Jigsaw Ransomware Deletes Your Files If You Don't Pay Or When You Reboot Your PC

An anonymous reader writes: Researchers found a new ransomware yesterday called Jigsaw which will first lock your files and ask for a 0.4 Bitcoin ($150 USD) payment. If users don't pay, every hour the ransomware deletes your files. If the user restarts their PC, the ransomware also deletes 1,000 more files. The good news is there's a free Decrypter available to unlock the ransomware. The Decrypter was built by Michael Gillespie, who announced yesterday on Softpedia the ID Ransomware service, which tells infected victims what kind of ransomware infection they have by allowing them to upload an encrypted file and the ransom note.

Turn back the clock

I have to wonder what would happen if you just kept turning the clock back on your computer every 45 minutes... I guess it depends on how lazy the programmer was.

Anecdote: I recently had a WIndows Auto-update give me the choice between now and in 10 minutes for an update. I wanted to watch a movie online so I set the clock back serveral hours.

Re:Turn back the clock

[Dutch+Gun]

Well, no need for that, as you can just kill the processes directly. This is amateur hour stuff if it can be decrypted locally with a simple utility, and apparently doesn't take any steps to prevent its own process from being viewed and killed.

Sadly, it doesn't take a genius programmer to grab an existing exploit kit and throw together some half-assed shit like this that still does some real harm to people. As always, it's far easier to destroy than to create.

Re:Turn back the clock

give me the choice between now and in 10 minutes for an update.

Funny how Windows users have such an obviously adversarial relationship with the OS (this isn't about good-vs-bad or proprietary-vs-closed; it's simply about us-vs-them) and yet they still use words like "give" and "choice" whenever they talk about how their boyfriend beat them up.

You people.

Re:Turn back the clock

[jetkust]

So you're saying you're NOT supposed to have to trick an operating system into allowing you to use it?

Re:Turn back the clock

[jouassou]

Alternatively... Just pull the power plug instead of shutting down 'nicely', and it shouldn't have any opportunity to delete your files. Don't reboot into the harddrive, but boot from a livecd, and try decrypting the contents from there.

Re:Turn back the clock

[ArsenneLupin]

Don't reboot into the harddrive, but boot from a livecd, and try decrypting the contents from there.

User who know what a LiveCD is probably don't fall for such ransomware themselves.

At best, they are called by a friend or family member who did fall for it, but in that case, chances are said friend or family member already "cleanly" shut down their computer ("hey, I had documents open on which I worked all afternoon, I had to save them, didn't want to lose that work"), or even rebooted it once or twice ("if I call Peter right now, he'll again scold me for being so careless about opening attachments, better try to fix it myself, I can always call him later")

Re: Turn back the clock

How high do you put the bar for "no hiccups"?

Just today, I had to - AGAIN - hide nagware update 2952664 on Windows 7. Windows seems to "forget" that it was hidden every single time it downloads new updates.

One missing detail

[techno-vampire]

It's not mentioned in the summary, but if you take the time to RTFA (Yes, I know this is Slashdot, but still...) you'll find that this is Windows specific. That's not to say that an infection can't be devastating, or that people using Windows deserve what they get, it's just making note of the fact that those of us who don't use Windows don't need to worry about it.

Re:One missing detail

it's just making note of the fact that those of us who don't use Windows don't need to worry about it.

For now.

Re:One missing detail

[The+MAZZTer]

Windows is targeted because that is what everyone uses. If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!

Re:One missing detail

[drinkypoo]

If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!

If everyone used everything else, we'd only have women in tech articles to complain about

Re: One missing detail

There's no reason why you couldn't do the same thing on Mac, Linux or BSD.

Re:One missing detail

[caino59]

A great point to make.
Remember everyone: Windows is always bad. Don't worry about your poor security habits - you're probably fine.

Re:One missing detail

[Bing+Tsher+E]

It's simpler than that:

If everyone used everything else, it would all be used up.

Re:One missing detail

Windows is targeted because that is what everyone uses. If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!

Dude it's the year 2016, "everyone" has a droid/ios phone and tablet.
Some of those people have PC's too and some of those PC's run windows.

