Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open-Source Ransomware Abused For the Second Time In Real-Life Infections (softpedia.com)

Posted by timothy on from the dark-side-wins-some-rounds dept.

An anonymous reader writes: After the Hidden Tear (open-source) ransomware code was used to create the Cryptear.B ransomware, now the EDA2 open-source project was used in the same way to create the Magic ransomware. Both projects were created by the same guy. While he left an encryption flaw for Hidden Tear, he didn't for EDA2, relying on a backdoor in the ransomware's admin panel, which he planned to use to steal the encryption keys from the ransomware authors, if they ever used his tool. Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

100 comments

  1. Victims should sue by mysidia · · Score: 4, Insightful

    The hosting provider who delete the files for damages.

    Unfortunately, the ransomware's C&C servers were on a free hosting service, and someone reported the account. All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

    If it was reported to them, then the provider KNEW or should have known their servers were holding a criminal's data, including possibly encryption/decryption keys and stolen assets in relation to ransomware, which the providers' services had aided.

    At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities.

    Complete deletion was an act of negligence, and if they aren't criminally tried, the provider should at least be compensating victims for their loss that was a result of not being able to obtain ransomware decryption keys which the provider destroyed.

    1. Re: Victims should sue by mbeckman · · Score: 3, Interesting

      "At that point, the hosting provider became duty bound to without fail take steps to preserve evidence of the criminal activity, for inspection by authorities. "

      Duty bound? What duty is that? The victims have no contract with the provider. Sure, it would be nice if the provider happened to recognize this as a ransomware control server, and saved the data. But duty bound? That's a fantasy. The victims are victims of the perpetrator, nobody else.

    2. Re:Victims should sue by Anonymous Coward · · Score: 0

      i think the problem here is trying to determine what files belong to who. too much hassle, might as well delete it all and tell people they're on their own.

    3. Re: Victims should sue by Anonymous Coward · · Score: 1

      If you reasonably should have known there world be a criminal investigation and you destroy evidence, it's illegal. That certainly seems to be the case here.

    4. Re: Victims should sue by Anonymous Coward · · Score: 0

      There doesn't have to be a contract. You don't have a contract with a policeman, but while you're under arrest he has a duty of care for your safety.

      But this is more about destruction of evidence, which is a criminal matter.

    5. Re: Victims should sue by Anonymous Coward · · Score: 1

      Wow, lighten up francis. You're not a prosecutor. You're a commentator on a blog.

      Get off your high horse.

    6. Re: Victims should sue by mysidia · · Score: 1

      Duty bound? What duty is that? The victims have no contract with the provider.

      The duty is a duty to the public (including victims) to abide the law by not destroying evidence.

      It is not a contractual duty. It is more like the duty involved, where you are a school worker and you routinely open a student's locker to find illegal drugs --- just emptying their locker out into the garbage incinerator is a crime of disposing of the evidence.

    7. Re: Victims should sue by mwvdlee · · Score: 1

      And what if the free hosting site was based in some country that is not beholden to US laws?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    8. Re: Victims should sue by greenfruitsalad · · Score: 2

      there's no such country! just ask MPAA/RIAA

    9. Re: Victims should sue by Anonymous Coward · · Score: 0

      An unfortunate consequence of the policy of "shoot first ask questions later".

    10. Re:Victims should sue by Bert64 · · Score: 1

      Also not their problem, they should simply hand over all the evidence to law enforcement.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    11. Re:Victims should sue by Anonymous Coward · · Score: 0

      It would have been helpful for article to name at least the country where the hosting service was operating from. This way we, the internet could have determined the value of contacting the authorities for a legal process. Some nations have had the being poor, oppressed and weak written in their national memetics since the invasion of Mongols.

    12. Re: Victims should sue by Bing+Tsher+E · · Score: 2

      And you're an anonymous commenter on a blog. Get off that hobby horse, runt.

    13. Re:Victims should sue by Ol+Olsoc · · Score: 1

      Complete deletion was an act of negligence, and if they aren't criminally tried, the provider should at least be compensating victims for their loss that was a result of not being able to obtain ransomware decryption keys which the provider destroyed.

