Slashdot Mirror

← Back to Stories (view on slashdot.org)

Koolova Ransomware Decrypts For Free If You Read Two Articles About Ransomware (bleepingcomputer.com)

Posted by BeauHD on from the contrary-to-what-is-usual dept.

An anonymous reader quotes a report from BleepingComputer: We have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles. Discovered by security researcher Michael Gillespie, this in-development ransomware is not ready for prime time. In fact, I had to mess with it a bit and setup a local http server to even get it to display the ransom screen. In its functional state, Koolova will encrypt a victim's files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key. It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files. The articles that Koolova wants you to read are an article from Google Security Blog called Stay safe while browsing and BleepingComputer's very own Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article. Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available. Once you click on this button, Koolova will connect to the Command and Control server and retrieve the victim's decryption key. It will then display it in a message box labeled "Nice Jigsaw," in reference to the Jigsaw Ransomware, that displays your decryption key. A victim will then be able to take that key and enter it into the key field in order to decrypt files.

80 comments

  1. Is there a quiz afterwards? by SeaFox · · Score: 3, Insightful

    How does it know if you really read the articles?

    1. Re:Is there a quiz afterwards? by Anonymous Coward · · Score: 0

      If you fall for an educational ransomware and your first idea is "how do I avoid being educated", then you will assuredly get actually ransomwared for real soon enough.

    2. Re: Is there a quiz afterwards? by Anonymous Coward · · Score: 0

      What if the user doesn't have an internet connection?

    3. Re: Is there a quiz afterwards? by Applehu+Akbar · · Score: 2

      What if the user doesn't have an internet connection?

      Then he obviously wouldn't have been infected in the first place.

    4. Re: Is there a quiz afterwards? by ayesnymous · · Score: 1

      What if your internet goes down right after infection?

    5. Re: Is there a quiz afterwards? by fbobraga · · Score: 1

      yeap: how can he attend the quiz with no internet access?

  2. The author of this software needs education. by mmell · · Score: 4, Interesting
    Serious thwappage with a +5 Louisville Slugger should do the stunt nicely!

    I suspect the moron actually believes he's doing someone a favor - but there is never an ethically appropriate way to damage or steal information that isn't yours on equipment that isn't yours. As I recall, wasn't there some clod that released a virus a decade back that actively (attempted to) hunt down and remove other virii from infected computers, ostensibly as a public service? The idea ended up conceptually integrated into other exploits as a way to ensure that a given bot was only enslaved by one botnet at a time, a very valuable idea for botnet operators but hardly a public service.

    1. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      but there is never an ethically appropriate way to damage or steal information that isn't yours on equipment that isn't yours

      It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.

      The world needs more education opportunities like this, where they can have a chance to change without actually getting hurt.

      --
      Irresponsible disclosure is responsible
    2. Re:The author of this software needs education. by Anonymous Coward · · Score: 0

      I'm prepared. I just today proved it. Got an SSD to replace the hard drive in my laptop. Three hours from removing the old hard drive to everything installed and copied on the SSD and working. BTW, the old laptop HDD is in a USB enclosure now as a backup in addition to my other backups, two of which are stored at a secure off-site location.

    3. Re:The author of this software needs education. by Anonymous Coward · · Score: 0

      ethically it imposes to much on others takes choice and involvment. its illegal and unethical.

    4. Re:The author of this software needs education. by Anonymous Coward · · Score: 0

      I would agree that one should not push thier own ethics on someone else, but the act of damaging my property and coercing me to take some action, is essentially the same as the other person pushing thier ethics on me.

    5. Re:The author of this software needs education. by Anonymous Coward · · Score: 0

      As I recall, wasn't there some clod that released a virus a decade back that actively (attempted to) hunt down and remove other virii from infected computers, ostensibly as a public service?

      Yeah, that was the Microsoft Windows Welchia/Nachi worm, written as a countermeasure to the Microsoft Windows Blaster worm.