Re:One missing detail

[Applehu+Akbar]

"...you'll find that this is Windows specific"

Many of the ransomware schemes, especially the ones aimed ta corporate users, use social engineering to trick users into clicking on a software install request and then giving specific permission to run the program. These techniques are applicable on any platform.

Re:One missing detail

[techno-vampire]

These techniques are applicable on any platform.

That's very, very true. And, I'm sure that a similar piece of malware that was designed to run on Linux would work, although I'm not sure if it would have access to the system files. (That depends on how it was written and what other security measures were on the target system.) My point was simply that this specific example was written with Windows in mind, probably because the potential number of targets is so large.

Re:One missing detail

If you look at the video, this malware isn't going after system files. It is ONLY going after the users files. It makes sense to target user accessible files since those are the ones the user is going to be concerned with. The exact same attack would work in exactly the same way on a Linux based system. Trick the user into executing something, then do your thing.

Re:One missing detail

I have a phone that runs Windows you insensitive clod.

Re:One missing detail

[Mictester]

These techniques are applicable on any platform

That just isn't the case. Users don't have the rights to install and execute additional software on Linux or (real) BSD (not Mac). Windows, by comparison, doesn't have any proper, rigorously enforced, permissions structure, so it's trivially easy to install and execute malicious code - often without user intervention.

The actual reason that Windows is the only target for ransomware is that the attacks are possible and Windows (l)users are generally technically naive - which is why they still use Windows!

"Jigsaw" is obviously just a "proof of concept" - the Real Version(TM) will be along shortly, which will be delivered by a drive-by exploit on a few vulnerable, but heavy traffic, websites, won't require (l)user intervention to install it, won't have a trivial decryption solution and will force the user to pay for decryption very quickly, before their files are not just encrypted, but deleted permanently.

Re:One missing detail

[stealth_finger]

My point was simply that this specific example was written with Windows in mind, probably because the potential number of targets is so large.

Well, yeah. Macs were never virus proof there were just too few to bother targeting.

Re:One missing detail

Same. And it is claimed by practically all reviewers as most secure mobile OS.

Re: One missing detail

"Well, yeah. Macs were never virus proof there were just too few to bother targeting."

Not true of course, but even if it were, that would be a good reason to use Macs.

Re: One missing detail

There's no reason why you couldn't do the same thing on Mac, Linux or BSD.

No, none at all, assuming you can steal the signing key and hijack the repos.

Re:One missing detail

Social engineering is a lot harder, when it needs to include instructions on how to chmod 755 $HOME/Downloads/malware, and then execute $HOME/Downloads/malware because $HOME/Downloads is not in $PATH.

Re:One missing detail

If you look at the video, this malware isn't going after system files. It is ONLY going after the users files. It makes sense to target user accessible files since those are the ones the user is going to be concerned with. The exact same attack would work in exactly the same way on a Linux based system. Trick the user into executing something, then do your thing.

Selinux might protect that, if it was actually configured fully correctly. Of course, I can't imagine that would happen, but if a program always stored its data to /home///

and the selinux permissions were all setup correctly, then in theory the program could only nuke its own files.

Does anyone have such a setup with selinux? If you added /home// as the real folder the user normally sees and had the operating system create symbolic links back to where data is really stored, it might work, well provided you never needed to open a file in a different application than the one that saved it. Once that occurs you have to open the ruleset some. In other words, any program that can open text files can modify text files and so on. Then again, the truly paranoid could integrate git or similar into the OS level and have all file changes and modifications tracked and undoable so even a rogue program could not do anything unfixable. That would have a lot of overhead, but it could work on today's systems. Needless to say, very few programs would be allowed to touch system files.

Re:One missing detail

Users don't have the rights to install and execute additional software on Linux or (real) BSD (not Mac).

Incorrect. They don't have the rights to install software system-wide, but unless you have /home mounted noexec, they can still install under $HOME/bin.

Re:One missing detail

[Grishnakh]

That just isn't the case. Users don't have the rights to install and execute additional software on Linux or (real) BSD (not Mac).

WTF? Have you ever used Linux?

