Slashdot Mirror
BBC Visits 'Hated and Hunted' Ransomware Expert (bbc.co.uk)
In "Hated and hunted," a BBC reporter describes visiting a ransomware expert "who has devoted himself, at huge personal cost, to helping victims of ransomware around the world."
They hate him so much that they leave him angry threats buried deep inside the code of their own viruses... "I was shocked but I also felt a real sense of pride," says Fabian. "Almost like, a little bit cocky. I'm not going to lie, yeah, it was nice...." He works remotely for a cyber security company, often sitting for hours at a time working with colleagues in different countries. When he's "in the zone", the outside world becomes even less important and his entire existence focuses on the code on his screen. He once woke up with keyboard imprints all over his face after falling asleep during a 35-hour session.
All of this to create anti-ransomware programs that he and his company usually give away free. Victims simply download the tools he makes for each virus, follow the instructions and get their files back... According to research from Emsisoft, the cyber security company Fabian works for, a computer is attacked every two seconds. Their network has managed to prevent 2,584,105 infections in the past 60 days -- and that's just one anti-virus firm of dozens around the world.... "It's pretty much an arms race," says Fabian. "They release a new ransomware virus, I find a flaw in its code and build the decryption tool to reverse it so people can get their files back. Then the criminals release a new version which they hope I can't break... It escalates with them getting more and more angry with me...."
Fabian accepts that moving around and restricting his life and circle of friends is just a part of the sacrifice for his hobby-turned-profession... He earns a very good salary but looking around his home and at his life it's hard to see how he spends it.
He estimates that he's "upset or angered" 100 different ransomware gangs (based on his analysis of the Bitcoin wallets where they collect their ransoms.) One group had collected about $250,000 (£191,000) in three months -- until Fabian created a countering anti-ransomware program -- which is one reason he carefully hids his identity.
"I know how much money they make and it would be literally nothing for them to drop 10 or 20,000 for like some Russian dude to turn up to my house and beat the living hell out of me."
All of this to create anti-ransomware programs that he and his company usually give away free. Victims simply download the tools he makes for each virus, follow the instructions and get their files back... According to research from Emsisoft, the cyber security company Fabian works for, a computer is attacked every two seconds. Their network has managed to prevent 2,584,105 infections in the past 60 days -- and that's just one anti-virus firm of dozens around the world.... "It's pretty much an arms race," says Fabian. "They release a new ransomware virus, I find a flaw in its code and build the decryption tool to reverse it so people can get their files back. Then the criminals release a new version which they hope I can't break... It escalates with them getting more and more angry with me...."
Fabian accepts that moving around and restricting his life and circle of friends is just a part of the sacrifice for his hobby-turned-profession... He earns a very good salary but looking around his home and at his life it's hard to see how he spends it.
He estimates that he's "upset or angered" 100 different ransomware gangs (based on his analysis of the Bitcoin wallets where they collect their ransoms.) One group had collected about $250,000 (£191,000) in three months -- until Fabian created a countering anti-ransomware program -- which is one reason he carefully hids his identity.
"I know how much money they make and it would be literally nothing for them to drop 10 or 20,000 for like some Russian dude to turn up to my house and beat the living hell out of me."
Hello,
While Bulgaria was once a hot-bed of virus activity in the DOS era, the focus on malicious software has spread throughout Russia, Eastern Europe and the Baltic states, to the extent that it has crowded out Bulgaria as being a well-known source of malware. Of course, today malware is a global phenomenon, and you find clusters of development throughout the world, including regional specializations in both Asia and Latin America for targeting domestic banking, for example.
Vesselin Bontchev, one of the first people to document the Bulgarian virus scene via his seminal work, The Bulgarian and Soviet Virus Factories, remains active in the field and would probably be the best source for current information on Bulgaria's position in the threat economy. He can also be found on Twitter, where his tendency towards logorrhea is somewhat tempered by the 280-character limit.
Regards,
Aryeh Goretsky
Dexter is a good dog.
Cain was a farmer and offered up fresh, moist fruits and vegetables while Able was a rancher/herder and offered up the carcasses of animals rich in fat.
Both were offering their best products, but the flames were bigger and brighter when consuming the fat bone and fur than they were when consuming the fresh, moist, vegetables, so it was assumed that God was more pleased by the one that burned better than the other.
Due to that assumption, Cain became jealous and killed his brother.
As far as I am aware, God was happy with both, at least until Cain committed murder.
Obviously, I can't crack all ransomware out there and I never made that claim (and neither made the article). However, a lot of ransomware has flaws that can be abused just like a lot of other software has bad crypto. The flaws are usually just what you would also find in production code: Bad key generation, improper key sizes, inappropriate key re-use, server vulnerabilities.
There are also some real "WTF?!" moments as well. For example, the first iterations of Cryptowall left the generated private key on the system by accident, because they copied sample code on how to use the CryptoAPI from the MSDN documentation without understanding what some of the parameters meant. Cryptowall later went on to become one of the most profitable ransomware campaigns in history with estimated revenues within the 300 million US dollar range. Bottom line is: As with many things, ransomware doesn't have to be perfect to cause a lot of damage.
You can obviously dismiss it as a "guy cracked a couple crappy tools", but ultimately we broke over hundreds of different ransomware families and major revisions within said families.