Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Behind Massive Ransomware Outbreak Can't Get Emails From Victims Who Paid (vice.com)

Posted by msmash on from the interesting-turns dept.

Joseph Cox, reporting for Motherboard: On Tuesday, a new, worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere. The hackers hit everything from international law firms to media companies. The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files. [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal installation key." This is a 60 character code made up of letters and digits generated by the malware, which is presumably unique to each infection of the ransomware. That process is not possible now, though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account straight away.

10 of 182 comments (clear)

  1. The Nuclear Option by trg83 · · Score: 5, Interesting

    While this doesn't do anything to improve life for the poor folks trying to retrieve their files, this type of aggressive approach may be required to eliminate the incentives for ransomware creators. It's truly the nuclear option, as the fallout is likely to hurt many unintended targets, but it could end the war.

    1. Re:The Nuclear Option by Anonymous Coward · · Score: 4, Insightful

      Why do the bad guys need email in the first place? Just ask for 0.10xxxxxx BTC where xxxxxx is the "infection key".

    2. Re:The Nuclear Option by gweihir · · Score: 4, Insightful

      I agree on both counts. The problem is that if you let a criminal business model thrive, then things will get far worse. Hence what Posteo did is the only sane thing possible. It will also send a pretty clear message to those affected that a major part of the problem is with them and their bad security and non-existent backups.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:The Nuclear Option by barc0001 · · Score: 4, Insightful

      > You really think malware creators won't be able to find any email providers that are friendly to their cause?

      Other agencies could make that a dangerous game for the email provider. Revoking their domain or just shitcanning routes to their IP ranges if they're "involved" in malware commerce would make others extremely reluctant to play along.

    4. Re: The Nuclear Option by bestweasel · · Score: 4, Insightful

      "eliminate the incentives for ransomware creators"

      This assumes that the ransom is their main incentive.

    5. Re:The Nuclear Option by Dunbal · · Score: 4, Insightful

      The more contact you have with your victim the more chances you have of being caught by law enforcement, silly. If I was a criminal I'd take a quick couple thousand bucks worth of bitcoin and disappear without a trace over trying to "score big" and having them catch me via my email correspondence sending out "keys". Hundreds of thousands/millions of dollars are no consolation when your ass is thrown in jail forever and all your assets seized before you can ever enjoy them.

      --
      Seven puppies were harmed during the making of this post.
  2. What was Posteo supposed to do? by Rosco+P.+Coltrane · · Score: 4, Interesting

    Let the scammer's email addy active and be accused of being accessory to racketeering?

    Tough shit for the ransomware victims, but they just had to do it.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  3. It would be funny, except ... by El+Cubano · · Score: 4, Insightful

    It would be funny, except that people are paying the ransom and not getting their files back. Perhaps there will be a positive result here and people will start to get the idea that it is never worthwhile to pay the ransom and to keep backups instead. Oh, who am I kidding? That is #5 of The Six Dumbest Ideas in Computer Security.

  4. Honeypot ransomware by cowwoc2001 · · Score: 4, Interesting

    Out of curiosity, why don't anti-viruses create a random file on disk and flag any process that modifies it as a suspected ransomware (for manual or automated intervention)?

  5. Rudyard Kipling by Stormy+Dragon · · Score: 5, Informative

    It is always a temptation to an armed and agile nation
        To call upon a neighbour and to say: --
    "We invaded you last night--we are quite prepared to fight,
        Unless you pay us cash to go away."

    And that is called asking for Dane-geld,
        And the people who ask it explain
    That you've only to pay 'em the Dane-geld
        And then you'll get rid of the Dane!

    It is always a temptation for a rich and lazy nation,
        To puff and look important and to say: --
    "Though we know we should defeat you, we have not the time to meet you.
        We will therefore pay you cash to go away."

    And that is called paying the Dane-geld;
        But we've proved it again and again,
    That if once you have paid him the Dane-geld
        You never get rid of the Dane.

    It is wrong to put temptation in the path of any nation,
        For fear they should succumb and go astray;
    So when you are requested to pay up or be molested,
        You will find it better policy to say: --

    "We never pay any-one Dane-geld,
        No matter how trifling the cost;
    For the end of that game is oppression and shame,
        And the nation that pays it is lost!"