Here's a hint: type Alt-F2, type "bash" there, and open a shell. Now, type "vi kill_my_files.sh", then type "a rm -rf / :wq!". Then, type "chmod 755 kill_my_files.sh". There, you've now created "additional software"! Now, execute it by typing "./kill_my_files.sh". Voila! You've executed it! And your files are all gone too!

The only thing regular users can't do on Linux is *install* software system-wide so that other users can run it. Who cares? You don't need to do that to run nefarious software.

Re:One missing detail

[Grishnakh]

Whoops, I forgot you have to type <ESC&gt, as so: "a rm -rf / <ESC> :wq!"

Re:One missing detail

You realise those instructions won't work, right?

There's 2 significant errors in them.

Back up your computer to an external drive

Problem solved. Do it every week, or as often as needed.

Re:Back up your computer to an external drive

Yes, exactly. Ransomware seems like it should be a non-issue for anyone with half a brain cell.

One little flaw

[Calydor]

What does someone like me that never jumped on the Bitcoin hype do? Just write the computer off as a lost cause?

Re:One little flaw

[chuckugly]

Restore from backups

Re:One little flaw

all computers should be treated as a lost cause. To do anything else is foolish.

Re: One little flaw

Most ransomware these days comes with instructions, one of them is where to buy bit coin.

Re:One little flaw

[suupaabaka]

It's a sly scheme to improve Bitcoin uptake.

Re: One little flaw

[Pseudonym]

Do they give you instructions about where you can get bitcoin in less than an hour no matter where you live?

Re: One little flaw

[Fwipp]

https://www.youtube.com/watch?...

Re: One little flaw

Or demonize encryption. There's been a weird uptake in these attacks recently.

Looks like our favourite american terrorist organisation to me.

Re:One little flaw

[thegarbz]

What does someone like me that never jumped on the Bitcoin hype do? Just write the computer off as a lost cause?

Same thing as someone with bitcoins? Format the PC, reinstall your software, and reload all your data from your backups.

You do have daily backups don't you?

Re: One little flaw

Yes, they actually do. If you have internet connection and a credit card I suspect most anyone could get it in less then an hour

I give it a month

[liqu1d]

Before they start preventing downloads/disabling USB and allowing access to any website other than Bitcoin buying and their payment page.

Re:I give it a month

[wbr1]

That would be useless. Any tech worth his salt is going to pull the drive from its running environment first thing for any ransomware infection. Either by booting to a USB environment (good luck disabling that), or physical removal. Hell in our shop I have a custom built storage server simply to image any jobs that come in the shop, ransomware included. The only exception are drives that have failed to badly to image.

Re:I give it a month

Look closely, it is only going after the users files. It does not have admin, therefore it can't disable usb, block access to websites ... If it starts popping UAC, less people are going to get infected. People are finally starting to learn that if the UAC pops up when they are not expecting it, they might want to look and see why it is popping up.

Re:I give it a month

[Sprite_tm]

Mmm, I'm wondering how long it'll take before some kind of malware keeps its keys in-memory, so when you shut down the PC or kill the process the entire HD gets un-decryptable...

Saw?

[suupaabaka]

Is this ransomware named after the antagonist in the movie "Saw"?

If so, maybe we're seeing a new trend of naming viruses after movie villains, and they might even share some characteristics!

I'm hanging out for the Mugatu virus.

It's time to kill Bitcoin.

It's time to kill Bitcoin.
Kill it dead.
Shut down all Bitcoin ATM's - use hammers, thermite or whatever is appropriate.
Make it a felony to mine Bitcoin.
Make it a felony to use Bitcoin in any transaction.
It's sort of like nuclear weapons - everybody wants one but nobody should have one.

Re:It's time to kill Bitcoin.

[sims+2]

Bitcoin... That's sounds an awful lot like cash. Cash is by far the preferred choice of payment by criminals worldwide should we ban that too?

Re:It's time to kill Bitcoin.

[Applehu+Akbar]

"Cash is by far the preferred choice of payment by criminals worldwide should we ban that too?"

Has there ever been a single instance in the wild of ransomware for cash? Kidnapping for ransom died out in the US because of the increasing difficulty of making a cash drop. I predict that we are about to see kidnapping come back into style, for Bitcoin.

