Slashdot Mirror
93% Of Phishing Emails Are Now Ransomware (csoonline.com)
According to the latest data from security firm PhishMe, 93% of all phishing emails as of the end of March contained encryption ransomware. The numbers underscore a growing trend in the security space as ransomware instances in phishing emails grew up by 56% since December last year. From a report: The anti-phishing vendor also counted the number of different variants of phishing emails that it saw. Ransomware accounted for 51 percent of all variants in March, up from just 29 percent in February and 15 percent in January. The skyrocketing growth is due to that fact that ransomware is getting easier and easier to send and that it offers a quick and easy return on investment. Other types of cyberattacks typically take more work to monetize. Stolen credit card numbers have to be sold and used before the cards are canceled, for example. Identity theft takes even more of a time commitment.
The legal system hasn't caught up with them.
It should be a capital penalty on some of those crimes, especially when it comes to ID theft for profit.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Just click on the following embedded link:
...
I'm scared of my mother calling me one day telling me "I've lost every picture from all my life and a guy is asking me $10K to recover them".
By that point it will be late to tell her "shouldn't have been storing them in a disk permanently attached to your windows laptop".
But I don't know how to stop her. I won't convince her to use linux. I won't manage to teach her not to execute random crap once per year.
Should I trust hard drives to store data for decades?
Yeah, there's a really easy technical solution: stop running Windows!
We don't need any penalties at all for this. If people would stop running Windows, this wouldn't be a problem.
I'm guessing that of that 93% you only have to worry if you're on Windows.
Have good, versioned backups. I like CrashPlan, as one can use it to backup to various destinations, including local systems/disks, remote systems associated with one's account, remote systems belonging to others (so long as they give permission), and for paid users, to the CrashPlan-run storage service.
All backups are encrypted so that the destinations cannot access one's data, it keeps regular versions so one can easily recover from a ransomware (or other) infection that corrupts or destroys files slowly over time, and compresses/deduplicates data to save space. I've used it for years and it's saved my bacon a few times. Their family plans are quite affordable.
(Disclosure: I am a paid CrashPlan user but otherwise have no connection, financial or otherwise, with the service.)
Our suggestion is that they make backups of their valuable data... and since that may not be something they are confident/knowledgable enough to do on their own, if you want to make sure it gets done, you may need to set it up (and occasionally check up on it) yourself.
On Mac, setting up a Time Machine backup drive is pretty trivial to do. For Windows, similar solutions exist. For a laptop, there are solutions that back up data via WiFi, if plugging in an external drive is too much bother. In either case, if you want to be completely safe, you may want to swap out the backup drive with a spare every month or so, to avoid the possibility that the ransomware finds a way to encrypt both the computer's primary drive and its connected backup drive.
Do all that, and the likelihood is that a ransomware attack will require only a reformat and reinstall, followed by a recovery from the latest backup, and only a few hours' worth of data will be lost.
I don't care if it's 90,000 hectares. That lake was not my doing.
One of the problems is jurisdiction. When the police were investigating my identity being stolen (used to open a credit card in my name, not related to phishing/ransomware), they told me that they weren't highly motivated to put in a lot of effort because they'd likely have to hand the case to another department to make the arrest. In their minds, they were asking why do the work when someone else would get the collar. Then there are international cases where the victim is in the US but the phisher is in Ukraine or some other country out of the reach of normal US law enforcement. As long as the phisher doesn't hit too big of a target (e.g. a major US government agency or Fortune 500 company), they will likely fly under the radar of law enforcement and/or pleas to local law enforcement will be made but they will not result in arrests (either due to corruption or lack of interest in pursuing these cases due to the victims being from another country).
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Scammers and fraudsters don't care about operating system, they just want to get your money.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
And if people would stop crossing the street, they wouldn't get run over by a drunk driver. It doesn't make the offender any less guilty for knowingly breaking the law.
The legal system hasn't caught up with them.
It should be a capital penalty on some of those crimes, especially when it comes to ID theft for profit.
Before the terrifying prospect of punishment is going to make a difference you have to first increase the prospect of actually being caught. Otherwise the threat of punishment is just whining.
In the free world the media isn't government run; the government is media run.
VERSIONED BACKUPS! VERSIONED BACKUPS! VERSIONED BACKUPS! Automated, off-site, and with rollback. Hell, carbonite can do this for her.
Silence is a state of mime.
For some people education works. My father called me when "Windows" (not Microsoft) called him telling him he had errors on his system and they wanted to remote in to fix them. I informed him of the scam and he avoided being hooked. (Now he harasses the scammers calling him.)
For others, education doesn't work. My wife's grandmother still clicks on suspicious links in Facebook because "Well, it was on my friend's wall and said I'd get this free stuff so it must be good, right?" This despite a dozen "No it isn't and stop clicking those links" cries from us.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
we cant put as much effort into catching these fraudsters as we put into catching underwear bombers.
