Slashdot Mirror
New and Improved CryptXXX Ransomware Rakes In $45,000 In 3 Weeks (arstechnica.com)
An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.
Someone please turn OFF the deathray.
Thanks,
Gus
Almost all these ransom schemes involve Bitcoin as a form of payment. What would happen to ransomware if Bitcoin collapsed and became worthless?
Maybe it's like asking what the night sky would look like if the stars went away (ie, unlikely), but maybe its use in ransom schemes would be one more reason for the Feds to "ban" it or make it so prohibitive to exchange currency for Bitcoin that asking for ransom in bitcoin would be like asking for it in moon rocks.
Please someone put these people behind bars already. Yes, security holes should be patched, but the criminals behind this need to be taught a lesson. And that lesson should not be that they can continue harassing people as they please.
Someone would croudsource a contract to fix this problem.
In our more civil society, a TLA should be on top of this.
What does the problem not getting fixed say about TLA's?
There are a bunch of other crypto currencies now, a few with multimillion dollar total values. They would switch to another one. There are even new ones with better anonymity guarantees than Bitcoin, making them harder for governments to effectively "ban".
My job got hit by an email-delivered virus that spread across the network and encrypted 200+ hard drives before being stopped. Fortunately, user profiles are stored on the network. Didn't take much time to deploy loaner laptops and re-image the desktops to get the users up and running again.
CryptXXX only runs on Microsoft Windows I presume ..
I would assume the criminals would default to western union and other money transfer services. The fact the mules can be caught doesn't seem to stop Nigerian scammers. Considering most ransom money (in general) is requested in various national currencies, I doubt the feds would give a shit. Also, if even just one country doesn't make bitcoin illegal, bitcoin remains possible for those that are desperate---just transfer your money to the bitcoin supporting country and convert it over there. A willingness to pay ransom kinda says you're desperate...
Using write once media for backups should come back into vogue.
“He’s not deformed, he’s just drunk!”
Doesn't anybody back their crap up?
If Bitcoin wants to be considered legit, then there needs to be a way to invalidate these kinds of transfers and delist the ill gotten coins.
If you use appy app apps instead of LUDDITE software, you can't be infected by LUDDITE ransomware! You should switch to Appdows 10 or AppOS, because as modern app appers know, ONLY apps can app apps!
Apps!
0.0.0.0 astra1767.startdedicated.net
0.0.0.0 startdedicated.net
0.0.0.0 www.capitalsend.info
0.0.0.0 capitalsend.info
0.0.0.0 bikespot.in
0.0.0.0 ns1.capitalsend.info
0.0.0.0 ns1.investmentreply.info
0.0.0.0 investmentreply.info
0.0.0.0 capitalsend.info
0.0.0.0 www.investmentreply.info
0.0.0.0 pure-send.com
0.0.0.0 anlegersmart.com
0.0.0.0 communicationsdigest.com
0.0.0.0 fininvest.info
0.0.0.0 finreply.info
0.0.0.0 finstock.info
0.0.0.0 sharefinance.info
0.0.0.0 sharefinancial.info
0.0.0.0 sharehold.info
0.0.0.0 smartanleger.net
0.0.0.0 spamerlist.com
0.0.0.0 yourspamshield.com
0.0.0.0 hn5fbbc4pyz77xfa.onion.to
0.0.0.0 onion.to
0.0.0.0 hn5fbbc4pyz77xfa.onion.cab
0.0.0.0 onion.cab
0.0.0.0 hn5fbbc4pyz77xfa.onion.city
0.0.0.0 onion.city
* Those are ALL of the listed C&C Servers etc. from the source article to add to a custom hosts file to not only BLOCK this bogus machination, but to also stop it from functioning PERIOD...
(Per source security-analysis source article -> https://sentinelone.com/blogs/... )
APK
Whoever said crime doesn't pay didn't know about the booming ransomware market.
Right, I bet they never heard of bank robberies either.
All currencies have illegal activity linked to them, you think that with the advent of bitcoin suddenly illegal money transactions started?
Hell, I'm wondering what would happen if people, like, you know, backed up their shit once in awhile to an external USB drive.
