.

Re:What a role model

... I'd be happier if he never made it to the prison alive.

I assume you mean after he was judged in a court of law and convicted. Because a policy letting governments execute people accused of a crime will end badly.

Re:What a role model

Please, this is old school. What he wrote would be called a retrovirus by now.

Re:What a role model

Yes, people who care about the well-being of their fellow man and want an end to evil surely must be why the world is shit. Not because of unscrupulous people like you who want to take advantage of others.

Re:What a role model

That goes without saying. People aren't generally put in prison before their trials.

Re:What a role model

[cdrudge]

Put an electronic lock on the door that uses his code for unlocking it.

Re:What a role model

[Opportunist]

In this time, it's more often that you have to ponder how to make the crime fit the punishment that you'll get anyway.

Re: What a role model

The fellow man, who frequently doesn't have sufficient backups, deserves to be tortured to death. Yes, that's definitely caring about ones fellow man.

Re: What a role model

They frequently are. It's called not making bond.

Re:What a role model

I think we should be lenient with him, because he teaches us not to pay up. Where there is no hope of recovering the files, at least the FBI won't recommend giving in to extortion. Fucking idiots.

Re:What a role model

[graphius]

People who do not keep backups WILL be tortured in the next several years, unless they are extremely lucky...

Re:What a role model

You cannot prove a case 100%, especially if you heard of it by proxy.
Anyone can be lying, everyone has a price, and everything can be shopped and fucked with to fool even the best forensics. (which a lot of them are pissed at now since it is getting incredibly harder to deal with smart criminals)

It is as stupid as the death penalty.

Re: What a role model

The needs of the many outweigh the needs of the few. People who don't backup tend to harm more than just themselves.

Re:What a role model

[dave420]

Each post you make paints you as a bitter, sad, lonely, hateful person. It's not good reading - like a cry for help from someone who knows it's too late to meaningfully redress the balance in their life, that they are doomed to sail their lonesome, twisted course to the grave. I hope that's not the case, but I suspect it is.

Re:What a role model

At least he doesn't cause himself a bitch slapping from apk like you do dave420 http://slashdot.org/comments.p...

Re:What a role model

[JustAnotherOldGuy]

Each post you make paints you as a bitter, sad, lonely, hateful person. It's not good reading - like a cry for help from someone who knows it's too late to meaningfully redress the balance in their life, that they are doomed to sail their lonesome, twisted course to the grave.

Lol, I sense projection. :)

Sorry to dampen your little jealousy-fest, but it may come as a surprise to you to learn that I'm not here to live up to your expectations. :) lol

As for me, well....I have wonderful wife who I love very much, quite a few good friends who I've known for decades, and I just went back to work after being heavily courted by a company in Redmond WA (no, not Microsoft). They actually paid me enough to come out of a very comfortable retirement. What's not to like about that? :)

My son is out on his own, doing interesting and exciting stuff in the Air Force, and I couldn't be prouder of him. My side businesses pretty much run themselves and bring in a fair bit of extra "fun money" that I can do whatever I want with. I'm in good health and have no real problems in my life.

All in all I'm very happy with the way things are going for me. :)

So you go right ahead and whine all you want, Dave. I got a good laugh out of your arm-chair psychoanalysis, and I have to say, it really drove it home to me just how good I have it. So I thank you for that. :)

I hope things go better for you so that you don't feel compelled to be such a wet blanket all the time, Dave. Maybe you could meet a nice lady (or a guy, whatever) and start to enjoy your life a bit. Get out from behind the PC, put the phone down, and live a little. :)

Anyway, cheers!

Stupid

Well, that's one good example of why one should never negotiate with terrorists - you never know, maybe the hostages have been already executed.

Re:Stupid

[r-diddly]

Right, and that can happen either on purpose (cynicism, looking for efficiency), by accident (incompetence, bad planning), or some grey area (poor impulse control, rage). All excellent prerequisites for a career in the ransom business. Someone who didn't have such problems, causing them to constantly fuck things up, would presumably have a legitimate job where they didn't have to take such risks.

So easy to break the analogy between this and a real kidnapping though: A loved one is unique and irreplaceable, whereas data can easily be copied infinitely. People really need to take advantage of this beforehand and at regular intervals. No need to negotiate to get something you already have!

Re:Stupid

"Never negotiate with a terrorist. You will only encourage more acts of terror."

The same applies to ransomware makers and other blackmailers.

