Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Behind Massive Ransomware Outbreak Can't Get Emails From Victims Who Paid (vice.com)

Posted by msmash on from the interesting-turns dept.

Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

114 of 182 comments (clear)

  1. The Nuclear Option by trg83 · · Score: 5, Interesting

    While this doesn't do anything to improve life for the poor folks trying to retrieve their files, this type of aggressive approach may be required to eliminate the incentives for ransomware creators. It's truly the nuclear option, as the fallout is likely to hurt many unintended targets, but it could end the war.

    1. Re:The Nuclear Option by Anonymous Coward · · Score: 2, Insightful

      You really think malware creators won't be able to find any email providers that are friendly to their cause? There's no way they're going to give up the potential tens or hundreds of thousands of dollars because they'd have to pay $100 for a "bulletproof" email address.

    2. Re: The Nuclear Option by Anonymous Coward · · Score: 1, Insightful

      How does it hurt the ransomware creators? When you pay the ransom, you're placing your trust in criminals to give you the decryption key after they have your money. I suppose your argument is that when people don't receive the decryption key, it will lead to people not paying the ransom. However, short of reading news reports about this, people won't discover the email address has been taken down until after they've already paid the ransom. One issue here is that the NSA needs to be held accountable for hoarding vulnerabilities instead of working to increase security. The NSA is working against the American people in many cases, or so it seems. I also believe that there should be OS-level protections such as keeping shadow copies of files around that don't get removed without user intervention.

    3. Re:The Nuclear Option by The+MAZZTer · · Score: 1

      The question is, is the ransomware hardcoded with the old e-mail? If so getting a new e-mail address won't help him at this point unless he starts all over with sending out a new version of the malware to infect new victims.

    4. Re:The Nuclear Option by Anonymous Coward · · Score: 2, Insightful

      Fuck the lives of the arseholes who are encouraging and funding ransomware infections. The only true victims are the ones that don't pay. The ones that do pay are helping create more victims. This isn't a nuclear option, none of the innocent victims are hurt by this. In fact, because of this, the damage the arseholes cause will be mitigated, and the only people who suffer from this, are the arseholes.

    5. Re:The Nuclear Option by Anonymous Coward · · Score: 4, Insightful

      Why do the bad guys need email in the first place? Just ask for 0.10xxxxxx BTC where xxxxxx is the "infection key".

    6. Re: The Nuclear Option by Rockoon · · Score: 3, Insightful

      The NSA is working against the American people in many cases

      ..and against the world in the rest of the cases.

      --
      "His name was James Damore."
    7. Re:The Nuclear Option by gweihir · · Score: 4, Insightful

      I agree on both counts. The problem is that if you let a criminal business model thrive, then things will get far worse. Hence what Posteo did is the only sane thing possible. It will also send a pretty clear message to those affected that a major part of the problem is with them and their bad security and non-existent backups.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:The Nuclear Option by EvilSS · · Score: 1

      While this doesn't do anything to improve life for the poor folks trying to retrieve their files, this type of aggressive approach may be required to eliminate the incentives for ransomware creators. It's truly the nuclear option, as the fallout is likely to hurt many unintended targets, but it could end the war.

      But they still get paid. It will take time for people to find out they can't get their files back even if they pay. Many people will never know. You want nuclear option, find a way to seize their bitcoin wallets or block transactions to it.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    9. Re:The Nuclear Option by Zocalo · · Score: 1

      Most malware these days is multi-stage; the initial exploit package will then download a payload which, in this case, would likely be the ransomware toolkit, and that would also most likely include the email. A quick update to the payload would fix the scammer's problem with the Posteo email, but that's not going to help all that much now anyway. None of the PCs that are already infected are likely to be re-infected by the updated payload - they're stuck on the ransom screen for the old version - and AV vendors will be probably getting updates out fairly soon as well which negates the old exploit package. Their only real option is to re-spin both packages and start over.

      I wonder if anyone has managed to make a violin shape by pushing some individual atoms around with an STM yet, because that's the only way there would be one small enough to properly express how little I care for their troubles.

      --
      UNIX? They're not even circumcised! Savages!
    10. Re:The Nuclear Option by thegarbz · · Score: 1

      this type of aggressive approach may be required to eliminate the incentives for ransomware creators. It's truly the nuclear option

      It's a nuclear option against a metaphorical cockroach. Blocking an email service will do nothing to stop people who are able to program malware like this. Any idiot can set up an email server. A slightly clever idiot can do so properly. These guys will not be stopped by the inability to use someone else's email service.

    11. Re:The Nuclear Option by barc0001 · · Score: 4, Insightful

      > You really think malware creators won't be able to find any email providers that are friendly to their cause?

      Other agencies could make that a dangerous game for the email provider. Revoking their domain or just shitcanning routes to their IP ranges if they're "involved" in malware commerce would make others extremely reluctant to play along.

    12. Re: The Nuclear Option by barc0001 · · Score: 1

      It hurts the ransomware creators by cutting off their ability to receive those payments. Makes it less profitable to do ransomware, and more risky for the money you did get. Look at it this way: If you set a forest on fire and burned a million acres, but got $250,000 to do it, the risk/reward/effort equations work out in your favor. But if the next time you burned another million acres you only got $6000 for it, you would probably decide that in light of the effort involved and the amount of heat from law enforcement coming down that further attempts are too risky for too little reward.

    13. Re:The Nuclear Option by chispito · · Score: 1

      the fallout is likely to hurt many unintended targets,

      Yes, exclusively

      but it could end the war.

      It won't.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    14. Re:The Nuclear Option by Rei · · Score: 1

      Of course they can find a different email provider. But the version that's gone out and infected people - victims who presumably won't be infected twice - has used this email address, which is no longer valid.

      What I find interesting about this article is that they're using a commercial email service with a known account. While Posteo doesn't collect or store IP addresses, I would think that they could be subpoenaed to return future IP information for future attempts to log into the account. Also, if the account was left open, subpoenas could also be issued upstream; even with encrypted traffic, they could probably match IPs by timing (aka, the attacker's click generates a request to send an email, which is presumedly sent with virtually no delay, so the two could be matched up - unless Posteo imposes some sort of significant delay.