      FTFA - "Creator of both projects is Turkish security researcher Utku Sen, who says that both his projects, Hidden Tear and EDA2, were published only for educational purposes.

      Yeah. Create a monster, release it into the wild, the obvious thing happens, and it's all the fault of the server owner panicking.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    14. Re:Victims should sue by Ol+Olsoc · · Score: 0

      Also not their problem, they should simply hand over all the evidence to law enforcement.

      Since law enforcement isn't even involved yet, and we don't know how far this infection has spread, I guess you demand shutting down teh Intertoobz, right? Wait for law enforcement, that might never even be involved.

      It's a little strange. Slashdotters seem to want the server owner strung up shot, burnt, buried, and then exhumed and do it all over again.

      Haven't heard a thing about the asshat that seemed to think that creating a monster and introducing it to the wild, and thinking it was for "educational purposes" might have just the tiniest itty little bit of responsibility for the mess.

      Especially after version 1 was used by the bad guys, he strengthened it and released a second version into the wild.

      And a fsckin security researcher to boot. I don't get it - What kind of secure world does he live in where you publish - and therefore do the legwork - for the very people you are supposed to be securing against?

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    15. Re: Victims should sue by mbeckman · · Score: 1

      tlambert: I can certainly see why you're not a prosecutor.

    16. Re: Victims should sue by mbeckman · · Score: 3, Insightful

      mysidia: while good-intentioned, that's simply not how the law works. A third party that destroys evidence as a side effect of securing the safety of themselves or their property commits no crime, because their intent is not to destroy evidence, but to regain their own security.

    17. Re:Victims should sue by Fnord666 · · Score: 1

      And a fsckin security researcher to boot. I don't get it - What kind of secure world does he live in where you publish - and therefore do the legwork - for the very people you are supposed to be securing against?

      Maybe the various AV companies can sue him for infringement of their methods patent on this.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    18. Re:Victims should sue by Anonymous Coward · · Score: 0

      Sue the hosting provider? Seriously?

      Hosting provider gets notified that a client is using his account for criminal purposes. That is a violation of terms, so they ditch the client. "Criminal purposes" can be anything, so; Delete the files, could be warez or even child porn in there. The account might even be involved in an ongoing attack, so they had better get rid of it NOW.

      No, sue the criminal who set this up. If he got money, have him pay for the recovery he is no longer able to do with a press of a button. Have him suffer. If he don't have money - well at least he can loose his house, car, etc.

    19. Re:Victims should sue by smooth+wombat · · Score: 1

      You're missing the point. On this site the majority of people will tell you it's not the Aaron Schwartz's of the world (see above), or the hackers or the people who create the ransomware that are in the wrong. Nope, it's everyone else who should be held accountable for something they did or did not do.

      See the previous article talking about a law saying IT people are now required to report instances of child porn they find on someone's machine. The litany of people defending the pedophiles, saying IT people have no responsibility to report such crime, was amazing.

      Same with this. It's not the person who created the ransomware who is responsible, nope, it's the hosting company who had nothing to do with anything other having an agreement to give the guy space that is the problem.

      Though this isn't surprising on here. The act of personal responsibility has been jettisoned in favor of coddling those who are being oppressed because they choose to live an alternative lifestyle. They bear no responsibility for anything because someone, somewhere else, gets to pick up the tab or take the blame for someone else's actions.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    20. Re: Victims should sue by Hognoxious · · Score: 1

      Neither the dope in the locker nor the data are a clear and present danger.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    21. Re: Victims should sue by Anonymous Coward · · Score: 0

      If you reasonably should have known there world be a criminal investigation and you destroy evidence, it's illegal. That certainly seems to be the case here.

      It's called spoliation of evidence."

    22. Re: Victims should sue by tlambert · · Score: 1

      tlambert: I can certainly see why you're not a prosecutor.

      Yes, me too.

      Activist prosecutors do not last long, when they try to make points regarding social parity between how the legal system treats companies vs. how the legal system treats people who make political statements regarding publicly funded research.

      Here's hoping that that hosting service was the one backing the ransomware that just cost three banks in India millions of dollars...

      http://yro.slashdot.org/story/...

