Slashdot Mirror

← Back to Stories (view on slashdot.org)

Koolova Ransomware Decrypts For Free If You Read Two Articles About Ransomware (bleepingcomputer.com)

Posted by BeauHD on from the contrary-to-what-is-usual dept.

An anonymous reader quotes a report from BleepingComputer: We have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles. Discovered by security researcher Michael Gillespie, this in-development ransomware is not ready for prime time. In fact, I had to mess with it a bit and setup a local http server to even get it to display the ransom screen. In its functional state, Koolova will encrypt a victim's files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key. It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files. The articles that Koolova wants you to read are an article from Google Security Blog called Stay safe while browsing and BleepingComputer's very own Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article. Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available. Once you click on this button, Koolova will connect to the Command and Control server and retrieve the victim's decryption key. It will then display it in a message box labeled "Nice Jigsaw," in reference to the Jigsaw Ransomware, that displays your decryption key. A victim will then be able to take that key and enter it into the key field in order to decrypt files.

45 of 80 comments (clear)

  1. Is there a quiz afterwards? by SeaFox · · Score: 3, Insightful

    How does it know if you really read the articles?

    1. Re: Is there a quiz afterwards? by Applehu+Akbar · · Score: 2

      What if the user doesn't have an internet connection?

      Then he obviously wouldn't have been infected in the first place.

    2. Re: Is there a quiz afterwards? by ayesnymous · · Score: 1

      What if your internet goes down right after infection?

    3. Re: Is there a quiz afterwards? by fbobraga · · Score: 1

      yeap: how can he attend the quiz with no internet access?

  2. The author of this software needs education. by mmell · · Score: 4, Interesting
    Serious thwappage with a +5 Louisville Slugger should do the stunt nicely!

    I suspect the moron actually believes he's doing someone a favor - but there is never an ethically appropriate way to damage or steal information that isn't yours on equipment that isn't yours. As I recall, wasn't there some clod that released a virus a decade back that actively (attempted to) hunt down and remove other virii from infected computers, ostensibly as a public service? The idea ended up conceptually integrated into other exploits as a way to ensure that a given bot was only enslaved by one botnet at a time, a very valuable idea for botnet operators but hardly a public service.

    1. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      but there is never an ethically appropriate way to damage or steal information that isn't yours on equipment that isn't yours

      It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.

      The world needs more education opportunities like this, where they can have a chance to change without actually getting hurt.

      --
      Irresponsible disclosure is responsible
    2. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      Ethically, this is like pushing someone out of the road so they don't get hit by a car. The pushing might hurt them a bit, but it's way better than getting hit by the car.

      So many people are internet roadkill, they just don't know it yet.

      --
      Irresponsible disclosure is responsible
    3. Re:The author of this software needs education. by Anonymous Coward · · Score: 1

      Ethically, this is like pushing someone out of the road so they don't get hit by a car. The pushing might hurt them a bit, but it's way better than getting hit by the car.

      Except that it is more like grabbing someone and holding them in front of oncoming traffic until they admit that they should be more careful in the future.

      From TFA:

      It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files.

      That is irresponsible and indefensible.

    4. Re:The author of this software needs education. by hawk · · Score: 1

      Many years ago there was a proposal for the "Tux Virus."

      The notion was that it would download a linux distribution with FVWM95 as the window manager, use Wine for the windows binaries, and probably include OpenOffice.

      Some even deluded themselves that it would take the victim a while to notice.

      Fortunately, those that had the actual ability to do this (that is, to come as close as possible; it's not like Wine was up to running random binaries) had better things to do, or had been taught better by their mothers.

      Unfortunately, that was not the case for vigor, which actually got implemented . . .

      hawk

    5. Re:The author of this software needs education. by jmcharry · · Score: 1

      That sounds like pure ethical relativism, which isn't sound. If someone thinks it ethical, nay a duty, to exterminate all the left handed, it is OK to push my opinion on him. There may be hard problems and the answers may depend on details, including social circumstances, but there is a difference between right and wrong.

    6. Re: The author of this software needs education. by Anonymous Coward · · Score: 1

      Deleting my files for not reading an article is no less damaging than deleting my files for not paying a ransom. That's like pushing someone in front of a train to save them getting run over by a truck.

    7. Re:The author of this software needs education. by OrangeTide · · Score: 1

      It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.

      I'm interested in hear more about Absolute Ethics.

      --
      “Common sense is not so common.” — Voltaire
    8. Re: The author of this software needs education. by OrangeTide · · Score: 1

      Hopefully he uses incremental backups. Having a backup system of N=1 is usually asking for trouble.

