Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Ransomware-as-a-Service Speaks To Victims (csoonline.com)

Posted by timothy on from the gps-was-bad-enough dept.

itwbennett writes: Cerber, a new file-encrypting ransom ware, has a couple of interesting features. First, according to cyber intelligence outfit SenseCy, it is available for sale 'as a service' on a private Russian-language forum, which makes it 'available to low-level criminals who might not have the coding skills or resources to create their own ransom ware,' writes Lucian Constantin. Second, one of the 3 files it drops on a victim's desktop is a VBS (Visual Basic Scripting) file containing text-to-speech code that converts text into an audio message. 'When the above script is executed, your computer will speak a message stating that your computer's files were encrypted and will repeat itself numerous times,' said Lawrence Abrams, administrator of the technical support forum BleepingComputer.com, in a blog post.

1 of 40 comments (clear)

  1. Re: Two simple measures... by mlts · · Score: 3, Interesting

    The problem is that keeping backups is a lot more difficult than it was in the past, when one could buy a tape drive, have it toss files there, physically write protect the cartridge, and keep that in a safe place.

    The typical consumer/business backup mechanism is usually either dumping to a file share, dumping to an external HDD, a copy to a cloud drive, or a copy to a cloud provider. All of which ransomware like this can stomp on, just by overwriting/encrypting backups. A cloud provider -might- have some backlevel versions, but they likely might just only have at most 30-90 days worth of files. That SAN with all the replication doesn't do much good, as it will replicate the rm and encrypted files.

    The ideal way to combat this is a program running on another machine which pulls the data. Something that runs on another machine and does a function similar to:

    ssh foohost ' ( cd /home ; tar cvf - * ) ' | zbackup --password-file ~/mysecret backup /some/fs/zbackup/backups/homedirbackup.tar

    Of course, adding date/time variables is left as an exercise to the reader... However, doing this not just ensures that ransomware can't touch the machine where the backups are on, but allows files to be backed up as often as one wishes, with only changes being saved. This is the only real defense to ransomware, and not often done.

    On the Windows side, programs to fetch data from clients are expensive (no SSH), the cheapest is probably Windows Server Essentials (descendant of Windows Home Server) which can fetch and store client data.