Usually the case

[lorinc]

Isn't that usually the case? I never thought paying the ransom would actually be followed by the recovery of the data...

Re:Usually the case

[NoZart]

The malware producers release the keys mostly, because people that are infected hear about that and are more willing to pay up...

Re:Usually the case

Isn't that usually the case? I never thought paying the ransom would actually be followed by the recovery of the data...

If that were the case anyone who became a victim of it would spread the word and eventually people would realize that you don't get the data back by paying.
The business model only works if the victim believes that they can get their data back.

This bug actually hurts the ransom-ware business.

Re:Usually the case

[Sqr(twg)]

Nope, apparently they do give you the decryption key, once you pay. If word of mouth was that it doesn't help to pay, then a lot less people would pay the ransom.

So this guy is destroying a very lucrative business model for some very evil people. It will probably not end well for him.

Re:Usually the case

[radarskiy]

This is why we can't have nice hostages.

Re: Usually the case

Important to have backups which cannot be accessed by your system in any case (unplugged USB drives, cloud service with their own revision system etc)

Re:Usually the case

[maestroX]

Definite showstopper.

Re:Usually the case

[bloodhawk]

yep I would doubt his employers will be very forgiving. He has basically given a nutpunch to a multi million dollar industry. I wouldn't be surprised if said coder has already received his only nutpunch in a far more fatal way.

Re:Usually the case

Isn't that usually the case? I never thought paying the ransom would actually be followed by the recovery of the data...

Although it varies with the specific malware, if you pay up they usually give you the key.

If there's no likelihood of getting your data back then why would anyone cooperate and send a ransom?

Re:Usually the case

[Falos]

So s/he has even more enemies, including those more able to track people down (if sufficiently motivated).

Well, they're kneecaps I won't feel very sorry for.

Re:Usually the case

So this guy is destroying a very lucrative business model for some very evil people.

I wonder if that's the point, and the bug is actually a feature. Release a few bugged ransomware variants, shift popular opinion (and official FBI advice!) away from "just pay the ransom." Let word get around that some of these guys won't send you the decryption key, and watch the real criminals' business model fall apart.

Re:Usually the case

[gweihir]

Recently, several of these scum have refined their business model and actually deliver decryption keys. In an utterly immoral move, possibly designed to inflate the perception of threat, the FBI has even recommended to pay: http://uk.businessinsider.com/...

Re:Usually the case

[kylemonger]

This Radiolab episode follows a ransomware victim through the tricky process of paying off the criminals and getting her files back.

http://www.radiolab.org/story/...

Re: Usually the case

Even multiple USB drives won't necessarily help you.

Let's say you do backup every week, alternating between two disk you keep in separate places. You catch the ransomware. Next weekend, the malware encrypts your backup disk #1. You store that encrypted backup in a safe place. The following weekend, you connect your second backup disk to do another backup. Now both of your backups are encrypted.

Re:Usually the case

Except that very often that's not true. It's not like malware has any "customer quality" built-in by default in it. The whole concept is inherently complex, unnecessary and evil.

Captcha: hostage

Re: Usually the case

Well there are still people who pais for Nigeria letters...

Re:Usually the case

Doesn't surprise me. When the FBI seize assets, they get to keep it.

Re: Usually the case

[The-Ixian]

Why would you continue to back up after you have been infected?

Also, even if you did, your new backups shouldn't be overwriting your old backups.

Also, just enabling shadow copy on your hard drive and running as a standard user will defeat all ransomware even if you never back up.

Re:Usually the case

[The-Ixian]

From what I have seen, these "ransomware" entities operate very much like any other business. Complete with office space, customer service and technical support. They want you to be "happy" with the end result (decrypted files) so that you can tell your friends that you got your files back.

DUMB

[jez9999]

Disasters Usually Motivate Backups

Re:DUMB

[antdude]

What if they already did and their backups got encrypted for ransoms too? :P

Re:DUMB

[AmiMoJo]

On this subject, as a refugee from OneDrive now that they capped it at 1TB for paying customers, I switched to SpiderOak. They were offering a deal where you got unlimited space for $150/year. Not the cheapest but their software is reasonable. I'd like more flexibility to have multiple backup sets, but at this point I'm just happy to be backed up. Or, at least I will be in six months once it has all uploaded.

At least OneDrive has just gone read only so I can restore from there if I need to. Screw you Microsoft.

Windows

[Grishnakh]

Well, that's what happens when you use Windows: you get infected with badly-written ransomware.