      They could of course be connecting to Posteo through Tor. But there are plenty of ways to attack targeted Tor users as well.

      --
      "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
    15. Re:The Nuclear Option by slew · · Score: 1

      I wonder if anyone has managed to make a violin shape by pushing some individual atoms around with an STM yet, because that's the only way there would be one small enough to properly express how little I care for their troubles.

      No violins that I'm aware of yet but here's a really small harp for the swan song...

    16. Re:The Nuclear Option by EvilSS · · Score: 2

      Yes, they still got paid. And the victims that paid money and still lost all their files are the worst off of all. However when word gets around about what happened and it becomes common knowledge that people who pay ransomware still don't get their files back, people will know to stop paying. Of course there will be a few who pay up in the vain hope that it would work, but if the majority of people know that it's just throwing good money after bad, then the business model of these ransomware writers will fall over. (fingers crossed).

      You mean like how word got out about ransomware being a thing and therefore everyone now makes sure they have solid offsite backup schemes in place now?

      --
      I browse on +1 so AC's need not respond, I won't see it.
    17. Re:The Nuclear Option by iamgnat · · Score: 1

      While this doesn't do anything to improve life for the poor folks trying to retrieve their files, this type of aggressive approach may be required to eliminate the incentives for ransomware creators. It's truly the nuclear option, as the fallout is likely to hurt many unintended targets, but it could end the war.

      WTF does the asshat at the other end of the malware care if the email account works or not? Most aren't going to find out that it's a dead email address until they've already paid. So asshat already has the money, what do they care about your files?

    18. Re: The Nuclear Option by bestweasel · · Score: 4, Insightful

      "eliminate the incentives for ransomware creators"

      This assumes that the ransom is their main incentive.

    19. Re:The Nuclear Option by thewolfkin · · Score: 1

      You really think malware creators won't be able to find any email providers that are friendly to their cause? There's no way they're going to give up the potential tens or hundreds of thousands of dollars because they'd have to pay $100 for a "bulletproof" email address.

      or just non-email options. I mean it might be necessary every barrier makes it harder to do but easy enough to setup a masked chat service somewhere.

      --
      Just another second banana
    20. Re:The Nuclear Option by tlhIngan · · Score: 1

      It will take time for people to find out they can't get their files back even if they pay.

      That's the reason.

      Think about it for a second. Ransomware only works when the malware developers are honest. In fact, many will walk you through the process of getting bitcoins and how to fix your computer, because they know it takes just one f**k-up to hose the entire business model.

      All the user has is trust. Trust in that if they do these things, they'll get their data back. Once that trust is violated, it's game over.

      So if the user sent the money, and didn't get the unlock key, you think the user will go around paying next time? No, and in fact, they'd post all over facebook about how they got ripped off and thus ending the problem once and for all. In fact, the malware authors are probably scrambling because they know that new victims are getting snared and there's no way to tell them how to pay to get their data back. And those new infected users are likely to be the ones who blast out that they got screwed over.

      Letting users get screwed is the way to kill ransomware. If users cannot trust the person who holds their data hostage to give it back, they'll be unlikely to pay the person at all, leaving no money in it.

      Harsh, but true. As long as people know that if they can pay, they'll get their data back, they will continue to pay. If people pay and get ripped off, they're not likely going to pay, and they'll tell others who are in the same boat that they got screwed so don't bother paying.

    21. Re:The Nuclear Option by Northdot · · Score: 2

      How would the victim get the decryption key? Just curious.. I'm sure there is a way, but it doesn't seem obvious.

    22. Re: The Nuclear Option by gbjbaanb · · Score: 1

      It certainly hurts the next gen of ransomware if they know they won't be able to get their cash.

      I thought though that they haven't actually paid the ransom until it was collected?

      As for shadow copies - get a backup solution, Mozy, Crashplan, etc all have free options that will backup your "My Documents" folder and they all keep histories of files backed up.

    23. Re: The Nuclear Option by Anonymous Coward · · Score: 1

      My understanding this does not cut off their ability to accept payments since it is done though bitcoin. They can still get all the payments no problems. However now the affected users have no way of contacting them to get their decryption key after they have sent payment, and if they aren't paying attention to stories like this they would have no way of knowing that the email is not valid until after they have sent their payment and then send the email and get a bounce back.

      So now even if the malware author was going to provide working decryption keys in exchange for the ransom, they can now just take all the payments and throw their hands in the air and be like well i can't do anything now since the email access was revoked.

    24. Re: The Nuclear Option by guruevi · · Score: 2

      You could ask to pay 1.xxx BTC and then refund them 0.1xxxx or whatever arbitrary value you like.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    25. Re: The Nuclear Option by viperidaenz · · Score: 1

      That would be awesome, since the smallest BTC is 0.00000001, that only leaves 10 million possible decryption keys. Any one could brute force a 24bit key in minutes.

    26. Re: The Nuclear Option by Miamicanes · · Score: 2

      The catch is, then you're either stuck paying monthly fees for several terabytes of cloud storage in perpetuity (and dealing with a multi-day, multi-terabyte upload for that first backup that effectively makes the computer and your internet connectivity unusable until it completes), or have to use local storage that itself is vulnerable to ransomware.

      Yes, I'll admit it. I'm a data-hoarder (my laptop ALONE has a 1TB SSD and a 2TB hard drive, with an additional 6 1-3TB (mostly full) hard drives in the closet)... and I'm now metaphorically in the same position as a crazy cat lady with 9 storage units, a house that's packed floor-to-ceiling, and a neat, tidy condo that's kept neurotically decluttered (because everything that WOULD clutter it goes into one of the storage units or uninhabitable house for storage in perpetuity).