      --
      “Common sense is not so common.” — Voltaire
    9. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      Relative to me, my ethics are absolute.

      --
      Irresponsible disclosure is responsible
    10. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      This is not a case of "eliminate all left-handed." You might argue that some ethical systems are not sound, and maybe you would be right, but the crux of this issue (which you seemed to miss in your generalized rant), is that I disagree with his idea of 'ethical.'

      --
      Irresponsible disclosure is responsible
    11. Re:The author of this software needs education. by OrangeTide · · Score: 1

      No ethics? (0)

      --
      “Common sense is not so common.” — Voltaire
    12. Re: The author of this software needs education. by Anonymous Coward · · Score: 2, Insightful

      I think a more appropriate analogy would be pushing someone in front of a moped to save them from getting run over by a truck...

    13. Re:The author of this software needs education. by quintus_horatius · · Score: 1

      Different people have different ethics, you shouldn't push yours on other people.

      You're confusing ethics, which are based on principles and are not relative, with morality, which is relative and malleable.

      Look at it this way: slavery has never been and never will be ethical but it is, at some times in some places, moral.

    14. Re:The author of this software needs education. by linuxrocks123 · · Score: 1

      I'd never heard of this. It's a fun thing to think about, but of course unethical and also a bad idea for obvious PR reasons ("LINUX IS A VIRUS!") to actually do.

      Many people wouldn't notice possibly ever, at least until someone technically literate looked at it and told them what had happened. Why would they? They'd just think it was a normal Windows update that included some UI changes.

      Now, if the virus's autoconfig was poorly written and gave them a broken setup, they'd certainly notice something was broken, but would probably blame Microsoft ("Windows Update broke my computer!") . There's no need for them to write their own autoconfig: KNOPPIX's almost always works, so they could just use that.

      As long as everything works, they'll just adapt to any UI changes, because they'd assume Microsoft had pushed them out, this UI was the latest version, and the path of least resistance is to adapt to the chance rather than fight it. The reason some people throw up their hands and get so whiny over minor UI differences between Linux and Windowsis is because the path of least resistance is to reject any optional change to their setups.

      --
      vi ~/.emacs # I'm probably going to Hell for this.
    15. Re:The author of this software needs education. by cwsumner · · Score: 1

      Different people have different ethics, you shouldn't push yours on other people.

      You're confusing ethics, which are based on principles and are not relative, with morality, which is relative and malleable.

      Look at it this way: slavery has never been and never will be ethical but it is, at some times in some places, moral.

      Note: Slavery was advocated by humanitarians, in ancient times, as a way to avoid the slaughter of capured enemy soldiers.

    16. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      The 'principles' which you choose to base your ethics on are entirely subjective.

      --
      Irresponsible disclosure is responsible
    17. Re:The author of this software needs education. by quintus_horatius · · Score: 1

      Subjective? No, not really.

      The basic ethical principle is to not interfere with another's well-being. The definition of well-being may appear changeable but it should be the subject's definition and standard of well-being, not your own.

      From the single principle, which we may restate as "treat others the way they want to be treated," we can derive prohibitions against murder and assault; lying, and from that cheating; theft, and from that malicious vandalism (depriving property from another, even if you don't benefit from it); and so on.

      The relationship goes both ways. The subject may not turn it around and complain that your existence interferes with their well-being, since ending your existence would interfere with your well-being.

      These derivations from the core principle are not subjective, and in fact are quite logical and can be reproduced by anyone regardless of culture.

      Contrast that with morality, which is very subjective. Moral codes are defined by your culture, and will vary from time to time and place to place, and even from sect to sect within the greater culture.

      Moral codes may be based on ethical principles but are not necessarily so, and not every moral edict is derived from an ethical principle or derivation. Your culture may have conditioned you to think that certain practices ethical but, when turned around and viewed from a subject's point of view clearly are not. The aforementioned issue of slavery is like that: the slave-owners may have decided that slavery is conducted with the slave's best interest at heart, but ask the slave how s/he feels about it and you'll get a very different answer.

    18. Re:The author of this software needs education. by XparXnoiaX · · Score: 1

      The basic ethical principle is to not interfere with another's well-being.

      That's your suggested ethical code. It's not everyone's. Is it ethical to pirate music? To violate copyright?

      --
      Irresponsible disclosure is responsible
  3. my own internet by AndyKron · · Score: 4, Funny

    That's it. I'm making my own Internet, and nobody else can be on it.

    1. Re:my own internet by Anonymous Coward · · Score: 1

      With blackjack! And hookers! In fact, screw the internet!