    23. Re: Victims should sue by KGIII · · Score: 1

      LOL Umm... I think you might be mistaking why it is he sees that you're not a prosecutor. I'd suggest that you take some time to actually study law before opining on matters of law IF you want to be taken seriously. Or, well, just keep doing what you're doing and expecting the results to be different... It's entirely up to you but I'd seriously recommend some formal study if possible or some informal study (via auditing courses or reading the course material and studying that) if you're actually interested in matters of law. It's quite a fascinating subject. I'll give you one small example, but I believe Mr. Beckman is far more adept than I, morality doesn't always have a place in law.

      You're not be a prosecutor, not because you'd be an "activist" or the likes, but because you're obviously lacking the educational background. Don't worry, you can learn if you want. I know a little - enough to do some of my own legal work but I still hire legal council when needed. I hire them as council not to represent, I'm that familiar with law. The example for your tirade is the big assumption that you made which is, I'm pretty certain, false - they are not necessarily duty bound, and I suspect you lack the information (and material assets to gain that information easily) to make such determinations. It's even all the more amusing that you attempt to make those claims with such an authoritative stance.

      I suspect, having bumped into Mr. Beckman before, I'm being slightly more polite than he might be. I'd take care to listen to him - he does appear to be an authority on matters of law.

      --
      "So long and thanks for all the fish."
    24. Re: Victims should sue by Anonymous Coward · · Score: 0

      mysidia is a 'Murrican. They all think like that. Sorry mate.

    25. Re: Victims should sue by tlambert · · Score: 1

      The example for your tirade is the big assumption that you made which is, I'm pretty certain, false - they are not necessarily duty bound, and I suspect you lack the information (and material assets to gain that information easily) to make such determinations.

      I was explicitly glib about their duty being to cover their own asses. I implied no other duty.

      Then I listed a number of legal theories under which their asses were not covered, including legal liabilities under the computer fraud and abuse act.

      I'll provide detail, but we should start with the fact that the data that was destroyed did not belong to the perpetrators of the ransomware, and neither did it belong to the hosting company: it belonged to those being ransomed. There is a vicarious responsibility and an implied custodial responsibility, given that the data was held in trust.

      We can start with the question "what is their procedure for data on their servers, when a customer becomes severely in arrears on paying for its storage: do they summarily delete it, or is it held in trust pending some time period and/or subsequent payment of the amount in arrears? From their web site terms and conditions -- we see it is the latter.

      So now we have a theory to which we can apply the idea of "what is the policy on receipt and reply for dispute resolution to DMCA takedown notices? We can reasonably conjecture that a report of illegal activity in one case, and a report of illegal activity in another, should fall under the same ploicies and procedures.

      Now let's argue the charges I suggested, when I suggested "throwing the book at them":

      The question on the contributory negligence must be whether or not they vet their customers to provide a best effort at having a priori that their customers will not use their service to perform illegal acts. If there is no such attempt, they are de facto negligent.

      The question in the particular case of the three sections cited of the act is not whether they had a priori knowledge of the illegal activities of the people engaging their services, but whether a posteriori, having been notified of said abuse, and the nature of the abuse, and nominally portraying themselves as IT professionals, they had a reasonable expectation that destroying said data, rather than merely off-lining it, would make the ransomware victims data unrecoverable.

      We can take a vote among IT professionals here, or among JDs (I am not a JD; however, I have passed a bar exam without requesting admission to the bar), but I suspect that the consensus would be that there would be a reasonable expectation that they would be destroying the ability to recover the victims data, by destroying the hosted data.

      That's the last three charges I listed covered with "a reasonable person knowledgable in the field".

      Now, assuming they are adjudicated to be reasonably knowledgable in the field in which their business operates...

      Was destroying the data a posteriori to the notification a "cover our asses on involvement" act, or was it a tacit admission that they have been defrauding their other customers by claiming expertise they did not have?

      The best way to put this into evidence would be to just put the claims on their corporate web site at the time of the event into evidence.

      At which point it now becomes necessary to explain the deletion of the information, if they knew it was being used for ransomware.

