Slashdot Mirror

← Back to Stories (view on slashdot.org)

Jigsaw Ransomware Deletes Your Files If You Don't Pay Or When You Reboot Your PC (bleepingcomputer.com)

Posted by BeauHD on from the there's-always-something-to-fear dept.

An anonymous reader writes: Researchers found a new ransomware yesterday called Jigsaw which will first lock your files and ask for a 0.4 Bitcoin ($150 USD) payment. If users don't pay, every hour the ransomware deletes your files. If the user restarts their PC, the ransomware also deletes 1,000 more files. The good news is there's a free Decrypter available to unlock the ransomware. The Decrypter was built by Michael Gillespie, who announced yesterday on Softpedia the ID Ransomware service, which tells infected victims what kind of ransomware infection they have by allowing them to upload an encrypted file and the ransom note.

16 of 108 comments (clear)

  1. Turn back the clock by Anonymous Coward · · Score: 3, Interesting

    I have to wonder what would happen if you just kept turning the clock back on your computer every 45 minutes... I guess it depends on how lazy the programmer was.

    Anecdote: I recently had a WIndows Auto-update give me the choice between now and in 10 minutes for an update. I wanted to watch a movie online so I set the clock back serveral hours.

    1. Re:Turn back the clock by Dutch+Gun · · Score: 2

      Well, no need for that, as you can just kill the processes directly. This is amateur hour stuff if it can be decrypted locally with a simple utility, and apparently doesn't take any steps to prevent its own process from being viewed and killed.

      Sadly, it doesn't take a genius programmer to grab an existing exploit kit and throw together some half-assed shit like this that still does some real harm to people. As always, it's far easier to destroy than to create.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    2. Re:Turn back the clock by ArsenneLupin · · Score: 2

      Don't reboot into the harddrive, but boot from a livecd, and try decrypting the contents from there.

      User who know what a LiveCD is probably don't fall for such ransomware themselves.

      At best, they are called by a friend or family member who did fall for it, but in that case, chances are said friend or family member already "cleanly" shut down their computer ("hey, I had documents open on which I worked all afternoon, I had to save them, didn't want to lose that work"), or even rebooted it once or twice ("if I call Peter right now, he'll again scold me for being so careless about opening attachments, better try to fix it myself, I can always call him later")

  2. Re:One missing detail by Anonymous Coward · · Score: 5, Insightful

    it's just making note of the fact that those of us who don't use Windows don't need to worry about it.

    For now.

  3. Re:One missing detail by drinkypoo · · Score: 2, Insightful

    If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!

    If everyone used everything else, we'd only have women in tech articles to complain about

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. Re:One little flaw by chuckugly · · Score: 4, Insightful

    Restore from backups

  5. Re:One little flaw by Anonymous Coward · · Score: 2, Insightful

    all computers should be treated as a lost cause. To do anything else is foolish.

  6. Poor fucking users by roman_mir · · Score: 5, Insightful

    Some people are true assholes, poor fucking users who run into this. Imagine what will happen in the future, with self driving cars and somebody figuring out a way to take over and not let you out of the car until you pay, but if you don't pay within a time limit they will crash your car, drive it off a cliff or something...

    Security needs to become part of culture, but with people sharing every bit of their lives on sites like FB, etc., with people not caring about NSA stealing their data... I don't know, there will be deaths because of this eventually. System security has to become central when relying on more and more computers and robots, drones, it has to be done.

    --
    You can't handle the truth.
    1. Re:Poor fucking users by subanark · · Score: 2

      The bigger the crime, the more resources will be thrown by companies, individuals, police, government to stop it. Many "smart" criminals will avoid killing as it draws a lot of heat. E.g. if your in a big city and someone steals your phone, good luck getting the cops to do more than note it down. However, if someone steals a phone and kills the victim, you can expect a full crime scene, and lab work to be done.

      Hacking cars with the intent to hurt (or make it appear so) will get the interest of the US government, and it doesn't matter what country you hide out in. The military will hunt you down and take you out.

  7. payback by supernova87a · · Score: 5, Funny

    When someone finally finds the people who write and extort with this kind of ransomware, they should slowly and painfully delete body parts one by one until they pay up...

  8. Re:One little flaw by suupaabaka · · Score: 2

    It's a sly scheme to improve Bitcoin uptake.

  9. Re: One little flaw by Pseudonym · · Score: 2

    Do they give you instructions about where you can get bitcoin in less than an hour no matter where you live?

    --
    sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  10. Re:It's time to kill Bitcoin. by Applehu+Akbar · · Score: 2

    "Cash is by far the preferred choice of payment by criminals worldwide should we ban that too?"

    Has there ever been a single instance in the wild of ransomware for cash? Kidnapping for ransom died out in the US because of the increasing difficulty of making a cash drop. I predict that we are about to see kidnapping come back into style, for Bitcoin.

  11. Re:The solution is pull based backups... by lgw · · Score: 4, Insightful

    Some variants of ransomware erase backup drives and cloud backups/network shares.

    If it can be overwritten or erased by the live system it's not a backup. RAID is not a backup strategy. Copying files to a share is not a backup strategy.

    A duplicate drive sitting on a shelf is a backup strategy. A tape in a box in is a backup strategy. A cloud-based solution that requires some special admin task to delete old backups is a backup strategy.

    real way to solve the problem isn't just having more data for ransomware to encrypt or destroy. Work on pull based backups

    Indeed.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  12. Re:It's time to kill Bitcoin. by moeinvt · · Score: 2

    TPTB are working on it right now. Mario Draghi of the ECB is advocating the discontinuation of the 500 Euro note and economists like Larry Summers in the USA want to ban the $100 bill. There is also talk of banning all large cash transactions. Government obviously wants to track ALL of your financial activity.

    The bankers want to ban cash so they can set a negative interest rate. People will have to pay to keep their money in a bank, and without cash, there will be no recourse. They also want deposits to be treated like any other liability for the financial institutions. Liabilities that can be "restructured" in the event of the company filing for bankruptcy. i.e. the bank takes your money and gives you shares of stock in a new "recapitalized" bank.

    We can't allow that to happen. Use cash!

  13. Re:One missing detail by Grishnakh · · Score: 2

    That just isn't the case. Users don't have the rights to install and execute additional software on Linux or (real) BSD (not Mac).

    WTF? Have you ever used Linux?

    Here's a hint: type Alt-F2, type "bash" there, and open a shell. Now, type "vi kill_my_files.sh", then type "a rm -rf / :wq!". Then, type "chmod 755 kill_my_files.sh". There, you've now created "additional software"! Now, execute it by typing "./kill_my_files.sh". Voila! You've executed it! And your files are all gone too!

    The only thing regular users can't do on Linux is *install* software system-wide so that other users can run it. Who cares? You don't need to do that to run nefarious software.