Sure, you'd still have the incidences of getting bit during the backup (while the drive was plugged in), but if you use your head about it, the odds become almost astronomical in your favor.
Quo usque tandem abutere, Nimbus, patientia nostra?
Maybe it would be like post-WW1 Germany. You'd have to pay a billion bitcoins for a $100 ransom.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
By that logic it's time to outlaw all currency, there isn't a single one I'd know of that isn't use to deal in drugs.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bank robberies have not been a good idea for a pretty long time now. Your loot is usually crappy, your chance to get caught is insanely high.
Hold up a 7/11 instead. More money, less danger.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Death to these ransomware pricks.
Just cruising through this digital world at 33 1/3 rpm...
Modern app appers don't have to worry about LUDDITE ransomware because only apps can app apps, NOT LUDDITE HOSTS files!
Apps!
I would be like a Robin Hood type of criminal. I would tell my target to make it rain $1,000 in low bills in a large public place. Random acts of kindness, bitches.
When you are born, a location tracker and credit chip should be implanted into your brain.
Perhaps, but BitCoin has driven such activity to a whole new level of ease for the bad guys. Now you can collect payment from your mark and collect without having to exchange a briefcase of paper, diamonds, bullion or some other physical material or go though the risk of accepting a credit card payment or wire transfer.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity. Compliments firewalls (w/ layered drivers blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load). Gets data via 10 security sites.
Ads rob bandwidth/speed, security (malvertising), privacy (tracking) + anonymity.
Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively. Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)
Works vs. caps & HTTP PUSH ads w/ firewalls.
Avg. webpage = big as Doom http://www.theregister.co.uk/2... & ads = 40% of the size.
APK
P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "I've seen the code & it's safe" http://forum.hosts-file.net/vi... )
It would cost more in electricity to run the block chains on a billion BitCoins that the $100 ransom.. Only the miners would win, if there where any miners out there at that point.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Identity theft is much more lucrative and less risky I hear...
Personally, I prefer "Hard work" as a means of supporting myself and family, but hey, blame the way I was raised.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
That works out to about $800,000 per year. It's a lot for one person, but there are likely many people working on this. They're not even sitting back and watching the money roll in; they've been constantly working to keep up with the white hats. If there are more than 10 people working on this, they could probably get normal jobs that would pay nearly as well. So it actually looks like we're doing a pretty good job of making this unprofitable. I suppose the determining factor is local salaries, so it will be profitable in very poor countries but not in richer ones.
"Hard work"? Please. Ok, maybe having some idiots work hard for me, I could see that.
In general, I follow the law of nature: Least expense for the maximum revenue.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I think the backup thing is compounded by people who do backup but leave the backup disk connected all the time. It's reasonable protection for most system failures, but of course completely at risk for malware. The same goes for cloud sync systems and so forth.
You and I know that backups should be offline to be safe, but a lot of people don't, including people who should.
I've got a server with Raid 1 for backups. At one time, it seemed like a good idea but, obviously, the bad guys can encrypt my backups with this setup where I'll end up having redundant copies of mush. What is the best solution now so that I can totally thumb my nose at at the first person that manages to encrypt a family member's computer? An offline USB Drive may be good but doesn't feel very automated to me :-(
Yes but only because law enforcement and the courts have not figured things out yet. Compared to say cause and money laundered through other more conventional meas, its should be much easier to trace BitCoin. I mean you can follow the money back thru all the wallets its passed through. So it should be easy to 'find' coins that have been thru that wallet. Talk to all the people who accepted those coins and work backward. No sure the ransom-ware operators can do things to make that harder by say moving the money thru a bunch of internal wallets, but even that is going to create traceable events.
Once a BitCoin is hot its effectively always hot. Its like sting operations where LEO's pay criminals with bills they have noted the serial numbers... If law enforcement got its act together and worked on understanding the technology rather than trying to regulate it out of existence, backdoor it etc, they might discover it already does a lot of their hard work for them. I suspect BitCoin may prove to be a liability for the criminals; more so than the old cash dead drop method.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Problem is... which currency? There are a lot of crypto-currencies out there, even people who have services where one can make your own cryptocurrency with various parameters. BitCoin was the first and has the most support from the mainstream. I can't really go up to a website and pay them in Dogecoin as I can with BTC.