    6. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      Ethically, this is like pushing someone out of the road so they don't get hit by a car. The pushing might hurt them a bit, but it's way better than getting hit by the car.

      So many people are internet roadkill, they just don't know it yet.

      --
      Irresponsible disclosure is responsible
    7. Re:The author of this software needs education. by Anonymous Coward · · Score: 1

      Ethically, this is like pushing someone out of the road so they don't get hit by a car. The pushing might hurt them a bit, but it's way better than getting hit by the car.

      Except that it is more like grabbing someone and holding them in front of oncoming traffic until they admit that they should be more careful in the future.

      From TFA:

      It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files.

      That is irresponsible and indefensible.

    8. Re:The author of this software needs education. by hawk · · Score: 1

      Many years ago there was a proposal for the "Tux Virus."

      The notion was that it would download a linux distribution with FVWM95 as the window manager, use Wine for the windows binaries, and probably include OpenOffice.

      Some even deluded themselves that it would take the victim a while to notice.

      Fortunately, those that had the actual ability to do this (that is, to come as close as possible; it's not like Wine was up to running random binaries) had better things to do, or had been taught better by their mothers.

      Unfortunately, that was not the case for vigor, which actually got implemented . . .

      hawk

    9. Re:The author of this software needs education. by Anonymous Coward · · Score: 0

      My ethics state it is fine to push my ethics on others.

      By telling me not to push my ethics on you, you are actually pushing your ethics on me.

    10. Re:The author of this software needs education. by jmcharry · · Score: 1

      That sounds like pure ethical relativism, which isn't sound. If someone thinks it ethical, nay a duty, to exterminate all the left handed, it is OK to push my opinion on him. There may be hard problems and the answers may depend on details, including social circumstances, but there is a difference between right and wrong.

    11. Re: The author of this software needs education. by Anonymous Coward · · Score: 1

      Deleting my files for not reading an article is no less damaging than deleting my files for not paying a ransom. That's like pushing someone in front of a train to save them getting run over by a truck.

    12. Re: The author of this software needs education. by Anonymous Coward · · Score: 0

      And if your backup program overwrites old backups with new backups that have been encrypted, you're still screwed.

    13. Re:The author of this software needs education. by OrangeTide · · Score: 1

      It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.

      I'm interested in hear more about Absolute Ethics.

      --
      “Common sense is not so common.” — Voltaire
    14. Re: The author of this software needs education. by OrangeTide · · Score: 1

      Hopefully he uses incremental backups. Having a backup system of N=1 is usually asking for trouble.

      --
      “Common sense is not so common.” — Voltaire
    15. Re: The author of this software needs education. by Anonymous Coward · · Score: 0

      deleting your files is no less damaging.

      but keeping your files for the price of reading two articles is better than for a paying a ransom.

      ergo, this software is less bad, more good, and it is you who needs an education.

    16. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      Relative to me, my ethics are absolute.

      --
      Irresponsible disclosure is responsible
    17. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      This is not a case of "eliminate all left-handed." You might argue that some ethical systems are not sound, and maybe you would be right, but the crux of this issue (which you seemed to miss in your generalized rant), is that I disagree with his idea of 'ethical.'

      --
      Irresponsible disclosure is responsible
    18. Re:The author of this software needs education. by OrangeTide · · Score: 1

      No ethics? (0)

      --
      “Common sense is not so common.” — Voltaire
    19. Re: The author of this software needs education. by Anonymous Coward · · Score: 0

      I would not mind if we hunted down and killed the author.

    20. Re: The author of this software needs education. by Anonymous Coward · · Score: 2, Insightful

      I think a more appropriate analogy would be pushing someone in front of a moped to save them from getting run over by a truck...

    21. Re: The author of this software needs education. by Anonymous Coward · · Score: 0

      Total BS. Tolerance is but a peace treaty. https://extranewsfeed.com/tolerance-is-not-a-moral-precept-1af7007d6376#.r9gbxbo32

    22. Re: The author of this software needs education. by Anonymous Coward · · Score: 0

      I think a more appropriate analogy would be pushing someone in front of a moped to save them from getting run over by a truck...