    2. Re:my own internet by Big+Hairy+Ian · · Score: 1

      That's it. I'm making my own Internet, and nobody else can be on it.

      I just switched to Vodafone for Broadband & Mobile data. I'm now officially off grid :)

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    3. Re:my own internet by antdude · · Score: 1

      So, it would be an Intranet? ;)

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    4. Re: my own internet by The-Ixian · · Score: 1

      You're taking your words and going home?

      --
      My eyes reflect the stars and a smile lights up my face.
  4. The Start of Something Bigger? by speedplane · · Score: 4, Insightful

    This is a fun example, but it suggests that ransomware can be used to induce people to do much more than paying a fee. On the more benign side, you could easily see some ransomware require you to click on a dozen or so affiliate links. More troubling, in another iteration the ransomware would only decrypt your files if you order products using a stolen credit card that is provided to you, or if you transfer some child porn from server A to B. Sounds like it could be out of a Black Mirror episode.

    --
    Fast Federal Court and I.T.C. updates
    1. Re:The Start of Something Bigger? by Dutch+Gun · · Score: 2

      We've already seen ransomware that either allows a victim to pay, or to infect at least two other paying victims, using a customized version of the malware for tracking purposes.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    2. Re:The Start of Something Bigger? by gnick · · Score: 1

      This is a fun example, but it suggests that ransomware can be used to induce people to do much more than paying a fee.

      You and I have radically different definitions of "fun." This "fun example" will encrypt and then delete your data if you don't follow its demands. I don't care if the only demand is filling in a captcha, it's not acceptable to threaten consequences for failing to comply.

      Personally, I can think of a few knee-jerk reactions that I might have to discovering this. None would be to just click on the links unless I knew ahead of time that it would work. My response would certainly not be blindly following directions given to me by ransomware - In this case to my own detriment.

      --
      He's getting rather old, but he's a good mouse.
    3. Re:The Start of Something Bigger? by speedplane · · Score: 1

      Personally, I can think of a few knee-jerk reactions that I might have to discovering this. None would be to just click on the links unless I knew ahead of time that it would work. My response would certainly not be blindly following directions given to me by ransomware - In this case to my own detriment.

      "I don't negotiate with terrorists", says the person who has never been held hostage.

      --
      Fast Federal Court and I.T.C. updates
  5. What a coincidence! by Jester998 · · Score: 1

    In a strange coincidence of "one thing happening after two other things happen", the "please stop breaking my knees" button becomes available after the ransomware's author has had both of his knees broken.

  6. What an idiot by Misagon · · Score: 4, Insightful

    There is no doubt that this is both unethical and illegal in most jurisdictions.

    It also won't work. Regular computer users are not knowledgeable. Even experienced users, even people with college degrees in computer security will err. People will mistake the dialogue box for an ad, people will think that it will go away with a reboot, etc. That users err is a natural law, the first thing they teach you in User Interfaces 101.

    It won't be fool-proof. Even perfect software has bugs. The Internet has outages. People don't always unfiltered Internet access: people travel with their computers, people use their company's computers behind high corporate firewalls etc.

    It will be dangerous. People will get their files deleted, and then they will get angry.
    Even if the author's actions may be legal within the jurisdiction in which he lives (which is doubtful)... he will have made himself a target.
    Delete the files of the wrong person, and he might end up with a busted skull with his blood on the pavement.

    --
    "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
    1. Re:What an idiot by Ungrounded+Lightning · · Score: 4, Insightful

      It will be dangerous. People will get their files deleted, and then they will get angry.
      Even if the author's actions may be legal within the jurisdiction in which he lives (which is doubtful)... he will have made himself a target.
      Delete the files of the wrong person, and he might end up with a busted skull with his blood on the pavement.

      Delete (or even delay access to) the wrong file and he might just kill somebody, too.

      Even if he really wants his victims to read the ransomware rants, putting a time limit on this and deleting the files if the time limit is not met is stupid. Just leaving them encrypted and inaccessible until they've put in their time-as-a-slave to do his bidding leaves the incentive in place. Deleting the files after a time limit causes additional gratuitous harm.

      --
      Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    2. Re:What an idiot by Anonymous Coward · · Score: 1

      Many businesses (especially SMB's) don't consider themself a realistic target for ransomware. It is these same types who assume recommendations of educating users on the dangers of ransomware and its methods of delivery, having appropriate policies in place to mitigate prevention, having backups (not "I sometimes backup my two decades old payroll software to a thumbdrive but sometimes I forget to put it in the coffee mug after") or even having a god damn anti-virus that isn't appended with "Free" are just boogeyman scare tactics to get them to buy something they don't need.

