Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Behind Massive Ransomware Outbreak Can't Get Emails From Victims Who Paid (vice.com)

Posted by msmash on from the interesting-turns dept.

Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

15 of 182 comments (clear)

  1. The Nuclear Option by trg83 · · Score: 5, Interesting

    While this doesn't do anything to improve life for the poor folks trying to retrieve their files, this type of aggressive approach may be required to eliminate the incentives for ransomware creators. It's truly the nuclear option, as the fallout is likely to hurt many unintended targets, but it could end the war.

    1. Re:The Nuclear Option by Anonymous Coward · · Score: 4, Insightful

      Why do the bad guys need email in the first place? Just ask for 0.10xxxxxx BTC where xxxxxx is the "infection key".

    2. Re: The Nuclear Option by Rockoon · · Score: 3, Insightful

      The NSA is working against the American people in many cases

      ..and against the world in the rest of the cases.

      --
      "His name was James Damore."
    3. Re:The Nuclear Option by gweihir · · Score: 4, Insightful

      I agree on both counts. The problem is that if you let a criminal business model thrive, then things will get far worse. Hence what Posteo did is the only sane thing possible. It will also send a pretty clear message to those affected that a major part of the problem is with them and their bad security and non-existent backups.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:The Nuclear Option by barc0001 · · Score: 4, Insightful

      > You really think malware creators won't be able to find any email providers that are friendly to their cause?

      Other agencies could make that a dangerous game for the email provider. Revoking their domain or just shitcanning routes to their IP ranges if they're "involved" in malware commerce would make others extremely reluctant to play along.

    5. Re: The Nuclear Option by bestweasel · · Score: 4, Insightful

      "eliminate the incentives for ransomware creators"

      This assumes that the ransom is their main incentive.

    6. Re:The Nuclear Option by Dunbal · · Score: 4, Insightful

      The more contact you have with your victim the more chances you have of being caught by law enforcement, silly. If I was a criminal I'd take a quick couple thousand bucks worth of bitcoin and disappear without a trace over trying to "score big" and having them catch me via my email correspondence sending out "keys". Hundreds of thousands/millions of dollars are no consolation when your ass is thrown in jail forever and all your assets seized before you can ever enjoy them.

      --
      Seven puppies were harmed during the making of this post.
    7. Re: The Nuclear Option by behrooz0az · · Score: 3, Insightful

      I really want to downvote this comment chain "Idiot -1" Why not just give them back a private pastebin ID with the key in it?

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
  2. What was Posteo supposed to do? by Rosco+P.+Coltrane · · Score: 4, Interesting

    Let the scammer's email addy active and be accused of being accessory to racketeering?

    Tough shit for the ransomware victims, but they just had to do it.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:What was Posteo supposed to do? by fred6666 · · Score: 3, Interesting

      maybe they already have that information? What more could they learn by leaving the account active for longer?

  3. It would be funny, except ... by El+Cubano · · Score: 4, Insightful

    It would be funny, except that people are paying the ransom and not getting their files back. Perhaps there will be a positive result here and people will start to get the idea that it is never worthwhile to pay the ransom and to keep backups instead. Oh, who am I kidding? That is #5 of The Six Dumbest Ideas in Computer Security.

  4. Re: Disturbing by david_thornley · · Score: 3, Funny

    Windows would be a lot less popular if we just banned glass and other transparent materials.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  5. Honeypot ransomware by cowwoc2001 · · Score: 4, Interesting

    Out of curiosity, why don't anti-viruses create a random file on disk and flag any process that modifies it as a suspected ransomware (for manual or automated intervention)?

    1. Re:Honeypot ransomware by Anonymous Coward · · Score: 3, Interesting

      One file, randomly placed on a disk, is not statistically likely to serve as any sort of honeypot before other significant damage has occurred. On average, I suppose you could argue that it would mitigate the damages to roughly half... but that's an overall average. It would be virtually equal to useless just as often as it might save a good percentage of your data. It's like having a life guard on duty at a beach who *might* bother to swim out to save you if you need help, but then again, he might not. So what's the point of him being there? Better than nothing? I guess.. but probably only a lot more likely to just create a false sense of security.

      A healthy backup policy is the only real workable solution... and considering it is even automatable, I can't say I understand the resistance to practicing it.

      Although I've not been hit by ransomware, having an automated backup policy in place on my system has still saved my data on more than one occasion, whether it was due to disk drive failure or because of human error.

      well this first generation of ransomware relies on crypto libraries currently in the system, you can hook and tell the OS to snapshoot the processs memory and posibly be able to get the prime numbers used to generate the keys that, while the attack is going on, are in memory, like the Quarkslab solution for XP systems works.

  6. Rudyard Kipling by Stormy+Dragon · · Score: 5, Informative

    It is always a temptation to an armed and agile nation
        To call upon a neighbour and to say: --
    "We invaded you last night--we are quite prepared to fight,
        Unless you pay us cash to go away."

    And that is called asking for Dane-geld,
        And the people who ask it explain
    That you've only to pay 'em the Dane-geld
        And then you'll get rid of the Dane!

    It is always a temptation for a rich and lazy nation,
        To puff and look important and to say: --
    "Though we know we should defeat you, we have not the time to meet you.
        We will therefore pay you cash to go away."

    And that is called paying the Dane-geld;
        But we've proved it again and again,
    That if once you have paid him the Dane-geld
        You never get rid of the Dane.

    It is wrong to put temptation in the path of any nation,
        For fear they should succumb and go astray;
    So when you are requested to pay up or be molested,
        You will find it better policy to say: --

    "We never pay any-one Dane-geld,
        No matter how trifling the cost;
    For the end of that game is oppression and shame,
        And the nation that pays it is lost!"