      We're talking about SO MANY FILES, just doing something like "dir/s g:" on one of the older USB2.0 drives can take almost a day to finish running. And 2 of THOSE drives basically contain the entire contents of a MOUNTAIN of even older 20-500GB hard drives (at USB 1.1 speeds, just COPYING them to the new drives ended up soaking up most of my free time for about 3 weeks).

      Every time I try to deduplicate and clean up the files, I end up making things even worse:

      1. Make complete backup onto new hard drive big enough to hold all the existing files. Usually, with compression, since it's the only way to keep the backup down to a manageable size.

      2. Start cleaning out the original files.

      3. Something goes badly wrong.

      4. Now, I have a complete backup that can't be directly compared to the remaining files (because it's compressed and/or in some proprietary format) that can't ever get rid of (because of the unknown files corrupted in step 3 that are safely backed up, even if I don't know which files they are), AND I have almost as many original files as I started with. So the next time I try doing this, I'll have twice as many files to deal with.

      It's the zipfiles of image backups in tarballs of tarballs from past attempts that cripple me the worst... too many to scrutinize by hand, but ALSO too many to risk losing forever by doing any kind of in-place automated action when something will inevitably go wrong.

    27. Re:The Nuclear Option by Dunbal · · Score: 2, Insightful

      Prayer. And it will be just as effective as any other prayer. Why the hell should I give you anything back? You think I'm worried about my "business image" and brand? Honor among thieves? This generation is so naive.

      --
      Seven puppies were harmed during the making of this post.
    28. Re: The Nuclear Option by guruevi · · Score: 1

      Then make it a series of transactions, you could even encode a checksum if you'd like.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    29. Re: The Nuclear Option by Dunbal · · Score: 1

      by cutting off their ability to receive those payments.

      I guess you have no idea how a bitcoin wallet works.

      --
      Seven puppies were harmed during the making of this post.
    30. Re: The Nuclear Option by Anonymous Coward · · Score: 1

      Easy, set up a TOR site instead of some crappy email service. And it could even automate the bitcoin transfer verification and supply the unlock code.

    31. Re:The Nuclear Option by FeelGood314 · · Score: 2, Informative

      The malware creator will obviously be honorable because he has to prove that he will unlock the files of the other people who pay. The malware creator actual has more concern about his business image than most companies you deal with.

      Just because YOUR generation has no respect for integrity doesn't mean it isn't valuable.

    32. Re: The Nuclear Option by Anonymous Coward · · Score: 1

      Or just purchase 2 cheap NAS boxes (6 TB each are relatively cheap) and put one at a friend's place after the initial first-time sync. Very cheap and easy. Backups are done nightly between the two NAS in both directions because friendly friend paid for half the gear. He needs backups, too. Each backup is diff-only. We hold 60 days worth of backups before overwriting so we have a way to recover if we start backing up crud. Checkout rsync and rsync snapshot software. This is way cheaper than any cloud storage. Once you're up and running, you can putter around de-duping and cleaning up all you want. You'll have 60 days to check over your changes and revert if you don't like them.

    33. Re:The Nuclear Option by Dunbal · · Score: 1

      In your little fantasy world perhaps. In reality, ZERO files were unlocked by WannaCry authors, and ZERO files have been unlocked by Petya authors so far.

      --
      Seven puppies were harmed during the making of this post.
    34. Re:The Nuclear Option by Gavagai80 · · Score: 2

      they'd post all over facebook about how they got ripped off and thus ending the problem once and for all.

      Are most people really going to tell everyone that they paid off a criminal organization? No, they're going to be ashamed of that (and perhaps worried that it's illegal) and pretend that part didn't happen.

      --
      This space intentionally left blank
    35. Re: The Nuclear Option by Gavagai80 · · Score: 1

      It's the only incentive for ransomware. If a malware author/distributor is motivated by other things, they write/distribute other kinds of malware.

      --
      This space intentionally left blank
    36. Re: The Nuclear Option by viperidaenz · · Score: 1

      So the victim is expected to make 10+ transactions of an exact amount in the specific order and hope the criminal responds by giving them back some money over 10+ transactions? The criminal would make more money if they didn't follow through with it.

      Giving back even a 256 bit encryption key would require 78 digits of data. To do that in 10 transactions would cost on average 5BTC (all 8 decimal places filled with data, averaging 0.50000000 BTC each)
      Over 20 transactions with 4 digits of data is 0.00005 * 20 = 0.0002BTC = $0.50USD

      However assuming RSA asymmetric encryption a 256bit key is completely useless. 1024bit keys are brute force-able

      A slightly more reasonable private key is 2048 bits, requiring 617 decimal digits. You now have to wait for the criminal to make 78 transactions, costing them up to 78BTC, or 160 transactions costing them on average 0.00005 * 150 = 0.0075BTC = ~$20USD

      Then you have to collate the transactions, order them and type in 617 digits without making a mistake.

    37. Re:The Nuclear Option by Bert64 · · Score: 1

      All it does is further punish those who want to retrieve their files (assuming the ransomware creator would actually honor the payment, of which there is no guarantee)...

      Future malware creators will just use a different email provider or some other method of communication, they won't be deterred from their activities in the slightest.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    38. Re: The Nuclear Option by negRo_slim · · Score: 1

      If their data is important enough, yes. And it's not money being given back, its the data represented in those refund values that they must send to ensure people can trust them to unlock the files in the first place..

      --
      On the Oregon Cost born and raised, On the beach is where I spent most of my days
    39. Re:The Nuclear Option by Bert64 · · Score: 1

      But we don't know how the petya authors would respond upon receiving a ransom payment.. Maybe they would unlock the files but we won't be able to find out now.

      It's actually in their interest to unlock files upon receipt of the ransom, as that will increase the chances of any future victims paying too. If files never get unlocked then users won't even consider payment.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    40. Re: The Nuclear Option by Anonymous Coward · · Score: 1

      It could be a distraction for something else. For much of the day, the world was running around with its hair on fire about "zomg global ransomware attack," and lots of admins spent their entire workdays frantically patching systems / disabling smbv1 / verifying prior patches. Who knows what else snuck under the radar that won't be noticed for awhile, if ever?