Re:It's time to kill Bitcoin.

[Jeremi]

Cash is by far the preferred choice of payment by criminals worldwide should we ban that too?

At some point, that will probably happen.

Re:It's time to kill Bitcoin.

[mrbester]

It's called a mugging "Give me cash or I delete your kidney"

Re:It's time to kill Bitcoin.

[William+Baric]

Mugging is an extremely dangerous business. Ransomware is mostly safe.

Re:It's time to kill Bitcoin.

[moeinvt]

TPTB are working on it right now. Mario Draghi of the ECB is advocating the discontinuation of the 500 Euro note and economists like Larry Summers in the USA want to ban the $100 bill. There is also talk of banning all large cash transactions. Government obviously wants to track ALL of your financial activity.

The bankers want to ban cash so they can set a negative interest rate. People will have to pay to keep their money in a bank, and without cash, there will be no recourse. They also want deposits to be treated like any other liability for the financial institutions. Liabilities that can be "restructured" in the event of the company filing for bankruptcy. i.e. the bank takes your money and gives you shares of stock in a new "recapitalized" bank.

We can't allow that to happen. Use cash!

Poor fucking users

[roman_mir]

Some people are true assholes, poor fucking users who run into this. Imagine what will happen in the future, with self driving cars and somebody figuring out a way to take over and not let you out of the car until you pay, but if you don't pay within a time limit they will crash your car, drive it off a cliff or something...

Security needs to become part of culture, but with people sharing every bit of their lives on sites like FB, etc., with people not caring about NSA stealing their data... I don't know, there will be deaths because of this eventually. System security has to become central when relying on more and more computers and robots, drones, it has to be done.

Re:Poor fucking users

[subanark]

The bigger the crime, the more resources will be thrown by companies, individuals, police, government to stop it. Many "smart" criminals will avoid killing as it draws a lot of heat. E.g. if your in a big city and someone steals your phone, good luck getting the cops to do more than note it down. However, if someone steals a phone and kills the victim, you can expect a full crime scene, and lab work to be done.

Hacking cars with the intent to hurt (or make it appear so) will get the interest of the US government, and it doesn't matter what country you hide out in. The military will hunt you down and take you out.

Re: Poor fucking users

The people deploying ransomware are assholes. This is a particularly asshole move. They deserve no sympathy at all. Unfortunately, lots of people don't agree with you. I've suggested many times that ransomware authors and the criminals who deploy ransomware deserve to be executed. Exploiting users in this manner is awful and there is no defense for such behavior. However, every time I suggest that ransomware criminals deserve to die for their crimes, Slashdot users rush to the defense of the criminals and tell me I'm wrong. Why do so many Slashdot users defend ransomware criminals?

Re:Poor fucking users

Pss. don't ruin the plot ! Next you say climate change is real and we are doomed if we don't act now ! No spoilers please.

The world

Re:Poor fucking users

Why should it be the business's responsibility to have to be the place where the buck stops with security? If the biggest, most well-heeled companies in the world with the best, most start of the art security (be it SOCs, NOCs, people who are the best globally, the best gear out there) get compromised, then what can most people do?

The responsibility for security belongs to the buyer. Would you blame Master Lock because someone bought a $3.00 suitcase padlock, used it on an armory locker, then blame the lock maker because it was broken? Would you blame the maker of a Wal-Mart gun safe because it was used instead of a TL-30 x 6 to store a jewelry shop's merchandise?

Responsibility for security begins with the user. If FB leaks data, do the American way, and take your business elsewhere. Don't pile on expectations of security onto a company unless you are willing to pay for ongoing upkeep of products. There is no precedent that a company has to keep updating their products once sold, so if security is wanted, people need to pay for the cost of maintenance.

Re:Poor fucking users

But what happens if the people are overseas in some country that isn't buddy-buddies with the US? There are no consequences to actions, even if it results in large amounts of loss of life if one is in a country without an extradition treaty.

As for the military, dropping Hellfires in some third world camel camp is one thing. Try doing that in a developed country, and that will be an act of war.

