Slashdot Mirror
New and Improved CryptXXX Ransomware Rakes In $45,000 In 3 Weeks (arstechnica.com)
An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.
There are a bunch of other crypto currencies now, a few with multimillion dollar total values. They would switch to another one. There are even new ones with better anonymity guarantees than Bitcoin, making them harder for governments to effectively "ban".
Using write once media for backups should come back into vogue.
“He’s not deformed, he’s just drunk!”
Hell, I'm wondering what would happen if people, like, you know, backed up their shit once in awhile to an external USB drive.
Sure, you'd still have the incidences of getting bit during the backup (while the drive was plugged in), but if you use your head about it, the odds become almost astronomical in your favor.
Quo usque tandem abutere, Nimbus, patientia nostra?
Send spies into their home at 3am to break both their arms in a "bathtub accident", or pull an Israel and cut off their Jingle Bells. Or trick them via Judo call-ladies, who perform both actions.
Table-ized A.I.
No, no they don't. I have spent WAY too many years of my life evangelizing backup solutions. And I can tell you without a moments hesitation, that they do not. In fact, when computer illiterate people jack their files up with CryptXXX, if you have touched their machine in the last 6 months, it will be your fault. That's how their minds work. It's why they spend hours on Facebook and we have technical job. (and completely misunderstand each other)
CryptXXX only runs on Microsoft Windows I presume ..
I recently switched to Linux Mint; could you perhaps recommend some good Linux-compatible ransomware that I can run on my machine?
Just cruising through this digital world at 33 1/3 rpm...
Hell, the US Government can't even do anything about "Bridget from Card Services", you expect them to be able to find and do something about these scammers?
There is no God, and Dirac is his prophet.
If someone can void the transfers and delist the illegal transactions, what keeps someone from voiding legit transactions under some pretense? For example, if a group is disliked in a country, what is to say the same mechanism that stops ransomware transactions would not be used to stop dissident organizations, or rival parties against the incumbant come an election?
The thing about BTC is that it gives plenty of rope to hang people with. The blockchain is immutable, and even though people don't know who owns a wallet, they can follow the money and start inferring.
I don't think the problem with law enforcement is lack of understanding or technical ability, but more of a lack of interest in "solving" such crimes because of the sheer amount of cost it would involve.
Think about it... Your local police don't care that you are getting forced to pay $50 to get your files back, well they don't care *enough* to bother doing anything more than possibly making an official report (if that). The local police don't have the resources or time to follow up and the criminal is unlikely to be within their jurisdiction anyway. The state police are too busy solving bigger crimes to bother with such a 2 bit $50 extortion crime even though it's slightly more likely the criminal was within their jurisdiction. The Federal police (FBI) REALLY doesn't care about your $50 ransom payment, they have so much bigger fish to fry that they won't likely bother to even take a report from you, unless it happens to be aligned with some investigation already in progress, even then what can they do if the criminals are overseas? Nothing.
So it's not lack of ability, it's lack of motivation. Literally, those who could do something are too busy to care and those who care can't do anything.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I run a small computer consulting/support business on the side. To date I've gotten 3 inquiries which were ransomware-related. (Might've been 4. The person's symptoms sounded like ransomware was in the process of encrypting his files. I told him to this and to immediately shut everything down and to contact me again for further steps, but he never did.) Meanwhile I've gotten dozens of inquiries about how to get "irreplaceable" data off dead hard drives or thumb drives, or which had been accidentally formatted, deleted, or overwritten.
Back up your data. Ransomware is the least of your worries. The media just reports stories about it disproportionately (like they do plane crashes and nuclear accidents). Even if ransomware didn't exist, you should still be backing up your data.