A BitCoin 2.0 is possible, but the hard part is getting critical mass. We already got through initial growing pains with BTC, and people are way about another currency and possible Mt. Gox style incidents.
Even though BTC has little anonymity (even tumbling doesn't help that much, as one can still "follow the money" and watch tainted coins), it is not going anywhere.
If someone can void the transfers and delist the illegal transactions, what keeps someone from voiding legit transactions under some pretense? For example, if a group is disliked in a country, what is to say the same mechanism that stops ransomware transactions would not be used to stop dissident organizations, or rival parties against the incumbant come an election?
The thing about BTC is that it gives plenty of rope to hang people with. The blockchain is immutable, and even though people don't know who owns a wallet, they can follow the money and start inferring.
It is just an arms race escalation. Used to be that an external HDD was good enough. Now, probably the cheapest ransomware protection is a NAS that does ZFS/btrfs snapshots (if not backs itself up to an external HDD) so ransomware can only trash a share, which can be recovered.
I didn't specify what kind of "hard work" well enough I guess. Can we say working hard in a smart way? I.E. Working hard and getting the most I can for my efforts in the most moral and ethical way I can. So, if you want to pay me the most when I work hard for you, let's talk...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I don't think the problem with law enforcement is lack of understanding or technical ability, but more of a lack of interest in "solving" such crimes because of the sheer amount of cost it would involve.
Think about it... Your local police don't care that you are getting forced to pay $50 to get your files back, well they don't care *enough* to bother doing anything more than possibly making an official report (if that). The local police don't have the resources or time to follow up and the criminal is unlikely to be within their jurisdiction anyway. The state police are too busy solving bigger crimes to bother with such a 2 bit $50 extortion crime even though it's slightly more likely the criminal was within their jurisdiction. The Federal police (FBI) REALLY doesn't care about your $50 ransom payment, they have so much bigger fish to fry that they won't likely bother to even take a report from you, unless it happens to be aligned with some investigation already in progress, even then what can they do if the criminals are overseas? Nothing.
So it's not lack of ability, it's lack of motivation. Literally, those who could do something are too busy to care and those who care can't do anything.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
didn't mention Microsoft Windows when it's obviously Windows ransomware.
how much they pay you?
Fuck you, Scamcoin apologist. You just can't face the fact that your "super cool digital libertarian wet dream" hasn't taken off among the general populace, just sleazeball criminals.
Imagine if we applied this thinking to anything that's been transferred from the analog age to the digital age.
"The internet makes 419 scams that much easier!"
"The internet makes fake lottery scams so much easier!"
"The internet makes swapping child porn that much easier!"
etc, etc. We could ban so many things with this idea that making something easier for criminals (that still provides legal value).
IMHO, simply making it easier for criminals is a dead argument and just shouldn't be made.
Let's get right to Godwin:
Hitler was a Eugenicist
Vlad Tepes was a Statesman
Pol Pot was a Patriot
Charles Manson was a Family Councilor
These vermin are not _developers_, any more than they are "Businessmen". They are _vermin_. Rat poison, the kind that takes a while to work, and leaves a smelly corpse, is too good for them.
Goodin, and by extension manishs, are guilty of legitimizing them by using that term, and thus degrading the reputation of _real_ developers.
Hmmph!
I run a small computer consulting/support business on the side. To date I've gotten 3 inquiries which were ransomware-related. (Might've been 4. The person's symptoms sounded like ransomware was in the process of encrypting his files. I told him to this and to immediately shut everything down and to contact me again for further steps, but he never did.) Meanwhile I've gotten dozens of inquiries about how to get "irreplaceable" data off dead hard drives or thumb drives, or which had been accidentally formatted, deleted, or overwritten.
Back up your data. Ransomware is the least of your worries. The media just reports stories about it disproportionately (like they do plane crashes and nuclear accidents). Even if ransomware didn't exist, you should still be backing up your data.
That may be true but when its one guy scamming 5000 people out of $50 then that are bit bigger fish. I don't think anyone is authoring crypto malware in hopes of only scamming a handful of people out of $50 not worth the trouble. They either hope to hit a large number of individuals or a sizable organization the can take for a large sum in one shot. Either way they go about it their own success should make them big enough to be interesting to law enforcement.