Re:Poor fucking users

[WinstonWolfIT]

you're

Re:Poor fucking users

[roman_mir]

I didn't shift responsibility to businesses, where did you read that? I said that all people need to understand that system security should be part of the core functionality, the push for security has to come from all sides, it cannot be only businesses if the users don't care and it cannot be just users if businesses are not listening.

Re: Poor fucking users

[ArsenneLupin]

Why do so many Slashdot users defend ransomware criminals?

Maybe because they only attack Windows users? Just consider it as cheap education...

Re:Poor fucking users

But what happens if the people are overseas in some country that isn't buddy-buddies with the US?

Or Muslims, who see killing as an advantage

Re:Poor fucking users

[dave420]

A quick lesson in the hopes of saving you from embarrassing yourself: Muslims have their own opinions, in precisely the same way non-Muslims do. Logic is your friend.

Kill the Hackers

It's time to kill hackers.
Kill them dead.
Shut down the hacker forums - use hammers, thermite or whatever is appropriate.
Make it a felony to mine Hack.

I'm serious.

If I lost files due to something like this and was able to find the retard who is holding my PC hostage, I'd gladly douse him in gasoline and watch him burn to death. Wouldn't even pee on him.

Re: Kill the Hackers

What if it turned out to be your parents??

Dun dun dunnnnn!!!

payback

[supernova87a]

When someone finally finds the people who write and extort with this kind of ransomware, they should slowly and painfully delete body parts one by one until they pay up...

Re:payback

I'm not a violent man but I get this sentiment. A year ago, my son innocently downloaded a (bogus) Java update and we were infected with a ransomware that encrypted all the files on the drive (we didn't pay btw). I was livid. The worst loss was all the special school work he had been doing that day and the day before. There was no backup of that and that stuff was a total loss (fortunately the teacher understood and was kind). I felt for my son who had spent hours and hours on the project. If you had given me the address of the hackers on that day, I would have hunted them down and strung them up in the public square by their balls.

Re:payback

Vengeance is not the answer. As a parent, you should know that.

Re:payback

Vengeance is not the answer. As a parent, you should know that.

Vengeance is simply social feedback, cause and effect. When appropriate consequence is removed from actions people will continue to be monsters and become even worse. IF you were a parent of an infant/young child at any point you should definitely KNOW this.

Humans are NOT rational creatures, we are emotional predators who are capable of learning reason to some degree but usually only to use it to serve our emotional selfish desires. Yes, some people are less predator and more rational than others, I like to think I am, but more than enough are not that they must be dealt with in whatever way works to make them listen.

Re:payback

[laurencetux]

no no no

what any God Father knows is you don't do the deed yourself you simply make it know that it would be nice if X happened to Y.

and what you do is remove the bits needed to pass on their genes and "pleasure" a woman.

oh and on a more serious note Ninite Pro is cheap at US$20.00 a month and you can take care of your whole Family in the process.

Re:payback

[cdrudge]

If you had given me the address of the hackers on that day, I would have hunted them down and strung them up in the public square by their balls.

and what you do is remove the bits needed to pass on their genes and "pleasure" a woman.

Now I do admit that I've never been strung up by my balls, but I'd imagine that if you strung them up tight enough, long enough, you'd still accomplish the same goal of preventing them from passing on their genetic material and pleasing a woman.

Re:payback

[Grishnakh]

Actually, it is. It's part of a feedback cycle, and it keeps people from acting badly. If you do something to harm someone else, they (or their friends, family, etc., or these days the government on their behalf) will come find you, and then punish you to make an example out of you. In the future, people contemplating that action will think twice about it because they want to avoid that fate, and the person who did it the first time won't do it again.

Re:payback

[flightmaker]

A good suggestion I heard lately is that we should hunt these arseholes down, along with any other scammers and parasites trying to trick hard working people out of their money, and terrorists, put them at the bottom of a nice deep salt or phosphate mine, and enrol them on therapeutic drugs trials for the rest of their miserable lives. That way they can pay back some of the misery they have brought on society.

Choice of OS

[DaMattster]

This might be a good time for Windows users to discover an open source operating system. I use OpenBSD on all of my systems and I am not vulnerable to shit like this.

Re:Choice of OS

[layingMantis]

This might be a good time for Windows users to discover an open source operating system. I use OpenBSD on all of my systems and I am not vulnerable to shit like this.

