Slashdot Mirror
Hacker Behind Massive Ransomware Outbreak Can't Get Emails From Victims Who Paid (vice.com)
Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.
You really think malware creators won't be able to find any email providers that are friendly to their cause? There's no way they're going to give up the potential tens or hundreds of thousands of dollars because they'd have to pay $100 for a "bulletproof" email address.
It would be funny, except that people are paying the ransom and not getting their files back. Perhaps there will be a positive result here and people will start to get the idea that it is never worthwhile to pay the ransom and to keep backups instead. Oh, who am I kidding? That is #5 of The Six Dumbest Ideas in Computer Security.
How does it hurt the ransomware creators? When you pay the ransom, you're placing your trust in criminals to give you the decryption key after they have your money. I suppose your argument is that when people don't receive the decryption key, it will lead to people not paying the ransom. However, short of reading news reports about this, people won't discover the email address has been taken down until after they've already paid the ransom. One issue here is that the NSA needs to be held accountable for hoarding vulnerabilities instead of working to increase security. The NSA is working against the American people in many cases, or so it seems. I also believe that there should be OS-level protections such as keeping shadow copies of files around that don't get removed without user intervention.
Um, leave the email account open, contact the authorities and keep your mouth shut. They could have gathered valuable intelligence on this operation. Maybe the bad guys would have even screwed up somewhere while accessing the account. Now that opportunity has been pissed in the wind.
Fuck the lives of the arseholes who are encouraging and funding ransomware infections. The only true victims are the ones that don't pay. The ones that do pay are helping create more victims. This isn't a nuclear option, none of the innocent victims are hurt by this. In fact, because of this, the damage the arseholes cause will be mitigated, and the only people who suffer from this, are the arseholes.
Why do the bad guys need email in the first place? Just ask for 0.10xxxxxx BTC where xxxxxx is the "infection key".
The NSA is working against the American people in many cases
"His name was James Damore."
It's a private company. They set the terms of service and decide who can and can not use their products/services and for what purposes. I wouldn't be surprised if there was clause in the TOS stating that the service can be terminated for any reason and without notice.
I agree on both counts. The problem is that if you let a criminal business model thrive, then things will get far worse. Hence what Posteo did is the only sane thing possible. It will also send a pretty clear message to those affected that a major part of the problem is with them and their bad security and non-existent backups.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
> You really think malware creators won't be able to find any email providers that are friendly to their cause?
Other agencies could make that a dangerous game for the email provider. Revoking their domain or just shitcanning routes to their IP ranges if they're "involved" in malware commerce would make others extremely reluctant to play along.
"eliminate the incentives for ransomware creators"
This assumes that the ransom is their main incentive.
From the article: "The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down."
That statement by itself is disturbing enough as it is.
Why is it disturbing? Do they expect the radiation levels around Chernobyl to go up?!
Prayer. And it will be just as effective as any other prayer. Why the hell should I give you anything back? You think I'm worried about my "business image" and brand? Honor among thieves? This generation is so naive.
Seven puppies were harmed during the making of this post.
The more contact you have with your victim the more chances you have of being caught by law enforcement, silly. If I was a criminal I'd take a quick couple thousand bucks worth of bitcoin and disappear without a trace over trying to "score big" and having them catch me via my email correspondence sending out "keys". Hundreds of thousands/millions of dollars are no consolation when your ass is thrown in jail forever and all your assets seized before you can ever enjoy them.
Seven puppies were harmed during the making of this post.
I really want to downvote this comment chain "Idiot -1" Why not just give them back a private pastebin ID with the key in it?
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)