Moral of the story: don't use Windows. (Or, only use it on your employer's computers because they insist on it. If it gets infected, who cares, you're getting paid for the downtime anyway.)

Re:Windows

http://techcrunch.com/2015/11/06/linux-ransomware-is-now-attacking-webmasters/

Re:Windows

What part of badly-written don't you understand?

Re:Windows

Well, that's what happens when you use Windows: you get infected with badly-written ransomware.

Full disclosure: I'm 100% on Linux and in fact have never used Windows as my primary desktop. I had a spell of using it as a games platform before I got the Xbox, but even then Linux was my desktop.

If you think Windows has such ransomware and Linux doesn't because of the OS itself, you are smoking some good stuff. The reason is social, not technical. There is NOTHING that stops Linux from doing the same thing. The reason you don't see it is that the density of highly technical Linux users is very large, where on Windows it's very small. Add to that, there are many more Windows users, and Windows is a target rich environment.

If all those legions of Windows users descended on Linux tomorrow, then the day after tomorrow you'd have the same kinds of ransomware problems. Randomware can run just as well on Linux.

Ransomware: "See the dancing monkey! Install this awesome app now!"
Clueless user: "Sure! I'll do that right away!"

That's how it'll go. You don't even need root access to wipe out most data the user cares about. There's nothing at all about Linux to block this except that Linux users are mostly too astute to fall for it.

Never underestimate the power of dumb people in large numbers.

Re:Windows

[Grishnakh]

And how exactly does someone get infected with this anyhow? According to your link: "The malware requires administrator privileges to run and, presumably, a sysadmin who would allow for such a program to run unbridled." There's no mention on that page, or the "Dr. Web" page it links to, how anyone actually gets infected with this thing other than somehow getting themselves a copy and then intentionally running it as root. If there is an infection path it takes in the wild, these pages aren't specifying.

It's also mentioned that it works on systems running MySQL and Apache. Who runs Apache any more? Every serious Linux webserver is running Nginx now.

Finally, you're comparing apples to oranges. The Windows malware is for desktop and/or server Windows. The Linux malware appears to only be targeted at webservers. I don't know about you, but I don't run a webserver; for my websites I just use simple shared hosting and let someone else worry about that stuff (if my web host gets infected, no big deal, I'll just reload from backups). I'm worried about my desktop (/laptop) PCs, but since I run Linux there, I don't have to worry about any *serious* malware threats. No one has yet proven that there is any *serious* malware threat for desktop Linux.

Re:Windows

[Grishnakh]

A malware app that someone has to be dumb enough to manually install is one thing, getting infected with something because your web browser or your email program is vulnerable is another. Most of the Windows malware I've heard about doesn't require someone to manually install software, it's as easy as clicking on the wrong link in IE.

Also, a lot of Windows malware seems to thrive because Windows is homogeneous. Remember that Lenovo malware that was (still is I think) baked into their laptops' BIOS, and would replace a critical Windows system DLL? That stuff only works because Windows is so uniform. If someone has Windows 8.1 installed, then you can count on that DLL being there, and you can count on being able to replace it with a modified DLL and have things work out the way you expect. This just isn't the case with Linux: every distro is different, files are in different places, files are not binary compatible (you can't just take libfoo.so.4.2.1.0 from Ubuntu and drop it into an Arch install and expect it to work), distros change versions every 6 months (so libfoo.so from Mint 17 is incompatible with libfoo.so from Mint 17.1), systems don't even use the same init system and low-level utils (Ubuntu and Mint still use upstart, Slackware still uses sysvinit), etc. Everything works fine because of package management and distros building everything all together at once, but malware expecting to monkey with the internals simply won't work because there's too many variables.

Yes, if someone distributes some Linux dancing-monkey malware, there's nothing you can do to prevent people from being stupid and installing it, but I haven't heard about this attack vector being a serious problem on *Windows* for a long time. Even the Windows users aren't that naive any more; they've had this stuff drilled into their heads for years. They're getting infected in other ways.

Re:Windows

[bloodhawk]

really? that is the moral you get from this? nothing in this is a windows specific weakness, it is the same weakness that exists in Linux, OSX, Android, IOS etc etc. i.e. the idiot at the keyboard. The fact you think this way makes you probably one of there primary targets and hence yes you are probably better off on Linux or anything else until they focus there attention there as you will be an easy mark.