This might be a good time for Windows users to discover an operating system that nobody uses and doesn't get attention from exploiters. -fixed that for you.

Re:Choice of OS

[Mictester]

This might be a good time for Windows users to discover an operating system that nobody uses and doesn't get attention from exploiters. -fixed that for you.

...and the reason that Windows is targeted is simply because this type of attack is possible not because of its' seeming ubiquity. Also, the "operating system that nobody uses" is actually the OS that runs the internet, powers your phone, runs your TV, router and even your washing machine.

Windows is just a poor proprietary client for a Linux world

Re:Choice of OS

[robmv]

There could be a little truth in that, but no OS make the same mistake of letting the sender of a file decides what is executable or not (sender call it .exe or .scr and it is executable). Only Windows allow the sender to define what icon will be show for a file (sender embed a Word document icon to an executable and that is shown).

There are many ways to make phishing at non Windows users, but then some kind of vulnerability must be used (when opening a document), not a simple stupid trick of sending an executable and people confusing it for other thing. I think the most common one

Re:Choice of OS

OpenBSD consumer hardware support is utter shit and it takes forever to adopt new technology. Sure, there are a lot of servers running it, but it's not meant for multi-purpose desktop use.

Re:Choice of OS

[tlhIngan]

There are many ways to make phishing at non Windows users, but then some kind of vulnerability must be used (when opening a document), not a simple stupid trick of sending an executable and people confusing it for other thing. I think the most common one

Not really. In Linux it's pretty easy to get a random user to run a random script. You just have to tell the user why'd they want to.

Wasn't there recently a case where a botnet was shut down of Linux users? Sure it was only 2000 machines, but still - 2000 people installed it.

The real reason is easy - software piracy. it's why Windows is usually attacked first - it has one of the largest proprietary software bases out there, so there are plenty of people looking for cracks, keygens, and downloads that you could apply a simple downloader wrapper to and infect them. It's easy.

OS X comes next - smaller base, but still, a bunch of people looking to get paid software for free.

Ditto Android, again, lots of people don't want to pay 99 cents for apps, so they pirate it and get all sorts of data stealing crap installed on their phones. Yes, you can stick with Google Play, but some people will just pirate software.

Linux is last, because there isn't that much proprietary software for it right now. There's some, but not much. What usually infects them are pirated Wordpress themes since most Linux installations are server based. But if the popularity of SteamOS and such increases to the point where there's a decent selection of games, expect Linux to be a sharply rising target. (At least, if gamers on Linux are like their Windows counterparts where it's mostly pirated and thus a very handy way to infect a computer).

Drive for storage

So if you keep a second drive just for file storage, couldn't yiu yiu just power down and remove the drive? That would at least keep files safe.
Seriously, who uses C: for file storage?

Ransomware deletes files on Windows PC ..

[khz6955]

"First things first, you'll need to stop the ransomware's processes. Open the Task Manager and look for the firefox.exe and the drpbx.exe processes in order to shut them down"

Re:Ransomware deletes files on Windows PC ..

you can give processes any name you like.... even larrypage.exe if you're trying to shame firefox, mozilla is doing a better job

new hard drive

buying a new SSD for less than $100 and reloading Windows (or, better yet, ubuntu) looks a lot more attractive than dealing with an extortionist

Preparation is the best defense.

I keep data on a second drive which I can easily disconnect if needs be. It is trivially easy for me to just wipe the main hard drive and reinstall my os (and apps), and I do this ever couple of years just to maintain good hygiene.

Needless to say, I also regularly back up important files to disconnected long-term storage.

Everyone should do this. It is in their own best interest to do so.

Re:Preparation is the best defense.

[mlts]

After deciding on different means, since a pull based backup isn't feasible without enterprise backup software, what I do is a dual stage process. First stage, is to have Veeam dump my Windows box to a NAS with RAID 1. Then, the NAS then backs the shares it has to an external HDD. This way, if something destroys a share from a PC, it can be reloaded from the external HDD.

Eventually, I plan to get another NAS whose sole function in life is to store backups (with RAID) from the "front-line" NAS models. Since the backend NAS isn't touching client PCs in any way, shape, or form, it should be fairly resistant to all but the most sophisticated ransomware.