      It constituted, at the very least, evidence for which there was a likely criminal investigation which would take place; if there was said knowledge, then that justifies the tampering with evidence and spoliation of evidence charges.

      Additionally, that knowledge means that by deleting that data, they committed, at least in theory, one of two acts:

      (1) If the intent of those operating the ransomware was to use the data stored on the service, then deletion of the hosted data did in fact result in prop

    26. Re: Victims should sue by tlambert · · Score: 1

      A third party that destroys evidence as a side effect of securing the safety of themselves or their property commits no crime, because their intent is not to destroy evidence, but to regain their own security.

      It depends on whether the safety we are referencing is "the safety of their property" or "the safety of themselves with regard to prosecution". If the latter, then all destruction of evidence would not be criminal. 8^)

      The points to consider are:

      (1) Was deleting the data necessary, or would it have been sufficient to off-line but retain it for a period, as their web site states that do for delinquent accounts?

      The clear answer is that deletion was not necessary; data stored in off-line storage does not actively contribute to endangering themselves or their property.

      (2) Did they investigate sufficiently to determine that the data was in fact back-end data for ransomeware?

      The clear outcome for either answer is:

      (A) If yes, then they surely knew that it constituted criminal evidence

      (B) If no, then they were dealing with an unsupported assertion, which should have been treated similarly to their DMCA dispute resolution policy

      They have some culpability.

      I suspect, unless they are running totally non-redundantly, with no backups, that the data is most probably recoverable.

    27. Re:Victims should sue by tlambert · · Score: 1

      Sue the hosting provider? Seriously?

      Hosting provider gets notified that a client is using his account for criminal purposes. That is a violation of terms, so they ditch the client. "Criminal purposes" can be anything, so; Delete the files, could be warez or even child porn in there. The account might even be involved in an ongoing attack, so they had better get rid of it NOW.

      Do you have a hosting provider?

      What's your account there?

      You're not willing to post that information on Slashdot, because you'd have to be insane?

      *NOW* do you see the problem with a "delete all the data when a report comes in"?

      Better to treat it as a DMCA takedown notice, and throw it into dispute resolution, in case this is the electronic equivalent of SWATting...

    28. Re: Victims should sue by Anonymous Coward · · Score: 0

      The provider has no requirement to investigate abusive traffic for criminal activity. Zero. None. zilch. That is the job of prosecutors. So all your arguments are nullified.

    29. Re: Victims should sue by tlambert · · Score: 1

      The provider has no requirement to investigate abusive traffic for criminal activity. Zero. None. zilch. That is the job of prosecutors. So all your arguments are nullified.

      Then at best, by operating said site, they have constructed a public nuisance.

    30. Re: Victims should sue by tlambert · · Score: 1

      At worst, they are an accessory before the fact.

    31. Re: Victims should sue by Anonymous Coward · · Score: 0

      Duties can exist in tort as well as contract. It's called duty of care. Otherwise there would be no such thing as negligence.

    32. Re: Victims should sue by Anonymous Coward · · Score: 0

      You're right: it is the duty of the police to investigate crime. But if a party destroys the evidence of the crime they are guilty of obstruction of justice.

  2. Throw the fucker in jail ... by Kaz+Kylheku · · Score: 3, Interesting

    Give him a 25 mHz 386/SX box with NetBSD. Release date is "when you crack the key to recover the data".

    1. Re: Throw the fucker in jail ... by Anonymous Coward · · Score: 0

      25 millihertz? Wow, that's slow!

    2. Re:Throw the fucker in jail ... by thegarbz · · Score: 1

      Who?

      The guy who wrote the Open Source software with a back door and good intentions?
      The guy who used it nefariously?
      The guy who reported it?
      The guy at the hosting provider who killed the C&C server?

    3. Re:Throw the fucker in jail ... by Anonymous Coward · · Score: 0

      What good intentions? He's a criminal who was hoping to steal the revenue from other criminals.

  3. Am I missing something here? by Anonymous Coward · · Score: 2, Interesting

    I ask this in good faith -- why is there open source ransomware? I have no problem with uploading encrypted data for backups and security purposes. I have no problem with such tools being open sourced. But ransomware is, by definition, used for extortion. Isn't the mere existence of open source ransomware (or any other ransomware) an abuse?