Re:Windows

really? nearly all the windows malware requires the user to install. especially the ransomware stuff. it is usually emailed to a dumb user or emplanted in something they downloaded. idiot user runs the program and bam they are done. You obviously aren't very familiar with security or malware given your post. only a tiny fraction of malware uses exploits beyond the "dumb user" vulnerability.

Re:Windows

>nearly all the windows malware requires the user to install. especially the ransomware stuff.

This shows that you are clueless about this.

Right now, I am looking at the output of the malware testing cluster's I designed/wrote for my employer. It grabs the latest malware from emails, live exploit URLs, etc. and show what the payload does.

Right now the system has captured 3 ransomeware in the last hour (slow day). None of them require any user interaction beyond going to an URL in an outdated website.

Re:Windows

Unless you are being targeted by three letter agencies.
But, by then, you have bigger problems than malware running on your box.

Re:Windows

please post some citiations then. all current ones show as being sent via emails or attached to dodgy downloads, I also work in security at my organization, we basically only see them coming in via email attachments where a user has to run/open attachment to be infected.

Re:Windows

>nearly all the windows malware requires the user to install. especially the ransomware stuff.

This shows that you are clueless about this.

Right now, I am looking at the output of the malware testing cluster's I designed/wrote for my employer. It grabs the latest malware from emails, live exploit URLs, etc. and show what the payload does.

Right now the system has captured 3 ransomeware in the last hour (slow day). None of them require any user interaction beyond going to an URL in an outdated website.

What you describe is again user error. only this time the bad users are the admins that permit email clients to be running where they can click on links and execute code. huge sign you have incompetent admins with insecure settings or outdated software.

Re:Windows

>Also, a lot of Windows malware seems to thrive because Windows is homogeneous.

SystemD is taking care of this "problem" in liunx.

Re:Windows

[LMariachi]

> Who runs Apache any more? Every serious Linux webserver is running Nginx now.

I don’t know if you’re trying to start another "BSD Is Dying" thing but

http://news.netcraft.com/archi...

Nginx is certainly making headway but it's still only half Apache's market share of the million busiest sites, and 30% among all active sites.

Re:Windows

The problem is a combination of two things:
(1) files, even saved attachments from e-mails, automatically get what would in *n*x be an 'u+x' permission.
(2) MS, in all it wisdom, decided it would be a good idea to hide the only way a user can tell an application from a data file, i.e. filename extensions (unless someone turns off that 'hide file type' option, which is the first thing I do on my own machines).

For the rest, security in Windows and *n*x doesn't differ *that* much.
You don't have to be an administrator to install software in either OS, as long as that software only has to access files belonging to the user who installs it. In fact, *n*x gives a false sense of security here, "I'm not root so nothing can happen."
Tricking a dumb user into issuing a 'chmod u+x' command and then launch that file isn't any harder than it is to get that same user to install dancing monkey / nude celebrity viewing software in Windows.

For your protection, this $ 1,000,000 prize notification we're sending you is secured against illicit access, which makes it a little more complicated to read it.
To do so, open a console, and issue the commands: "chmod 777 luckywinner" and "./luckywinner".
Now who (except those reading it here) would NOT fall for that 777 :)

Re:Windows

[thegarbz]

Most of the Windows malware I've heard about doesn't require someone to manually install software, it's as easy as clicking on the wrong link in IE.

Define "manually install". I would say the opposite. The amount of malware that spreads via windows these days requires some form of user interaction, typically clicking yes to the question of "Do you trust this random program from the internet". Even browser exploit based ones will typically require some kind of user interaction. It's been a long time since a URL or simply viewing a picture did harm to the computer.

Re: Windows

No it does not. Dustributions use different versions, compiles/links differently and so on. And besides that systemd is all root and not something that your user account can access.

Re:Windows

[Grishnakh]

Most people who would fall for that are also people who have no idea how to open a console window (or even know what that is). My wife uses Mint KDE on her laptop, and gets along just fine with it for all the basic tasks (web browsing, LibreOffice documents, file management, scanning, etc.), but ask her to do something on the "console" and she'll look at you like you have two heads.

People like this who use Windows instead also never, ever use the shell.

Re:Windows

And yet 100% of the infections will originate on Windows.

Re:Windows

[The-Ixian]

You are kind of coming down hard on IE.

There have been plenty of 0 day exploits in all of the major web browsers.

But more importantly, the exploits are generally Flash or Java based... which is browser agnostic.

Even still, just like with Linux, if you run as a standard, unprivileged user, the damage to your system will be limited to just your data.