At that point I think a follow the money type investigation should be able to produce some pretty solid evidence against these criminals, and BitCoin should make it easier to prove that case not harder as compared with cash after traditional laundering schemes have been employed.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
I have a backup of my backup. With the prices of HDs that is not really an issue anymore. The reason? During a system upgrade where I reformatted my HDs in my PC (not an issue as I have backups) and at that moment my NAS decided to die.
So now I have backups of my backups. And yes, they are incremential backups.
Don't fight for your country, if your country does not fight for you.
BitCoin
I love it when people spell it like this; I can immediately tell how informed they are.
The bitCoin protocol has a parameter called "difficulty" which makes blocks cheaper to find when the price goes down.
See subject: Hosts block its TOR parts too. Can't harm you if you can't touch it. Hosts work vs. host-domain name based based threats, firewalls do the rest complimenting it (for far less used IP addresses in threats).
* Gotta LOVE you "theoretical what if" scenario types (minus any proof of your words) - you're VERY easy to get the better of where it matters (the topic @ hand which DOES use TOR & hosts work vs. it... period/end of subject).
APK
P.S.=> Blocking access to TOR services served by hostnames works via hosts too (see my list above, it does that vs. this malware)... apk
We have a tough enough time affording and convincing people to use vaccines on their babies, and vaccines don't risk hacking or upgrade problems.
If you think this is an important story to discuss, the submission link is located here:
https://slashdot.org/submissio...
Otherwise, why post an offtopic link? You are just being buried under all the other posts on the current article, and getting down modded so that the majority of people don't even see the link you are posting.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
This comment made me stop and think. I have now spent approximately 30 minutes trying to determine what was the best way to do backups to replace my backup to external USB, as ransomware now makes that not a good solution anymore. This is for home use, not work use as work can afford the expensive solutions.
The solutions I just ran through were:
Tape - probably would cost upwards of $10k or require more work from me every backup swapping tapes
Blu Ray - Even worse...tape is 800GB for a reasonably priced drive, Blu Ray is 50 GB for a reasonably priced disc.
External Hard drive - A lot less maintenance from me; swapping drives every week. Approximate cost for me would be 150 for two drives that would be able to store most of my data
Then I remembered Amazon Glacier
It looks like there are some pretty decent software backup solutions that integrate with Glacier, such as https://fastglacier.com/ and Glacier storage is dead cheap, I was backing up 4TB from my house and only spending $8 a month to store it. It also allows for undeletable/overwritable backups, just like swapping drives or tapes would accomplish
Do you have any other recommendations that I have missed for the home user backing up their data?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
See subject: Answer = you don't! You "doomsayer theorize" yet I show hosts stopping the TOR component of this threat!
* ... & again: You don't show the opposite OR even PROOF OF IT!
(Not that it CAN'T happen but you speak minus backing - anyone can do THAT, but NOT EVERYONE BUILDS A VALID DEFENSIVE TOOL SYSTEM AUTOMATOR AS I HAVE).
APK
P.S.=> Perhaps above ALL else (my efforts of those of whom I work with in the security community such as Malwarebytes who HOST & RECOMMEND my ware no less on their sites)? I never EVER have said "hosts cure all", only that they DO MORE FOR FAR LESS vs. other "so-called 'solutions'" out there & nobody's proved me wrong yet on doing more w/ less via what you already NATIVELY have vs. illogically stupidly bolting on "MoAr" that doesn't even DO as much... apk
it doesn't seem like a whole lot -I mean yeah if you are a 12 year old writing code in your basement it is but you know, if you actually put those skills to use and sold some legit software you could probably make a lot more.
See subject & understand FOOLS use TOR the slow compromised piece of crap https://it.slashdot.org/story/...
* So you can TRY to "cast doubt" on my work but it does what I said it does (including blocking the TOR component of THIS threat, our topic no less) - but by way of comparison?
I CAN EASILY CAST DOUBT ON YOUR "MOVING THE GOALPOSTS" mere "theory" with NO BACKING from you on the mechanics you "theorize" (which any DUMBASS can do).