      No, it's like pushing someone into oncoming traffic so they learn it's not a good idea to allow themselves to be pushed into oncoming traffic.

    23. Re: The author of this software needs education. by Anonymous Coward · · Score: 0

      But what's really unethical in all these car analogies are the points that the person pushing the other person is preventing the driver of the vehicle that was going to originally collide with the push-ee. Especially if it's a small child. Those are 500 points, aren't they? I mean, maybe if it's somebody elderly since that's only 100 points.

      We should do something about these samaritans who prevent us from getting roadkill top score.

    24. Re:The author of this software needs education. by Anonymous Coward · · Score: 0

      >but ethical? Absolutely.
        Errr, the virus author could make people read those articles through a more ethical background image change or nagging pop-up. Instead of actually threatening their files. This oh so ethical teacher could reminding the user that a LESS ETHICAL author would actually be threatening but not them. They're here to help, right? RIGHT?

      (Yeah just start smashing peoples' houses in as a reminder to lock their doors that's real ethical. Do not confuse 'tough-love with delivering a message people will appreciate).

    25. Re:The author of this software needs education. by quintus_horatius · · Score: 1

      Different people have different ethics, you shouldn't push yours on other people.

      You're confusing ethics, which are based on principles and are not relative, with morality, which is relative and malleable.

      Look at it this way: slavery has never been and never will be ethical but it is, at some times in some places, moral.

    26. Re:The author of this software needs education. by linuxrocks123 · · Score: 1

      I'd never heard of this. It's a fun thing to think about, but of course unethical and also a bad idea for obvious PR reasons ("LINUX IS A VIRUS!") to actually do.

      Many people wouldn't notice possibly ever, at least until someone technically literate looked at it and told them what had happened. Why would they? They'd just think it was a normal Windows update that included some UI changes.

      Now, if the virus's autoconfig was poorly written and gave them a broken setup, they'd certainly notice something was broken, but would probably blame Microsoft ("Windows Update broke my computer!") . There's no need for them to write their own autoconfig: KNOPPIX's almost always works, so they could just use that.

      As long as everything works, they'll just adapt to any UI changes, because they'd assume Microsoft had pushed them out, this UI was the latest version, and the path of least resistance is to adapt to the chance rather than fight it. The reason some people throw up their hands and get so whiny over minor UI differences between Linux and Windowsis is because the path of least resistance is to reject any optional change to their setups.

      --
      vi ~/.emacs # I'm probably going to Hell for this.
    27. Re:The author of this software needs education. by cwsumner · · Score: 1

      Different people have different ethics, you shouldn't push yours on other people.

      You're confusing ethics, which are based on principles and are not relative, with morality, which is relative and malleable.

      Look at it this way: slavery has never been and never will be ethical but it is, at some times in some places, moral.

      Note: Slavery was advocated by humanitarians, in ancient times, as a way to avoid the slaughter of capured enemy soldiers.

    28. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      The 'principles' which you choose to base your ethics on are entirely subjective.

      --
      Irresponsible disclosure is responsible
    29. Re:The author of this software needs education. by quintus_horatius · · Score: 1

      Subjective? No, not really.

      The basic ethical principle is to not interfere with another's well-being. The definition of well-being may appear changeable but it should be the subject's definition and standard of well-being, not your own.

      From the single principle, which we may restate as "treat others the way they want to be treated," we can derive prohibitions against murder and assault; lying, and from that cheating; theft, and from that malicious vandalism (depriving property from another, even if you don't benefit from it); and so on.

      The relationship goes both ways. The subject may not turn it around and complain that your existence interferes with their well-being, since ending your existence would interfere with your well-being.

      These derivations from the core principle are not subjective, and in fact are quite logical and can be reproduced by anyone regardless of culture.

      Contrast that with morality, which is very subjective. Moral codes are defined by your culture, and will vary from time to time and place to place, and even from sect to sect within the greater culture.