Better yet, if you do this AND enable shadow copy on your data volume, you can recover all of your files even if you don't have any backups. This is because shadow copy replicas are not directly accessible to the user.

Developers...

As a software tester I can say developers make bad testers indeed!

Dev: "The unit tests all passed. Let's ship it to production!"
QA: "How many unit tests did you make around this new functionality."
Dev: "None. I write those while I wait for ops to get the code deployed to production"
QA: "... So you believe in time travel to fix your bugs? And for that matter, how many unit tests have you written since the last deploy?" ... You see where this is going, Le Sigh.

Re:Developers...

[meerling]

For optimal software testing, you need several types of testers.
The dev - Someone who knows how to code and what this software is supposed to do, and intimately.
The hacker - Someone who knows how to code, and doesn't care what the software wants because dammit, he's going to make it dance a frigging jig for giggles.
The user - Doesn't know coding, but knows the subject the software is based around because he's the one that uses it. He knows exactly what it needs to do and what he wants it to do and will gladly tell you how you are failing in that.
The ignorant - Can't code, doesn't want to, isn't sure if this computer thing is actually filled with enslaved magic pixies. If there's anyone that will do something no intelligent rational person will ever think of, the ignorant is king. You'd be amazed how many show-stopper bugs have been found by them.

Re:Developers...

Spoken like someone with experience in quality control. Well said!

Re:Developers...

I was thinking more spoken like a manager.

Re:Developers...

The ignorant:

"Wait, so you're telling me you clicked the close button right in the middle of the database reorganization process?"

"Well, yeah, it was taking more than a few seconds and I wanted to get to my email"

Need for a Dedicated Download Computer

[BoRegardless]

Get a virtual machine up and running or an older MacBook off eBay and it does Internet and all downloads.

Any crap needs to be isolated to the VM or email machine.

Re:Need for a Dedicated Download Computer

How cute!
  if someone is in the black market money investments are not too far off from putting your illicit drugs up for endless trials and food and drug comission approvals. Cutting corners here.
You can be sure this crook is advanced enough to warrant owning multiple physical computers, but being a crook, won't have empathy for others by testing on his own devices

Re:Need for a Dedicated Download Computer

buckets to 11

Re:Need for a Dedicated Download Computer

[Lumpy]

Or just a Chromebook and a USB stick.

transaction log

https://blockchain.info/address/1Pw1JinSMhf93MRqfYW3KeywX8oFjs6fLe
I can only hope those transactions are by the owner of the wallet, like putting a few coins in a tip-box.

Epic Troll

For extra lulz, the ransom should have been sent to "1BitcoinEaterAddressDontSendf59kuE".
http://bitcoin.stackexchange.com/questions/35842/is-it-actually-possible-to-create-a-verifiably-unspendable-address

These "proof of burn" addresses can be used to demonstrate that you're a "better class of criminal"...
https://theonewithjb.files.wordpress.com/2014/08/joker.gif

"It's not about money! It's about sending a message: everything burns!"

Probably outsourced the coding to Indians

Seems like the kind of quality you can usually expect from those lazy, cheating, corner-cutters on the subcontinent.

Ummmm... about that linux "ransomware"

[StevenMaurer]

Now that we've decided to help bug-fix ransomware, anyone consider its usability?

"Once launched with administrator privileges, the Trojan loads into the memory of its process files containing cybercriminals' demands:"

In other words, it probably goes something like this:

% tar -xf "ransomware-dontrunme-whatareyouanidiot?.tar"
% cd ransomware-dontrunme
% ./configure > /dev/null 2>&1
% make > /dev/null 2>&1
% make install > /dev/null 2>&1
%./runransomware
Error: Permission denied. Please run as root.
% sudo ./runransomware
Password:
Segfault in libc.so. Please reinstall.

Followed by much sighing, and trying to google what the problem is.

See, this is the problem with the Linux desktop. Even installing malware is just too darned complicated.

If only

[Viol8]

Unfortunately it seems some people Just Don't Get It. They would probably recoil at the idea of only having one set of house keys yet for some reason they think having only 1 copy of important files is just dandy. To be frank, they deserve what they get because if this sort of malware doesn't get them then a dead hard drive or their own fat fingers on a delete button will one day.

Just asking......

[JustAnotherOldGuy]

Just asking......would anyone really be all that upset if the fucker that coded this was hunted down and beaten to death? Or shot full of holes?