The bombers come to you, all you have to do is grab their junk.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
What you you suggest? Everyone one OSx so it becomes the biggest target base so the majority of malware is written for it then we can say that's what you get for using a mac?
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
I'm scared of my mother calling me one day telling me "I've lost every picture from all my life and a guy is asking me $10K to recover them".
By that point it will be late to tell her "shouldn't have been storing them in a disk permanently attached to your windows laptop".
But I don't know how to stop her. I won't convince her to use linux. I won't manage to teach her not to execute random crap once per year.
Should I trust hard drives to store data for decades?
Just go ahead and delete it all now, that way no harm can come to the files.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
This attack is just using tools present on the OS and application, it isn't something that can be patched. Other OSes and applications offer similar capabilities. The old "download this app/codec/message" tactic is platform-independent.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Windows has nothing to do with the problem other than being the prevalent OS. Windows had UAC which should help prevent these types of issues but rabsomeware operates on the user's directories so it has permission to modify files. Mac OSx would allow the same. Linux also... You don't need root to house up a user's files.
The basic problem is that you can't fix stupid.
There are various approaches like application control for this, or disabling macros in Office. The problem is, the same path is used for legitimate purposes and breaking it is problematic.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
we cant put as much effort into catching these fraudsters as we put into catching underwear bombers.
But there have been more of the fraudsters caught than the TSA has caught underwear bombers. So at least the effort has been more effective.
Or technology. Ransomware doesn't need admin privs to be effective, all it needs to do is encrypt every file you have write access to. It will work just as well on Linux(*) as on Windows.
* Excepting possibly an isolation system like QubesOS, again excepting VM escape exploits.
If I have been able to see further than others, it is because I bought a pair of binoculars.
Tell her now, with current news articles in hand, that this is the risk you run by using Windows. If she won't listen and move to Linux, then too bad: she was warned.
I had the same problem with my father.
What I did was to arrange for all his files to be rsynced daily to one of my servers, which in its turn was backed up nightly.
We had a couple of instances of him accidentally deleting stuff and I was able to restore it for him easily. Happily he never got hit with any malicious software - not after I weaned him of Windows anyway.
And the backup needs to be done in a way that guarantees profilaxis from the ransomware.
I think from now on, when visiting parents and sisters I'll bring a usb bootable linux and a hard drive that I'll take back with me.
I predict much debate over what's "Important to keep".
The trouble with that is, after remembering a couple of times the job will then be forgotten.
Whatever it is, it has to be automated.
And the lack of penalties as well. If the risk of stealing would mean that you lost your head literally you would be a lot more careful.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Unix systems (Linux, OSX, etc.) are much more secure and require direct user intervention before much damage can be done. That's why you only see these infections on Windows. Really, Windows is a security nightmare and can't be fixed.
I don't read your sig. Why are you reading mine?
Seriously?
If anything, it would be easier to encrypt files in Linux because the attackers don't need to bring all the tools with them.
If everyone running Windows today switched to Linux, you can bet that the malware people would rejoice since the very utilitarian nature of Linux would then be working in their favor.
My eyes reflect the stars and a smile lights up my face.
Make the punishment for considering thinking about aiding in any kind of computer crime an offense that gets as the ONLY and MANDATORY kind of punishment being hung, drawn and quartered live on national TV. And you will not even see a dent in those statistics.
Why?
Because people who live in a country the name of which ends in -stan don't give half a shit about what laws your country has.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Nope. Works just as fine in Linux or Mac.
Why?
For the same reason it works so great on Windows. You need the permissions of the current user to manipulate (read: encrypt) all his files. Anything beyond, like wedging a resident part into your boot routine, is just icing on the cake, but not really mandatory for the attack to succeed.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
They could quite literally replace their comparably huge payloads with a very small script...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Nope. A lack of a chance of being caught is the problem. Not the punishment afterwards.
There are crimes that are virtually unheard of. Despite carrying rather minor penalties. How many people do you see jaywalking in the vicinity of areas with a lot of police presence? The penalty isn't that crippling, but it's almost certain that you will get caught and it's just not worth it. Same for speeding in areas where you KNOW that there is either a police presence or a radar box waiting for you.
Now compare this to the penalties in copyright infringement. We're talking about millions and billions being sought by companies from people who could not even pay a few thousands. Does that mean that there is nobody using torrents anymore?
Ask your favorite ISP if you don't know the answer.
If you want to deter people, increase the likelihood of getting caught. Nobody gives a shit about the most insane punishment if the chance to get caught is zilch.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Are you honestly complaining that they noticed that nobody falls for 419 scams and penis enlargement anymore and instead of wanting a government bailout to prop up their failed business they went to a more profitable venue?