      Moral codes may be based on ethical principles but are not necessarily so, and not every moral edict is derived from an ethical principle or derivation. Your culture may have conditioned you to think that certain practices ethical but, when turned around and viewed from a subject's point of view clearly are not. The aforementioned issue of slavery is like that: the slave-owners may have decided that slavery is conducted with the slave's best interest at heart, but ask the slave how s/he feels about it and you'll get a very different answer.

    30. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      The basic ethical principle is to not interfere with another's well-being.

      That's your suggested ethical code. It's not everyone's. Is it ethical to pirate music? To violate copyright?

      --
      Irresponsible disclosure is responsible
  3. my own internet by AndyKron · · Score: 4, Funny

    That's it. I'm making my own Internet, and nobody else can be on it.

    1. Re:my own internet by Anonymous Coward · · Score: 0

      Not even me? :(

    2. Re: my own internet by Anonymous Coward · · Score: 0

      That's it! I'm going to talk to myself because all you morons have nothing interesting to say!!

    3. Re:my own internet by Anonymous Coward · · Score: 1

      With blackjack! And hookers! In fact, screw the internet!

    4. Re:my own internet by Big+Hairy+Ian · · Score: 1

      That's it. I'm making my own Internet, and nobody else can be on it.

      I just switched to Vodafone for Broadband & Mobile data. I'm now officially off grid :)

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    5. Re:my own internet by antdude · · Score: 1

      So, it would be an Intranet? ;)

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    6. Re: my own internet by The-Ixian · · Score: 1

      You're taking your words and going home?

      --
      My eyes reflect the stars and a smile lights up my face.
  4. "If I were ransomware you'd be pwned now" by Anonymous Coward · · Score: 0

    with no threat of damage would be more effective. Not very, but at least more than really putting people's data at risk

  5. Security Researcher Huh? by Anonymous Coward · · Score: 0

    Am I the only person thinking these security researchers are the authors of the various forms of malware of late? Gotta keep the grant funding machine lubricated in academia afterall.

    1. Re:Security Researcher Huh? by manu0601 · · Score: 1

      Am I the only person thinking these security researchers are the authors of the various forms of malware of late?

      It would not make sense. Black hat people have an incentive to make malware: they make money from it. Security researchers make money in the fight against malware they do not need to create. And creating malware would be stupid for them, as it would introduce the risk of dealing with justice.

    2. Re:Security Researcher Huh? by Anonymous Coward · · Score: 0

      And the black hats probably deserve more money since the security researchers are always two steps behind the guys writing the malware. The brilliant security researchers are semi competent in unraveling the malware after it shows up in the wild but they seem hopeless confused about how to actually prevent malware. And it would not be surprising at all to have some people playing both sides of the fence so they can make more money AND publish their latest findings so they can look smart.

  6. The Start of Something Bigger? by speedplane · · Score: 4, Insightful

    This is a fun example, but it suggests that ransomware can be used to induce people to do much more than paying a fee. On the more benign side, you could easily see some ransomware require you to click on a dozen or so affiliate links. More troubling, in another iteration the ransomware would only decrypt your files if you order products using a stolen credit card that is provided to you, or if you transfer some child porn from server A to B. Sounds like it could be out of a Black Mirror episode.

    --
    Fast Federal Court and I.T.C. updates
    1. Re:The Start of Something Bigger? by Dutch+Gun · · Score: 2

      We've already seen ransomware that either allows a victim to pay, or to infect at least two other paying victims, using a customized version of the malware for tracking purposes.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    2. Re:The Start of Something Bigger? by gnick · · Score: 1

      This is a fun example, but it suggests that ransomware can be used to induce people to do much more than paying a fee.

      You and I have radically different definitions of "fun." This "fun example" will encrypt and then delete your data if you don't follow its demands. I don't care if the only demand is filling in a captcha, it's not acceptable to threaten consequences for failing to comply.

