Slashdot Mirror
Koolova Ransomware Decrypts For Free If You Read Two Articles About Ransomware (bleepingcomputer.com)
An anonymous reader quotes a report from BleepingComputer: We have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles. Discovered by security researcher Michael Gillespie, this in-development ransomware is not ready for prime time. In fact, I had to mess with it a bit and setup a local http server to even get it to display the ransom screen. In its functional state, Koolova will encrypt a victim's files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key. It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files. The articles that Koolova wants you to read are an article from Google Security Blog called Stay safe while browsing and BleepingComputer's very own Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article. Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available. Once you click on this button, Koolova will connect to the Command and Control server and retrieve the victim's decryption key. It will then display it in a message box labeled "Nice Jigsaw," in reference to the Jigsaw Ransomware, that displays your decryption key. A victim will then be able to take that key and enter it into the key field in order to decrypt files.
How does it know if you really read the articles?
This is a fun example, but it suggests that ransomware can be used to induce people to do much more than paying a fee. On the more benign side, you could easily see some ransomware require you to click on a dozen or so affiliate links. More troubling, in another iteration the ransomware would only decrypt your files if you order products using a stolen credit card that is provided to you, or if you transfer some child porn from server A to B. Sounds like it could be out of a Black Mirror episode.
Fast Federal Court and I.T.C. updates
There is no doubt that this is both unethical and illegal in most jurisdictions.
It also won't work. Regular computer users are not knowledgeable. Even experienced users, even people with college degrees in computer security will err. People will mistake the dialogue box for an ad, people will think that it will go away with a reboot, etc. That users err is a natural law, the first thing they teach you in User Interfaces 101.
It won't be fool-proof. Even perfect software has bugs. The Internet has outages. People don't always unfiltered Internet access: people travel with their computers, people use their company's computers behind high corporate firewalls etc.
It will be dangerous. People will get their files deleted, and then they will get angry.
Even if the author's actions may be legal within the jurisdiction in which he lives (which is doubtful)... he will have made himself a target.
Delete the files of the wrong person, and he might end up with a busted skull with his blood on the pavement.
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.
The author of this ransomware is doing exactly that though: forcing others to accept his ethics. So using your own definition of ethical behaviour this is still unethical. Arguing that this is an ethical way to motivate learning is the same as arguing that spreading curable STDs is an ethical way to educate people into having safe sex.
I think a more appropriate analogy would be pushing someone in front of a moped to save them from getting run over by a truck...