    41. Re: The Nuclear Option by Bert64 · · Score: 1

      Depends how big the ransom is...
      Users may decide that the cost of paying the occasional ransom is easier/cheaper than the hassle and cost of making backups and improving their security practices.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    42. Re: The Nuclear Option by trg83 · · Score: 1

      Anything that increases doubt in a victim's mind that a ransom would be successful decreases the expected value of a ransomware creator's haul, thus diminishing their incentive. It's not that the malware can't move to another domain or morph to use a strategy--my point is only that the ransomware business is based on the perception they will deliver what they offer, and any chink in that confidence is a net win.

    43. Re:The Nuclear Option by Dunbal · · Score: 4, Insightful

      The more contact you have with your victim the more chances you have of being caught by law enforcement, silly. If I was a criminal I'd take a quick couple thousand bucks worth of bitcoin and disappear without a trace over trying to "score big" and having them catch me via my email correspondence sending out "keys". Hundreds of thousands/millions of dollars are no consolation when your ass is thrown in jail forever and all your assets seized before you can ever enjoy them.

      --
      Seven puppies were harmed during the making of this post.
    44. Re:The Nuclear Option by Bert64 · · Score: 1

      Assuming the backup server is correctly configured, and access to it cannot be obtained using credentials acquired from one of the servers being backed up...
      If the ransomware can spread onto the backup server, then it can encrypt/destroy your backups too unless they're stored on media that has been physically disconnected from it. In most places i've seen, the backup server (if there was one at all) was joined to the same domain as everything else, once you compromise the domain you control the backups too.

      Chances are the backup server is also on the same patch schedule, so if your boxes got infected because they were out of date your backup server could easily get infected in the same way.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    45. Re: The Nuclear Option by Bert64 · · Score: 1

      They might be motivated solely by a desire to cause chaos and destruction, and reusing existing ransomware code was easier than writing new code for wiping data. Or perhaps they derive a perverse pleasure not only from destroying people's data, but also from giving them false hope that it could ever be recovered.
      There was at least one ransomware family i read about which encrypted the data using a random key, and then completely discarded the key making the data unrecoverable.

      There are plenty of evil and/or crazy people out there, we can't possibly know all of their motives.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    46. Re: The Nuclear Option by behrooz0az · · Score: 3, Insightful

      I really want to downvote this comment chain "Idiot -1" Why not just give them back a private pastebin ID with the key in it?

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
    47. Re:The Nuclear Option by AmiMoJo · · Score: 1

      I wonder if it creates legal liability for them though... Maybe somehow who knows more about German law can comment, but in other places it might be possible to argue that some of the losses resulting from the ransomware were due to losing the ability to pay it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    48. Re:The Nuclear Option by AmiMoJo · · Score: 1

      The risk/reward ratio is terrible. Unlike simpler ransomware that mostly affected home users and small businesses, this NSA powered variant is hitting hospitals, infrastructure, big businesses and governments. No matter how much money you make, it probably won't be of much use to you. You will need to launder it before you can use it, and you have law enforcement coming after you, the NSA probably wants their exploit back and is looking for you too...

      You will end up either hiding and not being able to enjoy your money, or unable to collect it, or in jail, or some combination.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    49. Re: The Nuclear Option by AmiMoJo · · Score: 1

      I have about 5TB of data backed up to the cloud (SpiderOak, fully encrypted on my end of course). Took a few months to get the initial upload done, and maintaining it is at most an overnight job now. I'm paying $120/year for unlimited storage, which admittedly was a special offer a few years back.

      For commercial scale backups you would start by mailing some hard drives to the backup provider.

      Cost wise, Google Coldline is $7.168/month/terabyte. If I'm reading it right, uploading data is free, you only pay if you need to download it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    50. Re:The Nuclear Option by wvmarle · · Score: 1

      More likely it's going the same way those prescription drug offers and Nigerian scams go: just more of them, as there are always new victims to be found.

    51. Re: The Nuclear Option by Dr.+Evil · · Score: 1

      That's why you use Dogecoins instead. Then you get both sides of the decimal point.

    52. Re:The Nuclear Option by EvilSS · · Score: 1

      because that was the important take-away from the post you replied to.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    53. Re:The Nuclear Option by Mike+Van+Pelt · · Score: 1

      They're also hitting Russian infrastructure with this one. Speaking of the nuclear option, how about a sprinkle of polonium 210?

    54. Re: The Nuclear Option by bestweasel · · Score: 1

      Things aren't necessarily as they seem.

      A ransomware attack that affected at least 2,000 individuals and organisations worldwide on Tuesday appears to have been deliberately engineered to damage IT systems rather than extort funds, according to security researchers.

    55. Re:The Nuclear Option by gweihir · · Score: 1

      The way I read German law, it does not. They may not _delete_ email without explicit consent (that is why German email providers legally are obliged to keep SPAM, usually putting SPAM in a separate folder), but they can always say that they will hand email over if the customer identifies itself. Also, in order to file a complaint, the customer would have to identify himself to the police.

      So I think as long as they keep the email and just not deliver it anymore, they are perfectly in the clear.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. Well shit... by TheCastro1689 · · Score: 1

    Looks like hackers need to use email servers from companies that don't give a shit, or make their own.

    1. Re:Well shit... by Megane · · Score: 2

      Or they could ask their victims to make random posts on /. and have the codes look like the Baynesian spammer with stuff like "goat.cx" and "frist post" in certain combinations. Then nobody will ever know what they're doing.

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    2. Re:Well shit... by freeze128 · · Score: 1

      If the criminal ever tries to call support to unlock his account, I'm sure the authorities would track down the call and find his location. But he doesn't ever need to log into his email ever again. If he controls an upstream system, he could just inspect the traffic. Email is sent in clear text.