      Personally, I can think of a few knee-jerk reactions that I might have to discovering this. None would be to just click on the links unless I knew ahead of time that it would work. My response would certainly not be blindly following directions given to me by ransomware - In this case to my own detriment.

      --
      He's getting rather old, but he's a good mouse.
    3. Re:The Start of Something Bigger? by speedplane · · Score: 1

      Personally, I can think of a few knee-jerk reactions that I might have to discovering this. None would be to just click on the links unless I knew ahead of time that it would work. My response would certainly not be blindly following directions given to me by ransomware - In this case to my own detriment.

      "I don't negotiate with terrorists", says the person who has never been held hostage.

      --
      Fast Federal Court and I.T.C. updates
  7. I just shot a kitten by Anonymous Coward · · Score: 0

    If you don't read this article about why guns are bad I'm going to keep shooting kittens.

  8. Time to upgrade! by Anonymous Coward · · Score: 0

    Common Sense 2017 just came out. Make sure you upgrade and spread the word!

  9. What a coincidence! by Jester998 · · Score: 1

    In a strange coincidence of "one thing happening after two other things happen", the "please stop breaking my knees" button becomes available after the ransomware's author has had both of his knees broken.

  10. What an idiot by Misagon · · Score: 4, Insightful

    There is no doubt that this is both unethical and illegal in most jurisdictions.

    It also won't work. Regular computer users are not knowledgeable. Even experienced users, even people with college degrees in computer security will err. People will mistake the dialogue box for an ad, people will think that it will go away with a reboot, etc. That users err is a natural law, the first thing they teach you in User Interfaces 101.

    It won't be fool-proof. Even perfect software has bugs. The Internet has outages. People don't always unfiltered Internet access: people travel with their computers, people use their company's computers behind high corporate firewalls etc.

    It will be dangerous. People will get their files deleted, and then they will get angry.
    Even if the author's actions may be legal within the jurisdiction in which he lives (which is doubtful)... he will have made himself a target.
    Delete the files of the wrong person, and he might end up with a busted skull with his blood on the pavement.

    --
    "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
    1. Re:What an idiot by Ungrounded+Lightning · · Score: 4, Insightful

      It will be dangerous. People will get their files deleted, and then they will get angry.
      Even if the author's actions may be legal within the jurisdiction in which he lives (which is doubtful)... he will have made himself a target.
      Delete the files of the wrong person, and he might end up with a busted skull with his blood on the pavement.

      Delete (or even delay access to) the wrong file and he might just kill somebody, too.

      Even if he really wants his victims to read the ransomware rants, putting a time limit on this and deleting the files if the time limit is not met is stupid. Just leaving them encrypted and inaccessible until they've put in their time-as-a-slave to do his bidding leaves the incentive in place. Deleting the files after a time limit causes additional gratuitous harm.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    2. Re:What an idiot by Anonymous Coward · · Score: 1

      Many businesses (especially SMB's) don't consider themself a realistic target for ransomware. It is these same types who assume recommendations of educating users on the dangers of ransomware and its methods of delivery, having appropriate policies in place to mitigate prevention, having backups (not "I sometimes backup my two decades old payroll software to a thumbdrive but sometimes I forget to put it in the coffee mug after") or even having a god damn anti-virus that isn't appended with "Free" are just boogeyman scare tactics to get them to buy something they don't need.

      You know what gets these people to prepare? Suffering the consequences of their inaction. Nothing turns that thought process around like weeks of lost business and downtime because they made poor assumptions. It might be unethical but having nothing short of a legitimate threat is quite often the only thing to get someone in a company to recognize just how close to falling off the ledge they really are. Having a wait timer isn't a threat -- it's just a few hours of lost business productivity. Having an arbitrary threat of data loss for not accepting an opportunity to educate yourself and accept the mulligan you have been granted is the difference between backing away from the ledge and realizing the fall.