      You know what gets these people to prepare? Suffering the consequences of their inaction. Nothing turns that thought process around like weeks of lost business and downtime because they made poor assumptions. It might be unethical but having nothing short of a legitimate threat is quite often the only thing to get someone in a company to recognize just how close to falling off the ledge they really are. Having a wait timer isn't a threat -- it's just a few hours of lost business productivity. Having an arbitrary threat of data loss for not accepting an opportunity to educate yourself and accept the mulligan you have been granted is the difference between backing away from the ledge and realizing the fall.

      I sympathize with those who have been affected my ransomware and sometimes through multiple failsafes entities will still succumb to worst case scenario. It sucks, and I am approached at least every other month with a nasty case of it. But then again, 50% of those who are quite often suffer damages that we predicted and made prevention recommendations for but were ignored on multiple accounts. Even worse is the perception for these incidents is that it is our fault they are fucked and not the ransomware author. We can just wave the magic wand and make the problem go away, right? That's how IT always works, right? Why can't we do it now when you have no backups and nobody seems to have a fallback solution to keep the business afloat?

      I dunno, why don't you ask the ransomware support and see what they have to tell you.

    3. Re:What an idiot by Anne+Thwacks · · Score: 1
      That users err is a natural law, the first thing they teach you in User Interfaces 101.

      Perhaps it should appear a bit later in the course. They seem to forget by session 102.

      At the same time it might be worth explaining that now resolutions have improved beyond 640x480, expecting users to be able to click on a window border 1 pixel wide is unrealistic. - Or are GUI developers stuck with 640x480 resolution for some reason I don't understand?

      --
      Sent from my ASR33 using ASCII
    4. Re:What an idiot by thegarbz · · Score: 1

      What an idiot he is by making light of the issue of Ransomware by getting into the news without even releasing a product. We should set his balls on fire.

  7. Ransomware pushes its ethics onto others by Roger+W+Moore · · Score: 4, Insightful

    It's never legal to do something like this, but ethical? Absolutely. Different people have different ethics, you shouldn't push yours on other people.

    The author of this ransomware is doing exactly that though: forcing others to accept his ethics. So using your own definition of ethical behaviour this is still unethical. Arguing that this is an ethical way to motivate learning is the same as arguing that spreading curable STDs is an ethical way to educate people into having safe sex.

  8. Re:Security Researcher Huh? by manu0601 · · Score: 1

    Am I the only person thinking these security researchers are the authors of the various forms of malware of late?

    It would not make sense. Black hat people have an incentive to make malware: they make money from it. Security researchers make money in the fight against malware they do not need to create. And creating malware would be stupid for them, as it would introduce the risk of dealing with justice.

  9. Fuck it by OrangeTide · · Score: 3, Funny

    Just delete my files, I'm not going to sit down and let a computer lecture me.

    --
    “Common sense is not so common.” — Voltaire
  10. No need to double my work load, given morons by raymorris · · Score: 1

    Given that morons still click christmas_card.exe, and some of those click happy morons are executives and sysadmins, I have no need to double my workload by creating more problems to fix. The bad guys and the sloppy users create plenty enough problems.

  11. Send it to DNC please by iamacat · · Score: 1

    Either they will finally educate themselves about computer security. Or their e-mails and stuff will get erased, which is probably for the best given how embarrassing it is whenever we get a look at it.

  12. Should have at least used a weaker encryption by fmoliveira · · Score: 2

    If you're going to "educate" people like this, you could at least use a weaker encryption for when your command and control goes offline people have a way to break it.

  13. Clever idea, but dangerous by mangamaster03 · · Score: 2

    While this is unethical and dangerous to release to the wild, it is somewhat comical in that it encourages user to educate themselves on safe browsing practices.

    It won't work, people will still lose files, and they will get angry, but it does bring up a good point...How do we educate the general public on safe browsing?
    The average user won't go out and educate themselves. They might pick up a little if they get burned, but that's unlikely. This method forces them to stare at a screen and "read" the article, but a panicking user afraid of data loss is in no mood to be educated.

    Should we thwapp them over the head? Should we beg and plead with them? Continue educating them? Or resign ourselves that it's a lost cause...

    Most internet denizens don't want to hear about safe browsing ideas. Clicking on adds are bad. Movie streaming services hosted in Russia are probably full of malware. Rogue_One_free_HD1080p.exe is not what you think it is...I've explained it to friends, only to be back over, helping them recover from yet another mistake.

    I personally like the bat idea...