    As for the hosting provider, they should be liable for civil and criminal damages. Victims whose files are unrecoverable because the account was deleted rather than locked have every right to sue. But it also is deleting data that should be relevant to a criminal investigation. The hosting provider should have known these things, so there's no excuse. They probably should be liable both for civil and criminal penalties.

    1. Re:Am I missing something here? by cold+fjord · · Score: 2

      I ask this in good faith -- why is there open source ransomware?

      The short answer is that some people have bad values. If you want to dive deeper you could consider the OpenBSD licensing philosophy as a proxy for the Open Source or Free Software movement. The software and its code become an end in itself, What is "good" is defined in terms of working code that complies with the license. The ultimate purpose of the code is practically irrelevant. From time to time there are controversies that arise in regard to some proposed change in the license of some software. I seem to recall several for the GPL. These generally seem to be aimed at harming US national defense, or some sector of the economy. You can probably chalk aspects of this to the nihilism of orur present age.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    2. Re:Am I missing something here? by meerling · · Score: 2

      Researchers do a lot of things, even if only to understand how other people do them.
      On the other hand, this guy was a moron for publishing this stuff. The moment you put something like that out where anyone can get there hands on it, it's too late to stop scum from grabbing it. You'd think after the first time he'd realize that. At this point, I wonder if it was intentional on his part.

    3. Re:Am I missing something here? by fustakrakich · · Score: 0

      These generally seem to be aimed at harming US national defense, or some sector of the economy.

      It's a plot, I tell ya! Aye, it be pirates!

      And are you saying the nihilism of the past (when? Roman Empire days? 1950s?) was more, seemly, perhaps?

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:Am I missing something here? by Anonymous Coward · · Score: 0

      I ask this in good faith -- why is there open source ransomware?

      It is a weapon. Like all weapons, it can certainly be used in criminal ways. It can also be used in legal ways, such as penetration testing. Or against a legal target, like an ISIS server.

    5. Re:Am I missing something here? by Anonymous Coward · · Score: 0

      I ask this in good faith -- why is there open source ransomware?

      Because we have untraceable money payment systems such as bitcoin and probably soon zcash which are designed to make this easy and safe for extorsionists. Propose people an easy and safe way to make money, show them how much they earn by hard working and count how long it takes to convert them. It can be as fast as just a more annoying than average day at work.

      Encrypting a remote PC means there's never any contact between the victim and the extorsionist. That's quite an interesting business model, less chances of being caught than by kidnapping kids or selling drug or weapons.

      Has nobody noticed that while ransomware has been existing for more than 10 years, it really started to take off when bitcoin started to be accepted as a money at many places and some banks are thinking about it ?

  4. Does this mean that we should rejoice? by Anonymous Coward · · Score: 2, Insightful

    Is it a cause for rejoicing that when we've been hit with a ransomware attack that the attacker is an ethical one that will promptly restore things when we pay the ransom? You know, an attacker that has a fiduciary responsibility to act promptly when we submit to his demands. Does this mean we should deal with only the reputable extortionists?

    1. Re:Does this mean that we should rejoice? by Anonymous Coward · · Score: 0

      And only the classy hookers.

    2. Re: Does this mean that we should rejoice? by Anonymous Coward · · Score: 0

      Every business ultimately relies on its reputation. Take from that what you will, but, for the mafioso types, their reputation is everything.

    3. Re:Does this mean that we should rejoice? by sumdumass · · Score: 0

      Actually, yes you should only pay the ethical attacker. It will teach the unethical hacker that his profits are extremely limited when word gets out that paying doesn't fix the problem.

      Of course in an ideal world you wouldn't have to pay any hacker. But there are times you might not have that choice.

    4. Re:Does this mean that we should rejoice? by Anonymous Coward · · Score: 1

      you should never under any circumstance pay ANY of them. IF that means taking a hit yourself then so be it. Paying them just perpetuates the problem, their is no such thing as an ethical ransomer, their only interest is to fuck you over for as much money as possible.