I've searched my soul (what tiny, tiny fragments remain) and personally I wouldn't mind one bit.

Seriously, if I read tomorrow morning that he'd been found dead as a result of some brutal, awful violence, I wouldn't even stop eating my bagel.

Re:Just asking......

What the hell is wrong with people like you? It's not that the guy isn't a first class cunt, but what sort of poorly controlled emotion causes a person to warm to the idea of torture and death? I sometimes wonder whether some humans have a repressed bloodlust and they use righteous indignation as an excuse to bring it out.

Sure, lock the guy up, seize everything, whatever, following due process. Be more civilised than he is, not less.

Re:Just asking......

You're really one tough old guy, JustAnotherOldGuy.
If you choked on your bagel tomorrow, I wouldn't give a shit

Re:Just asking......

No problem.
Just two questions -
      1. How much of a bounty will you pay?
      2. How will you deliver it?
If you could provide satisfactory answers, he
probably wouldn't be in business much longer

Re:Just asking......

Don't be utterly stupid and inhumane.

He has been bad, but could have been defeated by something called a backup.

If you really truely think what you said above then I think that you need help.

Re:Just asking......

oh the irony

Re:Just asking......

maybe his parents would care if he was hunted down and beaten to death? Or shot full of holes? I'm sure that no parent would want their son or daughter to die. Just a thought.

Re:Just asking......

[Calydor]

what sort of poorly controlled emotion causes a person to warm to the idea of torture and death?

One too many instances of thinking, "This is why we can't have nice things."

Re:Just asking......

And see how many fucks I give.

The person brought it upon themselves, either by fucking up a nice coding gig for the Russian mafia, or was freelancing and stepped into their turf. Wishing harm to come to them does nothing in real life. Harm will find them anyway.

Since no one is taking care of the problem (meaning three-letter agencies and other law-enforcement types), watching the sharks start eating each other will be more than sufficient.

Re:Just asking......

[KGIII]

If I had a kid like that, I'd kill them myself!

(No, not really. Just following the theme.)

I'd actually hire them a good lawyer and get them mental health help - failing to work towards their mental health would mean my retraction of their lawyer. That and, well, my kids don't have to commit crimes for money but, if they did, that's how I think I'd go about it.

Re:Just asking......

[gweihir]

Naaa, just let him pay for all the damage he has done. Should take him a few lifetimes.

Re:Just asking......

>but what sort of poorly controlled emotion causes a person to warm to the idea of torture and death

I believe it is called revenge. Shakespeare wrote several books on it, along with many modern authors. Perhaps you should investigate it?

Typically those working in the psychology industry don't consider feelings of revenge a significant issue if they don't affect the person. In fact, I am willing to bet "Felt a little happier when reading about the guy being offed, kept doing everything exactly as I've always been doing it" would be considered a very healthy reaction by those people.

Yours would be considered negative, because you're trying to suppress someone else.

Re:Just asking......

I don't know why that hasn't been a Nicolas Cage movie by 2015.

Re:Just asking......

I sometimes wonder whether some humans have a repressed bloodlust

Yup, they do. You need to watch more contemporary news and look at history.

Re:Just asking......

[gsslay]

What the hell is wrong with people like you?

Because on the internet, everyone is a tough guy and everything is just words.

Re:Just asking......

[The-Ixian]

I know. I am constantly amazed at the outright hostility of people.

It is NOT OK to threaten people because you disagree with them.

Fuck All Of You ACs

I'm with you. Kill everyone of these Cryptowall thieving bastards. The world would litterally be a better place and I would lose not a single other thought cycle to these little parasites.

Fuck them and fuck every one of these bleeding heart whiny-assed liberal Anonymous Cowards that are railing against you and your post. I hope Cryptowall silences their pathetic granola crunching asses.

I see what you did there Mr Robot....

That's not a badly coded ransomware, that's was the intent of FSOCIETY's malware.

because he bounced all Command Control through you

because he bounced all Command Control messages through your IP address and now they are coming for you.

Any death/extreme penalty can be abused and used to set up innocents and is the main reason countries/states choose not to implement them.

Your innocent in the eyes of the law until you are proven guilty, only that does not mean a) you did it b) you deserve it. ::I am commenting on Slashdot as an Anonymouscoward, this can not end well::

Money back

[rastos1]

This is outrageous! I'm going to ask for my money back!

Low quality criminals

[lucm]

That hacker has what it takes to join the Home Alone crew (the wet bandits)