APK
P.S.=> Period... apk
See subject: I hope crooks use TOR - FBI has TOR use by the balls https://it.slashdot.org/story/... as TOR = COMPROMISED!
* Thus, see subject again, & YOU FAIL via your 'theoretical phantasyland bs' MINUS PROOF behind it buddy...
(Me? I easily put up PROOF that FLOORED your "mere theories" bs on TOR... where you don't on a damn thing you say!)
I expect, like all "your kind" that is full of hot-air theories vs. myself actually DOING good things, you'll NOW do a "Run, Forrest: RUN!!!" after your "moving the goalposts" illogic logic theories have failed in the face of proof... how can I say that?
I've done it to "your kind" here 1000's of times before...
APK
P.S.=> And You DID make a "theoretical claim" (which is about ALL YOUR KIND DOES ONLINE, talk unrealistic bs with no proof MOVING THE GOALPOSTS ILLOGIC LOGIC):
Your 'claim' is this malware uses TOR well, PROVE IT in its current design! ... & all I can say to THAT is the above, that TOR = COMPROMISED - thus, the "FeebZ" can "f-it-up-ALL DAY LONG" easily enough - crooks would be STUPID TO USE IT now, as would ordinary users... apk
See subject: ...I hope crooks use TOR setting themselves up to be caught - TOR = FBI compromised https://it.slashdot.org/story/16/06/24/1636200/fbi-is-classifying-its-tor-browser-exploit-because-national-security as TOR = COMPROMISED!
By the way: Hosts BYPASS DNS (part of how they secure you vs. DNS poisonings or being down + more SPEED too locally resolving vs. remote DNS)
Your 'claim' is this malware uses TOR in ALL of its parts (for anything other than PAYOLA) well, PROVE IT in its current design! ... & all I can say to THAT is the above, that TOR = COMPROMISED - thus, the "FeebZ" can "f-it-up-ALL DAY LONG" easily enough - crooks would be STUPID TO USE IT now, as would ordinary users
* Thus, see subject again, & YOU FAIL via your 'theoretical phantasyland bs' MINUS PROOF behind it buddy...
APK
P.S.=> Trying to tell ME what to do? Ok, I can do the same:
INSTEAD OF "TALKING", DO WHAT I HAVE - BUILD SOMETHING THAT HELPS, ok?... apk
Even if the FBI has an attack on Tor, it doesn't matter at all because the perpetrators are probably in a country where they have no jurisdiction. I don't know why you keep pointing that out like it means something in this case. The malware authors are not afraid of the FBI. The fact that they use Tor is to make it harder for non-FBI people to detect and stop them. Also I don't think you understand how host resolution works works. The fact that the malware contains its own DNS code means that it can 100% ignore your hosts file. The proof is in the article that YOU linked.
See subject: It's all you can manage & never a shred of proof...
APK
P.S.=> You know what? Why don't you just say this thing has links to atom bombs it can detonate @ any time too?? LMAO... apk
See subject: My hosts file data sources block both phish & spam malicious payload link sources - now, try tell me hosts don't work here, ok?
Unlike YOU? I provide proof of it in the 1st line of one of the source articles https://sentinelone.com/blogs/...
As to proof of my hosts file data sources blocking phish & spam? Look NO FURTHER than Malwarebytes' hpHosts (who both HOST & RECOMMEND my ware + have audited it for code safety as well) http://hosts-file.net/?s=Downl...
FACE FACTS: You FAIL on ALL LEVELS CONCERNED here...
APK
P.S.=> Like I said @ the start of this 'phantasyland theoretical fiasco' you started? What you CAN'T TOUCH can't HARM YOU... period! apk
Well I think bitcoin should be singular. As in "...received 70 bitcoin."
Whenever I see "bitcoins", I think of the amount being a wallet of several individual bitcoin, like a dollar bill, an individual thing, which it is not.
See subject: I spanked you with facts (not your fiction theories) - I've got other means covered too... & you KNOW it.
* You lose...
APK
P.S.=> I suppose that's WHY you use a FAKE NAME online - you KNOW you're fake with NOTHING to show for yourself... me? I'm not like that @ all & my works show it for me... apk