    5. Re:Does this mean that we should rejoice? by mwvdlee · · Score: 1

      If you pay an anonymous extortionist money to no longer extort you, is there any reason to believe he'll stop extorting you?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    6. Re:Does this mean that we should rejoice? by sumdumass · · Score: 1

      That is not always possible for everyone. It really is that simple. Sometimes the loss is too valuable. Yes, you should not pay ever in an ideal world. The world isn't always ideal though.

  5. Suitable punishment? by cold+fjord · · Score: 2

    IIRC the last person flogged in the US as sentenced by a court was in the 1950s. It may be time to rethink that for some offenses.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    1. Re:Suitable punishment? by Indigo · · Score: 1

      I've often had that same thought. The trolls would be first (the really nasty ones, I don't mean the app appers dude - that would be silly :-). Then crackers, spammers, and crapware purveyors. "And while I'm dreaming, I'd like a pony..."

    2. Re:Suitable punishment? by Anonymous Coward · · Score: 0

      "IIRC the last person flogged in the US as sentenced by a court was in the 1950s. It may be time to rethink that for some offenses."

      Or just rub some KY Jelly on the bars of soap

    3. Re:Suitable punishment? by drinkypoo · · Score: 1

      IIRC the last person flogged in the US as sentenced by a court was in the 1950s. It may be time to rethink that for some offenses.

      Maybe it's time to reduce corruption and inequity in our government, because they teach people to engage in corruption and to create more inequity in society.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  6. no way of recovering their files? by Anonymous Coward · · Score: 0

    Absolute bullshit! NSA can open them up in less than five minutes

    If this "encryption" is so good, why isn't it being used everywhere?

    1. Re: no way of recovering their files? by Anonymous Coward · · Score: 1

      It is, the encryption used is not home made, it's industry standard AES.

  7. Those guys - by no-body · · Score: 1

    don't they have anything better to do with their lifes than cxreating those crappy situations for others? Petty callus character to host and live with I'd say.

  8. Well all that is why you aren't a prosecutor by Sycraft-fu · · Score: 2

    Because if you'd graduated law school, or just taken a few classes for that matter, you'd know enough to be able to look in to relevant laws and see why your list is a crock that wouldn't hold up.

  9. Didn't stop the Aaron Swartz prosecutors... by tlambert · · Score: 1

    Because if you'd graduated law school, or just taken a few classes for that matter, you'd know enough to be able to look in to relevant laws and see why your list is a crock that wouldn't hold up.

    Didn't stop the Aaron Swartz prosecutors... did it?

    The point is to engage in malicious prosecution when some asshole intentionally destroys information that could have recovered people's data.

    In point of fact, you don't really want it to hold up; you want to settle for a fine, the amount to be determined by whether they actually destroyed the data, or just are saying they destroyed the data because it would be a royal pain in the ass for them to recover it. The difference in the fine should reflect *how much of a pain in the ass* it would be to recover the data and make it available, plus $1.

    Then you gag order it, and announce "they settled for an undisclosed amount". This could be the classic "$1 and other valuable considerations", with said considerations being "helped recover everyones data that could be recovered".

    And in the process, you scare the shit of the next company who's informed that their storage is being used like this, and instead of destroying the data, they just offline it so the bad guys can no longer get to it, but the good guys can. It's not like a 3TB disk -- and it was likely not that much data -- would have cost them more than $100, and they could have just off-lined all the data for future reference.

    Jesus Christ! Admit deleting it was a stupid thing to do, already!

    It's not like the owners of some data that gets reported the same way in the future might not come back and said "Hey guys, we've just had our account SWAT'ted by an asshole who is trying to destroy our business, here's our credentials, please restore our data! Thanks!".

    Right now, if they *aren't* somehow publicly humiliated for the deletion, it opens the gate for anyone who wants to *really* fuck over *any* business that happens to be using cloud storage at a hosting service, just by lying about what the cloud is being used for, and having the service *fucking* delete all their data.

    1. Re:Didn't stop the Aaron Swartz prosecutors... by Anonymous Coward · · Score: 0

      > Didn't stop the Aaron Swartz prosecutors... did it?