  3. Instead of doing that... by Anonymous Coward · · Score: 1

    They could've just cooperated with the authorities to unmask the scumbag.
    It just take a moment of inattention on his part to not use a vpn/tor/whatever else that mask his IP.

  4. Disturbing by Anonymous Coward · · Score: 1

    From the article: "The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down."

    That statement by itself is disturbing enough as it is.

    1. Re: Disturbing by david_thornley · · Score: 3, Funny

      Windows would be a lot less popular if we just banned glass and other transparent materials.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    2. Re:Disturbing by Anonymous Coward · · Score: 2, Insightful

      From the article: "The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down."

      That statement by itself is disturbing enough as it is.

      Why is it disturbing? Do they expect the radiation levels around Chernobyl to go up?!

    3. Re: Disturbing by Bert64 · · Score: 1

      Because windows is less modular than other systems that would be more suitable to tasks like this.

      You want a tiny embedded system with the smallest possible attack surface, not a large general purpose system like windows with stacks of legacy cruft and features which are totally irrelevant to the task at hand. The less code you have, the less chance of security holes being found. Sure nothing is perfect, but a system which is 10% of the size is going to be far safer.

      The other issue is monoculture, if everyone runs the same software everyone has the same vulnerabilities and an attack can cause widespread chaos. If a system is important, you should have a backup which is running on something else (like Chernobyl having a manual system).

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  5. What was Posteo supposed to do? by Rosco+P.+Coltrane · · Score: 4, Interesting

    Let the scammer's email addy active and be accused of being accessory to racketeering?

    Tough shit for the ransomware victims, but they just had to do it.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:What was Posteo supposed to do? by Anonymous Coward · · Score: 2, Insightful

      Um, leave the email account open, contact the authorities and keep your mouth shut. They could have gathered valuable intelligence on this operation. Maybe the bad guys would have even screwed up somewhere while accessing the account. Now that opportunity has been pissed in the wind.

    2. Re:What was Posteo supposed to do? by fred6666 · · Score: 3, Interesting

      maybe they already have that information? What more could they learn by leaving the account active for longer?

    3. Re:What was Posteo supposed to do? by Aristos+Mazer · · Score: 1

      Once they knew about it, allowing the scam to continue... wouldn't that be aiding and abetting?

    4. Re:What was Posteo supposed to do? by Bert64 · · Score: 1

      No, what Posteo did is more like replacing illegal drugs (which *can* be harmful and/or deadly) with cyanide (which is always deadly).

      Prior to Posteo's actions those victims had a chance (however slim) of recovering their data, now they have no chance due directly to the actions of Posteo.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  6. Good. by Anonymous Coward · · Score: 2

    Stop paying fucking ransoms you fucks.

  7. It would be funny, except ... by El+Cubano · · Score: 4, Insightful

    It would be funny, except that people are paying the ransom and not getting their files back. Perhaps there will be a positive result here and people will start to get the idea that it is never worthwhile to pay the ransom and to keep backups instead. Oh, who am I kidding? That is #5 of The Six Dumbest Ideas in Computer Security.

    1. Re:It would be funny, except ... by DRJlaw · · Score: 1

      It would be funny, except that people are paying the ransom and not getting their files back. Perhaps there will be a positive result here and people will start to get the idea that it is never worthwhile to pay the ransom and to keep backups instead. Oh, who am I kidding? That is #5 of The Six Dumbest Ideas in Computer Security [ranum.com].

      So if I were the email provider, you're saying that I owe it to non-customers to continue to serve a customer violating my TOS and bringing my services into disrepute so that the customer may continue to extort them.

      Screw that. Extortionist begone.

    2. Re:It would be funny, except ... by Zocalo · · Score: 2

      Nope, that's the best part. Not only are the victims going to get schooled on the importance of good backups and security, but they are also going to get schooled on the importance of *not giving in to blackmail*. I'm hoping that the media will be full of stories of people who paid up and still didn't get their files back - sucks to be them, but it could well make subsequent attempts at ransomware not worth the risk for such a pitiful reward. How much did WannaCry yield in the end? A few $100k (assuming they even managed to claim it all)? It isn't going to take much of a change in victim mindset to make even the relatively tiny cost and effort of launching a ransomware campaign not worth the risk of getting caught.

      --
      UNIX? They're not even circumcised! Savages!
    3. Re:It would be funny, except ... by El+Cubano · · Score: 2

      So if I were the email provider, you're saying that I owe it to non-customers to continue to serve a customer violating my TOS and bringing my services into disrepute so that the customer may continue to extort them.

      Ummm, no. I said nothing of the sort. To more clearly state what I have already said: ordinarily something like this would be funny (criminal losing access to a key piece of their criminal enterprise, thereby harming the future viability of said enterprise).

      However, the collateral damage makes it more lamentable. Innocent victims now may be harmed three ways (1. infected, 2. paid ransom, 3. still didn't get files back). Posteo did the right thing and criminals who engage in these sorts of activities deserve to suffer the full weight of the law in any and every jurisdiction that can get a hold of them, if not more.

      My reference to The Six Dumbest Ideas in Computer Security was an acknowledgment that educating users (like how to not get hit by phishing attacks in the first place) is an extreme uphill battle which is oftentimes lost. Just look at the frequency and extent of these sorts of attacks.

    4. Re:It would be funny, except ... by Grishnakh · · Score: 1

      Yes, but the customer is going to continue to extort them anyway, with or without your help: the malware isn't going to magically disable itself just because the email address is defunct. Now they're just going to send their Bitcoin payments and not get anything in return, and the malware author will receive all these nice Bitcoin payments but not be able to decrypt anyone's files, so it's actually less work for him. Of course, one might argue that when word spreads about the email address being suspended that victims will stop sending payments, but I think that's fancifully naive; the victims aren't going to be paying attention to tech news like that. If these victims were really that clued-in, they would have backups and wouldn't pay the ransom in the first place, and would probably have better security procedures to to avoid getting infected.

    5. Re:It would be funny, except ... by mark-t · · Score: 1

      Because of this thing called compassion. It's not unheard of, you know.