It doesn't hurt to burn critical data to a BD-R drive either.

The solution is pull based backups...

[mlts]

Some variants of ransomware erase backup drives and cloud backups/network shares.

The real way to solve the problem isn't just having more data for ransomware to encrypt or destroy. Work on pull based backups, such as Windows Home Servers, Microsoft DPM, NetBackup, or some other mechanism. Preferably something that can use SSH or an existing known good protocol for security. This way, one of the worst things that malware can do is output garbage and try to fill up the backup server's hard disks with stuff from /dev/urandom. If QNAP or Synology adds deduplicating backups to their units in a way that home users could just "set and forget" until needed, this would be a major step in mitigating ransomware attacks.

Problem is that ransomware preys on the fact that people tend to not bother with backups, and that the backup methods used these days are absolute shit and vulnerable to a "rm -rf". In the past, desktop computers would be backed up to tape, and with basic common sense, setting read only switches and backup rotations, it would be virtually impossible for stashed data to be corrupted. However, with both tape and optical drives not updated to handle modern capacity, coupled with the "just stash it on the cloud", it is no wonder why ransomware has such easy pickings on the home, SOHO, SMB, and even the enterprise level.

As a stopgap, one can always back up to a network share, then have the share backed up, so if the share is trashed, it can be restored. However, the real ideal is pulling data from clients.

Re:The solution is pull based backups...

[lgw]

Some variants of ransomware erase backup drives and cloud backups/network shares.

If it can be overwritten or erased by the live system it's not a backup. RAID is not a backup strategy. Copying files to a share is not a backup strategy.

A duplicate drive sitting on a shelf is a backup strategy. A tape in a box in is a backup strategy. A cloud-based solution that requires some special admin task to delete old backups is a backup strategy.

real way to solve the problem isn't just having more data for ransomware to encrypt or destroy. Work on pull based backups

Indeed.

Re:The solution is pull based backups...

[Tapewolf]

I run Linux, but a piece of ransomware was recently reported that used Java to allow itself to run on multiple platforms. As a result I've invested in an LTO drive since my current backup strategies are based around Dropbox and a monthly snapshot to external disks. Smart ransomware could start chewing up the data slowly and end up in the backups before it was detected.

LTO7 came out recently with a 15TB native capacity. This means that LTO5 drives can had relatively cheaply, which have a 1.5TB capacity per cart and the carts are about £15 each. My core data that needs to be backed up is about 1.6TB but is in two locations so I can use two tapes to cover it all.

The drive wasn't cheap, but some of the data is priceless. With a tape system I can take snapshots each month and keep a few tapes aside as long-term read-only backups, just in case.

Re:The solution is pull based backups...

[Tapewolf]

Oops, LTO7 is 15TB compressed, it's about 6TB raw.

.

Re:The solution is pull based backups...

[mlts]

I think that if the tape makers could make a LTO 7 capacity drive, but have it be able to work on USB 3 without excessive shoe-shining (perhaps adding a fairly large RAM or SSD buffer so a consumer-grade laptop that cannot really handle the sustained I/O of a tape drive would still be able to use the drive.)

This has been done before. I remember many SCSI drives for Macs, and UNIX workstations that just plugged in and worked. With today's technologies like LTFS, it would be even easier. Add WORM tapes (which are about $25 for LTO-6 media), and that would provide a decent barrier against ransomware.

Given the cash, I'd definitely go with a LTO 7 drive. However, the next best thing is probably burning data to Blu-Ray, and finalizing the media, so it cannot be written to after the backup is done.

Re:The solution is pull based backups...

[Tapewolf]

However, the next best thing is probably burning data to Blu-Ray, and finalizing the media, so it cannot be written to after the backup is done.

That was my plan if the LTO plan fell through. However, even with BDXL it would take a lot of disks to back up the main data store.

Re:The solution is pull based backups...

[mlts]

The good thing about CD/DVD/BD technology is that making an autochanger for this technology isn't difficult. Before the move to the iPod, 400+ CD carousel autochangers were commonplace for a couple hundred dollars in people's houses. Each BDXL disk may not hold much, but ~40 TB per carousel isn't too bad, assuming 100 gigs per disk, and a 400 disk pack.