      Aaron Swartz was a pretty unusual case. He illegally hid his download server in an MIT wiring closet, he kept overwhelming MIT's connections to JSTOR and causing JSTOR to flake out, dealing considerable and much more measurable damage to thousands of people's work, and he ws trying to steal *all of JSTOR*, especially the indexes and cross-references that make JSTOR useful. That's not "I've got a lame-ass pirace server", that's I'm doing measurable damage against clearly identifiable targets", and moves it from civil lawsuits to felonies by virtue of its scale.

      And just think: if Aaron had been convicted instead of whinging "oh, poor nerdy white boy me, I might *suffer* from a *felony*, boo-hoo, boo-hoo", It would have helped set some standards in court for computer piracy. But no, he took the cheap and easy way out, just like he did with his software and his politics. "Poor, poor me, with my Facebook money and my parental support and my Harvard job and status: I *suffer* so much I have to socially protest by screw with the work of thousands of other people. Sniff, sniff, I cannot take a single piece of computer cable and run my server in my office where I have free access. No, I have to sneak into someone else's campus, screw with *their* services, and hold forth on how "information should be free" while I steal Terabytes of other people's hard work".

      The boy needed some jail time to get out of the ivory tower and get a serious reality check.

    2. Re:Didn't stop the Aaron Swartz prosecutors... by tlambert · · Score: 1

      Aaron Swartz was a pretty unusual case. He illegally hid his download server in an MIT wiring closet, he kept overwhelming MIT's connections to JSTOR and causing JSTOR to flake out, dealing considerable and much more measurable damage to thousands of people's work,

      That was arguably a problem. Like the original Morris worm, having a bug in the code making it go runaway to the point of a denial of service is problematic; would you feel that it was still a problem if the approach did not have this bug?

      Given that this was arguably an analogous bug, with similar impact, and the Morris penalty was 3 years of probation, 400 hours of community service, and a $10,500 fine ... would you have been seeking the same penalty against Swartz, instead of the absurd penalty they were going for, to force a plea?

      and he ws trying to steal *all of JSTOR*, especially the indexes and cross-references that make JSTOR useful.

      Well, he was trying to copy it. Not steal it. JSTOR would still have had use of the information themselves, so it's not like he was depriving them of the data. Unlike in the sase of the ransomware, where the victims were deprives of the data, and the hosting provider deleted the recovery keys, making the deprivation permanent instead of temporary.

      [...] and hold forth on how "information should be free" while I steal Terabytes of other people's hard work".

      Practically speaking, JSTOR stole the results of publicly funded research and hid it behind a paywall. While it's arguable that JSTOR also contains work that was not publicly funded, to the extent it was publicly funded, the information belongs in the commons, and not to JSTOR, and any member of the public had rights to the data.

      So again: would you feel that it was still a problem if the approach did not have the denial of service bug, and assuming he only grabbed the information that was derived via the support of public money?

  10. open-source ransomware code? by tetraverse · · Score: 1

    How does this open-source ransomware code get onto your computer without the end-user explicitly visiting a malicious website, downloading and installing the malware.

  11. Lesson learned? by Anonymous Coward · · Score: 0

    All the data has been deleted from the servers, there's no backup, the backdoor account is useless, and victims have no way of recovering their files.

    Sounds really rough but I hope this serves as a much needed wake up call that this is a serious issue that needs to be addressed post haste.

  12. C&C Servers used for hosts file blocks are by Anonymous Coward · · Score: 0

    kano.freevar.com
    freevar.com

    * HOWEVER - they've been "shut down" as of the time I am writing this - but that also MAY mean they won't STAY "shut down" either if the maker of this thing decides to resurrect it (note I even blocked the free hoster domain in the latter one, as they're obviously being taken advantage of for creation of bogus machinations such as this file-encryptor type...)

    APK

    P.S.=> Of course, I already had them blocked LONG ago via this courtesy of "yours truly" -> APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.start64.com/index.p... which gives you more speed, security, reliability, + anonymity than ANY other single "so-called 'solution'" there is, bar-none using what you already have natively built-in to your IP stack operating in kernelmode (vs. slower usermode) doing FAR more for FAR less resources consumed & moving parts complexity + room for breakdown or exploitation... apk