What is wrong with you, are you commies or what?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
We don't need any penalties at all for this. If people would stop running Windows, this wouldn't be a problem.
No. Phishing is operating system agnostic. You can receive fake emails on linux (I get them almost every day), windows, osx, ios, Android, etc. Every operating system has email clients that allow you to click on links in an email to be lured to a fake website, or reply to emails with personal information.
The problem is, the ransomware emails are not phishing. They are simply booby-trapped email. Phishing means you are trying to hook a victim into revealing usable information by either replying to the email ("Pleas send bacnk account number and routing to collect the $24 million you have won...") or log into a fake website ("Your account will be deactivated unless you log in here and reset your password now.")
Simply sending a virus or malware by email is not phishing. Yes, eliminating "Windows" will stop all the current Window-oriented malware, but it will only be replaced by whatever the replacement OS is.
Imagine an external drive connected to the laptop/PC via USB (Thunderbolt, etc). Minimum double bay set at RAID-1. Owner can read and write to the drive. Attempts to delete or modify files or folders on the drive will fail though. A physical, hardware lock needs to be "turned" to enable that capability.
This would prevent ransomware (of that drive's data anyways). It would also help prevent accidental deletes of files.
Does such a unicorn exist? I'm not looking for some half-baked alternative.
I'm scared of my mother calling me one day telling me "I've lost every picture from all my life and a guy is asking me $10K to recover them".
Yup, this is a real, justified fear.
It's wise to not attempt to switch her to Linux -- she'd probably fight that (it's too different for most people without any real benefits for what they do), and it's not really a solution to the problem anyways.
Probably the best answer to this is to buy her a big USB hard drive and set up some sort of backup that she can run just by clicking on something, and drill into her head how important it is to 1) do the backup occasionally. and 2) leave the drive off when you're not doing backups.
Ransomware isn't the only concern. Hard drive failure and software crashes that erase the disk are others.
Alas, often it's only an actual loss of files that convinces people to take backups seriously -- and it's unethical at best to *fake* a loss of files (and then recover them all because you got "really lucky") so that's not really an option unless you're dishonest.
If you see her often and she doesn't mind, you could do the backups yourself and keep the drive yourself -- that way, when she calls you, you just say "That sucks! Fortunately, I backed up all your stuff last week ..."
Carbonite.
Yeah, I could manually back up everything onto a separate hard drive every month or something, but Carbonite (and similar backup solutions which I'm sure exist) you just install it, and everything's backed up continuously. With versioning, even, so you can get last week's version back if you get cryptowalled.
It's not the most elegant and techy solution, but it's a 'fire and forget' solution that just works.
If the virus will be able to penetrate their [Windows] system, they can quickly gain access to important parts of the system. On the other hand, in Linux, they have a lower access rights, and, theoretically, the virus can only access local files and folders, the system will remain safe.
Data is more imortant than the system - the system can be restored. We are talking about data encryption here.
They'd still need to get their key on the target machine so they'd still need more than just a script.... but once they did...call up gpg using THEIR gpgdir. Probably something like this, but most likely my syntax is wrong:
for x in *; do
gpg --homedir rodinamafiyaphishgpg -r rodinamafiyaphishgpg@yandex.ru --passphrase correcthorsebatterystaple -o $x.pgp -e $x
done
Apparently many of these malwares also encrypt data on attached volumes like Windows shares and the like. It seems to me that the best approach is a 'pull' solution, where Mom keeps her photos in a place that's shared on her network, and then another machine does periodic backups of that share. Mom's computer doesn't have write access to the pulling machine, in fact doesn't even know or care that it's there. So the backups are safe.
That means having a linux machine in the house to do the pulling. Build a super tiny linux box with a big hard drive, stick it in a closet, and let it pull nightly backups from Mom's computer. If she gets ransomwared, just reformat her hard drive, reinstall the OS, and grab her personal files from the backup. She never has to interact with linux, and her files are pretty safe.
Yeah, I wasn't talking about phishing, I was talking about ransomware only. And yes, it would be eliminated by using Linux. No, it wouldn't be replaced, unless some company were stupid enough to create and popularize an email client that automatically executes code contained in an email attachment (or downloaded from a site pointed to by the email), and people were stupid enough to use this client in ridiculously huge numbers.
https://www.youtube.com/watch?...
And how exactly do you get malware to run on a Linux computer?
"Please download this attachment, then open up a terminal window, use 'chmod' to change the permissions to 755, then run the program by typing './runmalware.sh'"
Sorry, but anyone dumb enough to run random software from an email from a sender they don't know is not going to have a clue about how to make a downloaded file executable.
I predict much debate over what's "Important to keep".
I find that debate can be avoided by spending the extra $20 to get the Absurdly Huge External Drive (rather than just the Impressively Huge model). Then you can just back up everything and call it a day.
I don't care if it's 90,000 hectares. That lake was not my doing.