      --
      File under 'M' for 'Manic ranting'
    6. Re:It would be funny, except ... by DRJlaw · · Score: 1

      My reference to The Six Dumbest Ideas in Computer Security was an acknowledgment that educating users (like how to not get hit by phishing attacks in the first place) is an extreme uphill battle which is oftentimes lost. Just look at the frequency and extent of these sorts of attacks.

      I read the initial post as a "educating the non-customers by cutting off the proof-of-ransom communication channel was a dumb idea" criticism.

      My apologies.

    7. Re:It would be funny, except ... by DRJlaw · · Score: 1

      Yes, but the customer is going to continue to extort them anyway, with or without your help.

      Accessory after the fact is still accessory to a crime. The fact that the customer needs you to be an accessory to mitigate their damage is going to get you --)(-- that much with a prosecutor with a mind to punish anyone they can reach.

    8. Re:It would be funny, except ... by Anonymous Coward · · Score: 1

      No but it doesn't justify standing by while the whole malware industry surges even further because people are too stupid to back up their files properly.

      If I got hit with ransomware, I wouldn't pay a dime. I'll just wipe the harddrive and restart. I may not be a company but a company should have a LOT more resources available to do proper backups.

      And if events like this happen more often, then some good will come out of it. People will see that even if they pay the ransom they may still not get their files back. As a result, more people will probably not take a chance at paying it. Lost revenue for the criminals. I'm fine with that.

    9. Re:It would be funny, except ... by mark-t · · Score: 1

      I didn't say I wasn't fine with it.... I only suggested how one might not find it funny that someone is unable to recover their lost data, even if they *DO* pay.

      I don't abide paying the ransom for a second, but that doesn't mean I don't feel bad for the people that it happens to.

      --
      File under 'M' for 'Manic ranting'
    10. Re:It would be funny, except ... by Grishnakh · · Score: 1

      Yes, but I'm commenting on the "continuing extortion" bit: the extortion isn't going to stop by you shutting down their email. The extortionist doesn't even have a way to stop it.

    11. Re:It would be funny, except ... by Bing+Tsher+E · · Score: 1

      The only innocent victims are the people who didn't pay the ransom and won't get their files back.

      The people who paid are financing the criminal's next operation.

    12. Re:It would be funny, except ... by vtcodger · · Score: 1

      IF I were the email provider, I'd hire lawyer and pay him/her to tell me what to do. Most likely, he/she will contact the authorities, outline the options, and let THEM decide what to do. No matter what they do, said email provider will almost certainly be sued by someone -- very likely lots of someones.

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
    13. Re:It would be funny, except ... by wideBlueSkies · · Score: 1

      If I had points I'd mod you through the roof. Great page!!

      --
      Huh?
    14. Re:It would be funny, except ... by SuperDre · · Score: 1

      Backups? you mean those things that are infected too if the malware has been doing a good job of running for a couple of weeks.. Let's not forget, 'good' ransomware is already working weeks before they show themselves, and in the meantime it will affect all files which are being backedup. You're lucky if you can detect that ransomware way before it shows it's ugly head to you, but a lot of times it isn't.. great now you have a backup... but it's useless.. And in a lot of companies having to revert back to a month old backup is just as bad as not having a backup at all.. In these cases you're lucky if it's ransomware that only encrypts everything and when it's done will immediatly show it's head so you can put a day old backup back.

  8. Clue me in about this malware please by Spy+Handler · · Score: 1

    What systems are affected? Windows and...? What is the attack vector, do you have to click on a suspicious link or is it like Wannacry where you don't have to do anything to get infected, just have a machine connected to the internet?

    I did scanned TFA briefly but is skimpy on details.

    1. Re:Clue me in about this malware please by F.Ultra · · Score: 1

      It uses the exact same exploit as WannaCry so you don't have to do anything besides not having a patched version of Windows.

    2. Re:Clue me in about this malware please by bjdevil66 · · Score: 1

      So far, patches have beaten the latest, big ransomware out to end users. Eventually, however, a solution will beat the patch out the door - causing problems on a scale that will dwarf everything before it. It could bring the worldwide internet to its knees as people stop connecting at all because of FUD.

      When that day finally comes, it'll be best to have backups made of your important data in an external hard drive that's disconnected from everything and sitting somewhere safe - only to be connected and updated on occasion.

  9. Re:Blocking e-mal? by Anonymous Coward · · Score: 1

    Fairly certain extortion is illegal in Germany too, so once the email provider was made aware of the criminal acts occurring on their system, they have to shut it down, lest they be considered accomplices (witting or otherwise) in the criminal endeavor.

    That you didn't realize this is no surprise to me, as your random capitalization of words and parroting of political talking points already outed you as a fucking moron who was likely unable to think critically.

  10. Re:Blocking e-mal? by Anonymous Coward · · Score: 2, Insightful

    It's a private company. They set the terms of service and decide who can and can not use their products/services and for what purposes. I wouldn't be surprised if there was clause in the TOS stating that the service can be terminated for any reason and without notice.

  11. Re:Blocking e-mal? by gweihir · · Score: 1

    I don't think so. Deleting email may be illegal, but if they keep all the mail and offer the account-owner a chance to get it by identifying himself, this is legally quite above board. It is also very likely that the account owner is violating the TOS of Posteo.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  12. Honeypot ransomware by cowwoc2001 · · Score: 4, Interesting

    Out of curiosity, why don't anti-viruses create a random file on disk and flag any process that modifies it as a suspected ransomware (for manual or automated intervention)?

    1. Re:Honeypot ransomware by mark-t · · Score: 1

      One file, randomly placed on a disk, is not statistically likely to serve as any sort of honeypot before other significant damage has occurred. On average, I suppose you could argue that it would mitigate the damages to roughly half... but that's an overall average. It would be virtually equal to useless just as often as it might save a good percentage of your data. It's like having a life guard on duty at a beach who *might* bother to swim out to save you if you need help, but then again, he might not. So what's the point of him being there? Better than nothing? I guess.. but probably only a lot more likely to just create a false sense of security.