      I sympathize with those who have been affected my ransomware and sometimes through multiple failsafes entities will still succumb to worst case scenario. It sucks, and I am approached at least every other month with a nasty case of it. But then again, 50% of those who are quite often suffer damages that we predicted and made prevention recommendations for but were ignored on multiple accounts. Even worse is the perception for these incidents is that it is our fault they are fucked and not the ransomware author. We can just wave the magic wand and make the problem go away, right? That's how IT always works, right? Why can't we do it now when you have no backups and nobody seems to have a fallback solution to keep the business afloat?

      I dunno, why don't you ask the ransomware support and see what they have to tell you.

    3. Re:What an idiot by Anne+Thwacks · · Score: 1
      That users err is a natural law, the first thing they teach you in User Interfaces 101.

      Perhaps it should appear a bit later in the course. They seem to forget by session 102.

      At the same time it might be worth explaining that now resolutions have improved beyond 640x480, expecting users to be able to click on a window border 1 pixel wide is unrealistic. - Or are GUI developers stuck with 640x480 resolution for some reason I don't understand?

      --
      Sent from my ASR33 using ASCII
    4. Re:What an idiot by thegarbz · · Score: 1

      What an idiot he is by making light of the issue of Ransomware by getting into the news without even releasing a product. We should set his balls on fire.

  11. way to run a fuckton of scripts, google by Anonymous Coward · · Score: 0

    When I click on the link "stay safe while browsing", I get a Google Security Blog, and the rest of the page is blank. Am I doin it right? :)

  12. Ransomware pushes its ethics onto others by Roger+W+Moore · · Score: 4, Insightful

    It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.

    The author of this ransomware is doing exactly that though: forcing others to accept his ethics. So using your own definition of ethical behaviour this is still unethical. Arguing that this is an ethical way to motivate learning is the same as arguing that spreading curable STDs is an ethical way to educate people into having safe sex.

    1. Re:Ransomware pushes its ethics onto others by Anonymous Coward · · Score: 0

      Can't wait for the next step in ransomware - ransomware programs that mimic this thing, telling people to read a few articles - after which they get their keys unlocked. Of course, on those websites you end up with viruses ready to do the next stage, with the ransomware not letting go until it confirms your computer is now part of a few dozen botnets.

    2. Re: Ransomware pushes its ethics onto others by Anonymous Coward · · Score: 0

      Yes this was my first thought. How would someone know that this wasn't the plan of the author

  13. Can I use it to get a raise from my boss? by Anonymous Coward · · Score: 0

    "Uh-oh, boss. I've been reading about this a lot, but ... *sigh* never even thought that we would be victimized

    "Wait a second, er maybe we don't need to call my friend..."

    "I think we're in the clear.

    These lines, tossed in at the appropriate times, with the proportionate grim look, and a reach for the phone (land line a must!) will get you that raise. Or that walk-in movie role.

  14. Time sensitive life critical systems by Anonymous Coward · · Score: 0

    What could possibly go wrong?

    1. Re:Time sensitive life critical systems by Anonymous Coward · · Score: 0

      I'd say those are the people most necessary to educate on the matter of keeping their shit secure by not opening random files on critical machines when they should be doing their time sensitive work. Some people just won't learn unless they find themselves in a pants-shitting moment.

      As a matter of fact, I'd question the quality of work from someone that lackadaisical.

  15. Fuck it by OrangeTide · · Score: 3, Funny

    Just delete my files, I'm not going to sit down and let a computer lecture me.

    --
    “Common sense is not so common.” — Voltaire
    1. Re:Fuck it by Anonymous Coward · · Score: 0

      Exactly. How long until we see "screw with the user ransomware"? Not long at all I predict.

      Imagine the computer prompt dialogs:

      'Hey, just browse to this site and do this one thing and we'll unlock your files. You did it? Good, now just slap your head 5 times and close a car door on your hand. Done? Good, now just take your couch on to the lawn and set fire to it. No, you have to do it, but it's the last thing, we promise. All done? Good, now just go and say something racist to each of your neighbors...'

