New Ransomware-as-a-Service Speaks To Victims

itwbennett writes: Cerber, a new file-encrypting ransom ware, has a couple of interesting features. First, according to cyber intelligence outfit SenseCy, it is available for sale 'as a service' on a private Russian-language forum, which makes it 'available to low-level criminals who might not have the coding skills or resources to create their own ransom ware,' writes Lucian Constantin. Second, one of the 3 files it drops on a victim's desktop is a VBS (Visual Basic Scripting) file containing text-to-speech code that converts text into an audio message. 'When the above script is executed, your computer will speak a message stating that your computer's files were encrypted and will repeat itself numerous times,' said Lawrence Abrams, administrator of the technical support forum BleepingComputer.com, in a blog post.

thanks slashdot

i posted this and it had a red icon.... and you chose to promote a duplicate to the frontpage that had a blue rating and also attached a CSOOnline link that did nothing than to hop on the work of Lawrence Abrams from Bleeping Computer... fuck off ... stop promoting that CSSOnline shit already.... do you guys have a contract with IDG or something?

Re: Two simple measures...

[mlts]

The problem is that keeping backups is a lot more difficult than it was in the past, when one could buy a tape drive, have it toss files there, physically write protect the cartridge, and keep that in a safe place.

The typical consumer/business backup mechanism is usually either dumping to a file share, dumping to an external HDD, a copy to a cloud drive, or a copy to a cloud provider. All of which ransomware like this can stomp on, just by overwriting/encrypting backups. A cloud provider -might- have some backlevel versions, but they likely might just only have at most 30-90 days worth of files. That SAN with all the replication doesn't do much good, as it will replicate the rm and encrypted files.

The ideal way to combat this is a program running on another machine which pulls the data. Something that runs on another machine and does a function similar to:

ssh foohost ' ( cd /home ; tar cvf - * ) ' | zbackup --password-file ~/mysecret backup /some/fs/zbackup/backups/homedirbackup.tar

Of course, adding date/time variables is left as an exercise to the reader... However, doing this not just ensures that ransomware can't touch the machine where the backups are on, but allows files to be backed up as often as one wishes, with only changes being saved. This is the only real defense to ransomware, and not often done.

On the Windows side, programs to fetch data from clients are expensive (no SSH), the cheapest is probably Windows Server Essentials (descendant of Windows Home Server) which can fetch and store client data.

There's also paper-based ransomware

[penguinoid]

Have you heard about the paper-based ransomware that's been going about the USA? It automatically searches for papers containing images of presidents, and locks them up, preventing you from accessing them. It supposedly offers you a way to unlock them again, but in reality that's just a waste of time. It's called the Civil Asset Forfeiture Trojan, and seems to have infested many government agencies.