Ransomware

[Leisher]

So a guy at work opens an email ignoring the fact that it was from someone with the wrong name. Then he proceeds to open the attachment even though it's a .zip file.

Guess what? All of a sudden all of his files are encrypted.

Sadly, this is not the first person this has happened to, but this is the biggest hit. This is a remote user who doesn't VPN in a lot, tries to store stuff on external hard drives or in DropBox, and has years of business and personal stuff stored on his laptop.

I keep him up and running after 6 hours of on/off conversations on a Sunday night because he has a huge presentation (that was wiped out) the next day.

Now I have his laptop and he's insisting that we pay the ransom. He says he's talked to other sales people at other companies and they've paid with no issues. Personally, I don't want to, and haven't for others on principle. Although, those other folks were properly saving their files so they were being backed up on the servers.

Well, curiosity is winning out and we're going to do the ransom process. We're going to pay via a generic gmail account. We're using a credit card that we're going to cancel, although that shouldn't be an issue as they want BitCoins as payment.

We're in the process of purchasing the BitCoins. I'll keep you all posted on how this goes.

[GORDON]

I respect the ransom people more than I do your guy who wants to pay it.

[Malcolm]

1) Don't pay. Period. No Danegeld. Paying makes you more of a target.

2) Is there anything extremely sensitive on the HDD he doesn't want to see the light of day? If not, I'd contact the nearest large college's computer nerd club or google some data retrieval/crypto dudes. Not all hackers are geniuses, some use shitty encryption just like normal people.

3) If your client insists on paying out like the Mr. Lebowski that he is, contact the Secret Service office nearest you, explain shit, and ask them to work with whatever service providers to trace the transaction.



Edited By Malcolm on 1430234153

[Vince]

I respect the ransom people more than I do your guy who wants to pay it.

Yeah... how sad is that?

[Stranger]

Our company had a similar attack on us last year. Somehow people were able to get into our server and encrypted our folder with digital schematics that we have drawn up over the last 25 years and some other documents, mostly machine manuals. Luckily our folders are split up by letters of the alphabet and they only got letters A-C, but still lots of time and valuable information were lost and my boss refused to pay any ransom.

[Malcolm]

Honeypots. Use 'em.

[TheCatt]

Kaspersky recently announced a tool that unlocks some ransomware, may want to look into that before paying.

[Leisher]

I will, thanks.

[Leisher]

That BitCoin wallet doesn't have decrypted keys yet.

[GORDON]

So what became of this?

Was talking to someone today who had a server get ransomwared, and was told the ransom people were in jail and there was no one to contact to decrypt the stuff. He was told that the bigger software companies each had their own ways to recover their own data.

[Malcolm]

He was told that the bigger software companies each had their own ways to recover their own data.

Doubtful unless the encryption is fucked up by a stupid hacker. You could let me fill a SSD with 100% my proprietary, private software plus a custom OS, then encrypt it (which I'll admit would be difficult given my preconditions), and I'd still be screwed. This is my chief argument against paying:

You pay, nothing happens. Asshole writes back asking for more cash. Lather, rinse, repeat until the mark stops shelling out, and finally stop talking to him. There is zero incentive on the side of the hacker to give you the means to decrypt your shit. You're trusting a known, proven thief to be honest.



Edited By Malcolm on 1433429531

[Leisher]

By the time we got around to paying the ransom, the links no longer worked.

This was just after the Netherlands raided that server farm for some of these pricks.

We've check Kaspersky's site a few times looking to see if they posted the code to unlock these files, but so far, no. They've posted a lot, but not the one we need.

(The Dutch authorities gave the servers to Kaspersky...)

Also, I agree with Malcolm. Bigger companies do NOT have codes to unlock these files. My sales folks have encountered too many individual users from larger companies who have paid the ransom and then expensed it. Saying the larger companies have an out is a conspiracy theory. Ditto for saying the ransom folks are in jail. Yes, some are, but they only hit one operation, not all.

[GORDON]

One of the outfits encrypting shit has been decrypted.

http://news.softpedia.com/news....8.shtml

[Malcolm]

Hospital hit. Shit is apparently getting realsies.

This type of attack recently forced Israel's Electricity Authority to shut down its PCs.

[TPRJones]

Were I running a hospital all the internal systems in which patient data is stored would have no external connection to the internet. Lock that shit off.

[GORDON]

Were I running a hospital all the internal systems in which patient data is stored would have no external connection to the internet. Lock that shit off.

Facebook access is probably in the union contract.

[TheCatt]

Hospital pays $17k ransom

[Malcolm]

Hospital pays $17k ransom

Idiots and tools. Making things worse.

[Malcolm]

The hospital first turned to the LAPD for help with the ransomware. I'm not up to date on the cyber-savviness of the LAPD, but perhaps Hollywood Presbyterian should've turned to some trendy infosec company first. When the Swansea, Massachusetts, police department was hit, the officers paid CryptoLocker's ransom. Police Lt. Gregory Ryan told press that his department shelled out around $750 for two bitcoin -- and admitted his department had no idea what bitcoin is or how malware functioned.

Yep, I'm sure your workers have lots of important speeding and parking tickets to hand out. It's a wonder how crime like this occurs.

[Malcolm]

Petya cracked.