      You have to be stupid to cooperate with people who have already revealed they have no morals or ethics, or have bad morals and negative ethics.

  16. No need to double my work load, given morons by raymorris · · Score: 1

    Given that morons still click christmas_card.exe, and some of those click happy morons are executives and sysadmins, I have no need to double my workload by creating more problems to fix. The bad guys and the sloppy users create plenty enough problems.

  17. Send it to DNC please by iamacat · · Score: 1

    Either they will finally educate themselves about computer security. Or their e-mails and stuff will get erased, which is probably for the best given how embarrassing it is whenever we get a look at it.

  18. Should have at least used a weaker encryption by fmoliveira · · Score: 2

    If you're going to "educate" people like this, you could at least use a weaker encryption for when your command and control goes offline people have a way to break it.

  19. Way too difficult for 90% od users by Anonymous Coward · · Score: 0

    Even *if* they can read English and might be able to follow these instructions...

  20. Clever idea, but dangerous by mangamaster03 · · Score: 2

    While this is unethical and dangerous to release to the wild, it is somewhat comical in that it encourages user to educate themselves on safe browsing practices.

    It won't work, people will still lose files, and they will get angry, but it does bring up a good point...How do we educate the general public on safe browsing?
    The average user won't go out and educate themselves. They might pick up a little if they get burned, but that's unlikely. This method forces them to stare at a screen and "read" the article, but a panicking user afraid of data loss is in no mood to be educated.

    Should we thwapp them over the head? Should we beg and plead with them? Continue educating them? Or resign ourselves that it's a lost cause...

    Most internet denizens don't want to hear about safe browsing ideas. Clicking on adds are bad. Movie streaming services hosted in Russia are probably full of malware. Rogue_One_free_HD1080p.exe is not what you think it is...I've explained it to friends, only to be back over, helping them recover from yet another mistake.

    I personally like the bat idea...

    1. Re:Clever idea, but dangerous by Anonymous Coward · · Score: 0

      Yeah, in the end, users will circumvent anything to get a look at celebrity tits. I was going to post something along the lines of treating everything that ends in .exe as an executable is a bad idea, but you know what? If it means they get to see whoever's tits, even having to drop to command line and do chmod u+x tits && ./tits won't be a problem for them. If they can't even be arsed to wonder why somebody wants to send them tits, nothing will help.

  21. Agent Smith in a Red Dress by Anonymous Coward · · Score: 0

    Morpheus : The Matrix is a system, Neo. That system is our enemy. But when you're inside, you look around. What do you see? Business people, teachers, lawyers, carpenters. The very minds of the people we are trying to save. But until we do, these people are still a part of that system, and that makes them
    our enemy.

    A woman walks by, standing out from all the people in suits, as she is wearing a bright red dress, and bright red lipstick. Neo stares.

    Morpheus : You have to understand, most of these people are not ready to be unplugged. And many of them are so inert, so hopelessly dependant on the system, that they will fight to protect it.

    Morpheus : Were you listening to me, Neo? Or were you looking at the woman in the red dress?

    Neo : I was...

    Morpheus : Look again..

    Neo turns around, to see that the woman in the red dress has turned into an agent, and is pointing a gun at his head. Neo ducks, covering his head with his hands.

    Morpheus : Freeze it.

    [You have now been educated about the dangers of malware - including ransomware - scrambling data / scrambling brains. Next time you might not be so lucky.]

  22. FTFY: Not "inert", it's INURED by Anonymous Coward · · Score: 0

    "Morpheus : You have to understand, most of these people are not ready to be unplugged. And many of them are so inert, so hopelessly dependant on the system, that they will fight to protect it"

    See subject & it's not INERT - it's INURED https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=what+does+inured+mean%3F&btnG=Google+Search&gbv=1/

    APK

  23. Get rid of them by Anonymous Coward · · Score: 0

    Generally I believe in "thou shalt not kill", but I think the filth that make ransomware and most other malware should be slowly fed into a wood chipper feet first.