Who actually gets infected by this?

[farmy4700]

Who actually gets infected by this?

Password

Your files are AES encrypted.
There's a free decrypter available for download, which means someone found the key (or the way it is generated).

But the fact that they offer a decrypter without publishing the key (at least I didn't find anything about that, neither on their site nor through Google), makes me lose confidence in that decrypter. Where do you go if THAT turns out to be another trojan?

Decrypter

The good news is there's a free Decrypter available to unlock the ransomware.

I wouldn't use it. You never know what is left of the malware.

Boot from the last known good backup and do a full restore.

Re:Decrypter

[david_thornley]

The Decrypter might recover files that weren't on the last known good backup (which, for the average Windows user, probably is the reinstall media). Save them on something, then do a full install.

This is the dumbest ransomware I've heard of.

Computers reboot themselves with no human intervention. It just going to piss people off and not generate much income. Brilliant idiots.

Autobackup

This is exactly why I run an autobackup of all my files to separate backup files every single night. The most I would ever lose is 24 hours of data.
This is 2016, folks. Ransomware shouldn't even be a blip on anyone radar by now.

Re:Autobackup

[Tapewolf]

This is exactly why I run an autobackup of all my files to separate backup files every single night. The most I would ever lose is 24 hours of data.
This is 2016, folks. Ransomware shouldn't even be a blip on anyone radar by now.

Given that modern ransomware actively seeks out file shares and removable disks to prevent this kind of easy recovery, I'm curious to know what backup mechanism you're using. And also how far back that backup goes. Another strategy these things use (or could potentially use) is to encrypt things slowly over a long period of time so the backups are chewed up as well unless you're regularly taking snapshots onto read-only media or some kind of versioned filesystem.

Hmmm

Sure is convenient that all these ransomware app authors keep making stupid mistakes with crypto, that renders a decrypter tool feasible.

A suspicious mind might wonder if the author of the ransomware and the decrypter are in fact the same person, out to make a name for himself by 'coming to the rescue'.

Holy overrated ramblings batman!

self driving cars and somebody figuring out a way to take over and not let you out of the car until you pay, but if you don't pay within a time limit they will crash your car, drive it off a cliff or something...

That is both paranoid and nonsensical. What good would it to for someone to hijack your car and then destroy it? They've just wasted time and bandwidth at that point. If they're smart enough to get as far as to digitally hijack a car while someone is in it, they would do something smart like drive it into a space where the owner cannot physically climb out - or drop off the owner and then drive it to a chop shop somewhere. Destroying it doesn't get the criminal anything.
 
 

Security needs to become part of culture, but with people sharing every bit of their lives on sites like FB, etc., with people not caring about NSA stealing their data...

That is comical coming from you. You are here day in and day out using Slashdot to recruit for your religious movement. Your identity is well known as you post it in your profile here. Are you just hoping that you will yet somehow succeed in circumventing the US constitution and installing your religious leader as supreme POTUS-for-life and that somehow that will solve all your concerns?

Straightforward

[DrYak]

Here's a hint: type Alt-F2, type "bash" there, and open a shell. Now, type {...}

Such a simple and straightforward procedure !

I wonder why everybody is complaining about Linux being hard to adapt to...

Re:Straightforward

[Grishnakh]

-1 Stupid.

Why aren't you complaining about how Windows is "so hard to adapt to"? After all, to run Excel in Windows, you can type Win+R and type "excel" there.

your WINDOWS PC

Who cares. It's a toy for retards anyway.

Joke explained

[DrYak]

I know that I shouldn't be explaining my joke, but I was sarcastically referring that your "in linux, it's also possible to do lots of dammage without being root" instructions are nearly as complicate as the copy-pasta troll that was once popular on /. about the difficulty to get Quake running with openGL in Linux.
(As opposed to Windows where such breakage happens almost entirely alone, without nearly any user intervention required).

Consider it as a variant of the "Does virus {NAME} runs under Wine? Nope? Exactly what I though: yet another part of the Windows experience we can't join..." joke.