      A healthy backup policy is the only real workable solution... and considering it is even automatable, I can't say I understand the resistance to practicing it.

      Although I've not been hit by ransomware, having an automated backup policy in place on my system has still saved my data on more than one occasion, whether it was due to disk drive failure or because of human error.

      --
      File under 'M' for 'Manic ranting'
    2. Re:Honeypot ransomware by Mal-2 · · Score: 2

      Better, make hashes of all or most of the files on the disk, and if the hashes start not matching you know you have a problem.

      --
      How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
    3. Re:Honeypot ransomware by swb · · Score: 2

      Wasn't that what Tripwire was all about?

    4. Re:Honeypot ransomware by CaptainDork · · Score: 1

      Out of curiosity, why can't a computer ... you know, the things that mentally make 500 test moves in a second in a chess game ... predict the outcome of what a malicious file is about to do and apply the brakes?

      --
      It little behooves the best of us to comment on the rest of us.
    5. Re:Honeypot ransomware by Anonymous Coward · · Score: 3, Interesting

      One file, randomly placed on a disk, is not statistically likely to serve as any sort of honeypot before other significant damage has occurred. On average, I suppose you could argue that it would mitigate the damages to roughly half... but that's an overall average. It would be virtually equal to useless just as often as it might save a good percentage of your data. It's like having a life guard on duty at a beach who *might* bother to swim out to save you if you need help, but then again, he might not. So what's the point of him being there? Better than nothing? I guess.. but probably only a lot more likely to just create a false sense of security.

      A healthy backup policy is the only real workable solution... and considering it is even automatable, I can't say I understand the resistance to practicing it.

      Although I've not been hit by ransomware, having an automated backup policy in place on my system has still saved my data on more than one occasion, whether it was due to disk drive failure or because of human error.

      well this first generation of ransomware relies on crypto libraries currently in the system, you can hook and tell the OS to snapshoot the processs memory and posibly be able to get the prime numbers used to generate the keys that, while the attack is going on, are in memory, like the Quarkslab solution for XP systems works.

    6. Re:Honeypot ransomware by Hentes · · Score: 2

      As far as I know this specific virus only encrypts the MFT.

    7. Re:Honeypot ransomware by cowwoc2001 · · Score: 1

      Clever!

    8. Re:Honeypot ransomware by n3r0.m4dski11z · · Score: 1

      Sophos supposedly has technology (intercept X) that can heuristically determine when an encryption event is going down and should automatically block it. It works by looking for files being rapidly encrypted and immediately stops it and i believe tries to roll back the changes so that less than 1% is actually encrypted.

      For us, the virus scanner has caught a few ransomware viruses before they made it that far, so we have yet to test that. But its a well advertised feature of their product line.

      https://www.sophos.com/en-us/p...

      It requires its own license, and I think its selling like hotcakes these days.

      --
      -
    9. Re:Honeypot ransomware by Bert64 · · Score: 1

      That's for OS files like executables, which should never change except during patching cycles.
      User files are expected to change, and users would become annoyed at the extra dialogs every time they saved (or autosaved) their work.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    10. Re:Honeypot ransomware by fgouget · · Score: 1

      Out of curiosity, why can't a computer ... you know, the things that mentally make 500 test moves in a second in a chess game ... predict the outcome of what a malicious file is about to do and apply the brakes?

      Two words: Halting problem.

    11. Re:Honeypot ransomware by wvmarle · · Score: 1

      So now you want to have your OS to be checking files continuously? Or how is it supposed to detect such crypto attacks? Many important files - like documents - are supposed to change on a regular basis anyway...

    12. Re:Honeypot ransomware by Mal-2 · · Score: 1

      Document files, and just about anything else with an internal header section, could be quickly checked simply to see if they are valid files. No matter how much you change a document, it should remain valid. If it doesn't, you probably want to know about it regardless of whether the cause is ransomware or simple file system errors. Now if ransomware evolves to scramble document contents without breaking the container, then this will stop working -- but we're not there right now.

      As for checking files continuously, it doesn't have to be done at a high rate. Checking files only when the machine is idle will help too. Even when there's someone at the console, there are plenty of times the computer is sitting around waiting for a response to something, and it could be checking the validity of files. If it starts seeing changes, it should increase the priority of the checking process until it can determine with reasonable confidence whether the changes are legitimate or malicious.

      --
      How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  13. Alternative solution. by fahrbot-bot · · Score: 1

    Maybe the guy can publish his postal address, so people can mail their info to him.

    --
    It must have been something you assimilated. . . .
  14. Re:Blocking e-mal? by amicusNYCL · · Score: 2

    You're thinking that Germany passed a law saying that email providers are required to always provide users with free access to their account, even if that email account is used as part of a crime? For example, trading child pornography, trading copyrighted content, facilitating money laundering or extortion, etc? Why would any country pass a law like that? I can't think of a single country which WOULD have a law like that.

    But, don't let simple rational logic stop you from contacting the real "News Media" and asking them to investigate Germany over this. The world still needs humor.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  15. Re:Blocking e-mal? by amicusNYCL · · Score: 1

    Privacy is constitutionally protected.

    What, you mean in the United States, by the United States Constitution, which wouldn't apply to Germany anyway? Are you talking about the fourth amendment? Because, and I'm not a lawyer or anything, but I bet that if a ransomware campaign publishes an email address to use to send extortion payment info, I'm pretty sure that investigation of that email account would not be classified as "unreasonable search". That search sounds pretty reasonable to me. In fact, deciding to deactivate access to this account just because the address appeared in the actual malware doesn't even require that they look at the emails in the account. They can just disable access to it, they don't even have to delete any of the emails or reject new emails in order to do that, they can just turn off the ability to check emails on the account.

