Slashdot Mirror
New Ransomware-as-a-Service Speaks To Victims (csoonline.com)
itwbennett writes: Cerber, a new file-encrypting ransom ware, has a couple of interesting features. First, according to cyber intelligence outfit SenseCy, it is available for sale 'as a service' on a private Russian-language forum, which makes it 'available to low-level criminals who might not have the coding skills or resources to create their own ransom ware,' writes Lucian Constantin. Second, one of the 3 files it drops on a victim's desktop is a VBS (Visual Basic Scripting) file containing text-to-speech code that converts text into an audio message. 'When the above script is executed, your computer will speak a message stating that your computer's files were encrypted and will repeat itself numerous times,' said Lawrence Abrams, administrator of the technical support forum BleepingComputer.com, in a blog post.
They basically made Clippy for their ransomware...
It's a friendly thief...
[tap tap] "Hi, I just encrypted all your files and for the low price of $20 I'll give them back to you (we take paypal!)"
Say it isn't so...
"Keep backups" is certainly a solution if done diligently. Of course, it's stating the obvious to say that this is often not the case.
As to suggestion 2 and the response, I realize zillions of small businesses run Windows. We could get into a long discussion about whether they have to do so (my thought is that it's truly necessary only sometimes) but yes, they do, so they better learn good security practices. That's the real solution.
Not so much any more. People are starting to pull away from office, which was the overriding factor for windows, to cloud-based stuff. Don't even use windows for my work machine.
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
i posted this and it had a red icon.... and you chose to promote a duplicate to the frontpage that had a blue rating and also attached a CSOOnline link that did nothing than to hop on the work of Lawrence Abrams from Bleeping Computer... fuck off ... stop promoting that CSSOnline shit already.... do you guys have a contract with IDG or something?
The problem is that keeping backups is a lot more difficult than it was in the past, when one could buy a tape drive, have it toss files there, physically write protect the cartridge, and keep that in a safe place.
The typical consumer/business backup mechanism is usually either dumping to a file share, dumping to an external HDD, a copy to a cloud drive, or a copy to a cloud provider. All of which ransomware like this can stomp on, just by overwriting/encrypting backups. A cloud provider -might- have some backlevel versions, but they likely might just only have at most 30-90 days worth of files. That SAN with all the replication doesn't do much good, as it will replicate the rm and encrypted files.
The ideal way to combat this is a program running on another machine which pulls the data. Something that runs on another machine and does a function similar to:
ssh foohost ' ( cd /home ; tar cvf - * ) ' | zbackup --password-file ~/mysecret backup /some/fs/zbackup/backups/homedirbackup.tar
Of course, adding date/time variables is left as an exercise to the reader... However, doing this not just ensures that ransomware can't touch the machine where the backups are on, but allows files to be backed up as often as one wishes, with only changes being saved. This is the only real defense to ransomware, and not often done.
On the Windows side, programs to fetch data from clients are expensive (no SSH), the cheapest is probably Windows Server Essentials (descendant of Windows Home Server) which can fetch and store client data.
Have you heard about the paper-based ransomware that's been going about the USA? It automatically searches for papers containing images of presidents, and locks them up, preventing you from accessing them. It supposedly offers you a way to unlock them again, but in reality that's just a waste of time. It's called the Civil Asset Forfeiture Trojan, and seems to have infested many government agencies.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
I went into the linked blog post to see what this text-to-speech code (in a vbs script no less!) was all about, and it turns out it's just a couple of lines calling Windows' SpVoice interface. Quite disappointing.
1) Run backups
2) Verify that they are working on a regular basis
3) Stay away from Windows
The second step is the most important. Just having the backup process come back without an error doesn't mean that you are safe. If you can't get your files from a backup then they aren't backed up!
Obviously you haven't heard it enough times, as the correct phrasing "you've got mail" isn't yet etched into your soul.
Nothing is stopping any organization from purchasing physical multi-TB external hard drives and using them like fast, reliable tapes.
By 2016 ALL software should cater to accessibility needs - regardless of its status malware or not.
This only works if the only machine or machines that access the files are infected with the same ransom/malware sharing the same keys.
In a multi-user environment sharing network drives the infected machine may still be able to read the encrypted files but any other machines which have not been simultaneously infected using the same coordinated key (more than likely the case) will immediately run into encrypted files then you have plenty of time to get the data back from backups.
30 to 90 days is plenty. No different than an earlier write protected backup tape in terms of utility forbdata recovery. If you get a crypto virus and wait 30 days before attempting a fix, well, you deserve what you get.
Silence is a state of mime.