    But, let's face it. The fourth amendment has been eating shit for the past 16 years, with no end in sight. Disabling an email account that is used in an extortion campaign is the least of our worries at this point, not even mentioning the fact that the US Constitution has nothing to do with this story.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  16. Re:The Nuclear Option * 100% agree by charliemerritt03 · · Score: 1

    Hard on the victims that paid. Perhaps the word should be out that criminals won't necessarily give you anything for your bit coins. About time someone had nerves. Thanx.

  17. Rudyard Kipling by Stormy+Dragon · · Score: 5, Informative

    It is always a temptation to an armed and agile nation
        To call upon a neighbour and to say: --
    "We invaded you last night--we are quite prepared to fight,
        Unless you pay us cash to go away."

    And that is called asking for Dane-geld,
        And the people who ask it explain
    That you've only to pay 'em the Dane-geld
        And then you'll get rid of the Dane!

    It is always a temptation for a rich and lazy nation,
        To puff and look important and to say: --
    "Though we know we should defeat you, we have not the time to meet you.
        We will therefore pay you cash to go away."

    And that is called paying the Dane-geld;
        But we've proved it again and again,
    That if once you have paid him the Dane-geld
        You never get rid of the Dane.

    It is wrong to put temptation in the path of any nation,
        For fear they should succumb and go astray;
    So when you are requested to pay up or be molested,
        You will find it better policy to say: --

    "We never pay any-one Dane-geld,
        No matter how trifling the cost;
    For the end of that game is oppression and shame,
        And the nation that pays it is lost!"

  18. Re:Blocking e-mal? by viperidaenz · · Score: 1

    Maybe they're referring to The Basic Law for the Federal Republic of Germany
    They probably have no idea what is in that law, but you know, 'Merica

  19. Re:Ransomware solutions by Bert64 · · Score: 1

    1, if the NSA don't hoard vulnerabilities, then vulnerabilities will still be hoarded by foreign intelligence agencies and criminals. The NSA will be at a disadvantage and the world will be no better off.

    3, how would you implement "direct user intervention" as a requirement? unless enforced at the hardware level, ransomware would just need to execute the same instructions that the user-driven deletion confirmation does. Also a lot of software creates and destroys temporary files during its normal operation, saved copies of all these temporary files would rapidly accumulate and regularly require the user to manually confirm their removal.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  20. Re:Blocking e-mal? by Sique · · Score: 1

    It's called "dignity of Man", and it is part of the preamble of the German constitution. From there, the so called "Census decision" of 1983 derived the right to informational self-determination.

    --
    .sig: Sique *sigh*
  21. Fake Ransomware by The+Raven · · Score: 2

    This is probably not a real ransomware attempt. It's either a test that got released into the wild, or it's a simple malicious virus that was released and is masquerading as ransomware. Because it was initially released via a Ukrainian government website that businesses there need to use, it seems possible that this is another attack on Ukraine by the Russian government.

    Most ransomware infections use a different wallet code for each victim; this one has just one. Most ransomware also takes communication via TOR so it can't be blocked; this one used a public email. The dichotomy between the competence of the infection and the incompetence of the ransomware portion is what gives the impression that this is not really ransomware.

    --
    "I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
  22. Re:Wow by Miamicanes · · Score: 1

    I didn't say *I* had 9 storage units and a house. It was an analogy.

    The metaphorical "storage units" are my USB 2.0 hard drives, and the tarballs ON those drives are kind of like "storage units in another city that can only be visited once in a while, for a limited amount of time". They're so slow (relative to the sheer number of files on them), and some of their contained archive files are so huge (one has more than a hundred sliced tarballs, each of which has about 2GB worth of files and a current size averaging about 1.2gb) that it would take literally DAYS to extract them from the USB drive to my laptop's second hard drive. Assuming tar didn't crap out along the way, and Windows didn't find reasons to prevent it from writing the restored files to the target drive.

    The metaphorical "house piled floor to ceiling" is my HTPC (running Windows 7 pro and Windows Media Center), which does double-duty as my "lan file server". It has about 7TB spread across 9 hard drives... ~1tb is used by WMC to record TV shows and for windows itself, about 2tb is older TV shows I moved from the main record drive when it got full, and the remaining 4TB is an agglomeration of all my old hard drives (250gb or larger) into a big JBOD RAID array.

    The metaphorical "neat condo" is my laptop. Both of its drives (1tb mSATA SSD, 2tb 2.5") are about half full... mostly, thanks to the 2tb drive I added last summer (which allowed me to offload half the stuff from my previously-jam-packed SSD).

    The best solution I've found so far is using Windows 7 backup (hidden in Windows 10, but there if you know where to look for it) to create .vhd images, because those .vhd images can later be mounted as virtual hard drives. This is significant, because it allows data files from the previous installation of Windows that are usable directly (.jpeg files, documents, etc) to be literally MOVED from the .vhd drive to the new drive, leaving a much smaller subset of old files to store in perpetuity after the restoration.

    But that does no good for the terabytes of old backups from 2010 and earlier... especially the clusterfuck caused by my OCZ SSD and Velociraptor... the Velociraptor (my "bulk data" drive at the time) died without warning in June, and my OCZ SSD had been committing data-suicide every 4-7 weeks since I got it the previous Black Friday. I was in the middle of recovering from a SSD-corruption when the 'raptor died, and ended up in TOTAL panic because at that point, I had some unknown subset of data that I had literally one remaining copy of. In the aftermath of that incident, my data duplication problem exploded... I was so afraid of losing my only remaining copy, I bought drive after drive to make additional copies (the fact that my SSD kept crapping out every few weeks just made matters worse). And because the SSD kept dying before I even finished recovering from the PREVIOUS incident (I finally threw in the towel, swore off SSDs temporarily, got a hybrid SSHD in October, and never used that total-piece-of-shit OCZ SSD again), the number of redundant copies exploded. Hard drive space increased exponentially and got cheaper, but the ACCESS & TRANSFER TIME didn't keep up with the amount of data, so I rapidly got into a position where I knew 90% of the files were redundant, but had SO MANY it was impossible to actually sift through them in any reasonable amount of time.