Feeds

back to article The return of the ransom-ware Trojan

Virus writers are revisiting the tactic of holding data on compromised machines to ransom with a new strain of so-called "ransom-ware" Trojan. Gpcode-AI (AKA Sinowal-FY) encrypts data on compromised machines before demanding money from users to decrypt it. The malware also include backdoor key-logging features designed to pinch …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

not hard to find?

$300 is likely to be paid by credit card or paypal, and surely a sum like that isn't going to be under the bar for the various credit checks? It can't be that difficult for police to get Visa etc. to cough up the destination account number.

0
0

Why not scam the scammers

If you can pay with paypal, once you receive the decryption routine, open a complaint with paypal and theyll freeze their account and funds until its resolved. Ultimately you might even get your money back.

0
0

Are the AV firms breaking the DMCA?

Doesn't the DMCA (shudder) forbid any attempt to develop software that breaks someone else's encryption?

0
0

Chargeback

With a credit card the idea of "scamming" the scammers is even easier - as you can call the credit card or bank immediately after receiving the decryption tool and charge back everything you don't recognise as valid. Obviously you also cancel the card and wait for a new one.

But I'm not sure either is that great an idea - probably just best to blow it off and keep a watch on your credit card bills and bank statements.

0
0

difficult for police to get Visa etc.

Most of the writers of this kinds of viruses are Russian, and most Russian virus writers lack credit card processing facilities (a joke about a striper, a credit card, and a way to pay a tip springs to mind) THE only way I have encountered these people use to receive funds is web money (similar to paypal) with multiple compromised accounts used to route money to some old guy who knows nothing about the “business” or, more commonly western union money transfers. You only need a name to send the monies, and again, some unsuspecting old guy goes into any WU franchise to pick up the dough. Good luck tracing that.

With staggering “red tape” in Russia, it is simpler to make your own polonium, than to open a bank account and receive funds from abroad (thanks to money laundering, tax inspectorate, anti-terrorism and other alphabet soup groups)

0
0
Anonymous Coward

blackmail psychology

Pretty naive comments. Finding the bad guys is not the same as stopping them, as they may be based or fronted in a country where enforcement is difficult.

And you have to remember the victim psychology. If the victim wants their files back they have to FIND A WAY to pay. If paypal is down, then Western Union. If Western Union is unavailable, then mail a check to Nigeria. If that doesn't work, something else. And quickly, because of the deadline. I'm betting there's a robust payment method.

Any given run of the scam has an operational time of a week or less, but you can create new paypal accounts at will, and make a new run. I'd guess the big question is how to stay away from law enforcement on your home turf.

Sad to say that this is the utopian world of anonymous surfing that seemed so attractive to naive geeks 15 years ago. Is it clear yet that anonymity facilitates anarchy, not freedom? We build governments to protect us from criminals and strongmen. But with governments and internetworks alike, we must take care what we build, lest its power be dangerously unbalanced.

0
0

Will you get it?

Will you actually get the key? Will they actually keep your PII secret? These are criminals, after all.

One of these days one of these cyber criminals is going hit either someone in the CIA or in a real organized crime gang (I won't call them the Mafia, since a) there are plenty of other gangs these days and b) according to Tony Soprano, there's no such thing as the Mafia). If they're lucky, they'll die suddenly.

0
0

Mafia

@Dillon Pyron

Should the guy accidently stumble upon someone in the mafia, and, they will manage to track him down, then, instead of making him sleep with the fishes, they will give him a merc, and more long-legged “ladies” than he can shake a stick at, so that he will work for them.

That is, assuming that he can bring $10k per week, at the very least. If he cannot, then he will get to smell those fishes, and not from his bipedal friends.

0
0

Simple Solution

Just dont open any unrecognised emails.... That way your data wont be encrypted, you wont be forced to pay $300, you wont need to charge back any credit cards, and when these people learn that no-one is opening their emails(rubbish they deploy etc) , well they may, just may, stop these kind of shenanigans.

0
0
Anonymous Coward

Jumping a bit, I'd say...

Quote:

Sad to say that this is the utopian world of anonymous surfing that seemed so attractive to naive geeks 15 years ago. Is it clear yet that anonymity facilitates anarchy, not freedom? We build governments to protect us from criminals and strongmen. But with governments and internetworks alike, we must take care what we build, lest its power be dangerously unbalanced.

Response:

Talk about jumping to conclusions. Crime existed a long time before the internet, and it will continue to exist long after the current technology is eclipsed. I argue that societies do not build governments to protect themselves from strongmen and extortionists, but rather that strongmen and extortionists build governments to codify their behavior.

In the natural world, no one protects anyone, save perhaps a few species' parent-child bonds. The concepts of law and government exist only in the minds of responsible individuals who choose to live by such ideas; the default biological imperative is self-enrichment and survival for all species, humans included. If you don't protect yourself, you will be victimized.

It would be insane to consider publishing your personal and financial details in perpetuity in a newspaper, yet people do it all the time on the internet. It would be madness to never install door and window locks on your home, but people routinely ignore even the barest computer security efforts. An insurer will not pay if your car is stolen because you left it unlocked with the keys in the ignition. Why do people have an expectation "the government" is going to protect their internet activities, when governments so far have never solved the problem of conventional crime?

Someday, using software "not fit for any particular purpose" will become an insurance liability, and strong financial incentives will cause a lot of these stupid exploits to go away.

0
0
Silver badge

re: Are the AV firms breaking the DMCA?

I think everyone in the industry would be quite happy to say "sod the DCMA" in this case. ;-)

0
0
Anonymous Coward

How very kind of you...

...to obfuscate Microsoft's details in their latest marketing ploy.

At least they're not pretending now.

0
0

Neat trick, and it goes full circle

So the first thing a user does on receiving this e-mail is to check a few files to see if they have access to them. If they find them encrypted they then fire up the browser and go to their online payment facility, but didn't the article mention a key logger?

I remember the old pickpocket trick of putting up signs saying "Beware pickpockets, have you still got your wallet?". All they then had to was watch where someone patted and it saved them having to guess which pocket the money was in.

Yes it's low, yes it's mean, despicable etc, but you have to hand it to them, they know what they are doing.

0
0
Anonymous Coward

re: scammed organised crime taking revenge on scammer

That reminds me of a very funny 419 baiter log I read where the 419er was convinced by the baiter that he had unwittingly scammed the mafia and they were now out to get him. The baiter first posed as something like "an accountant for an Italian family business". When the 419er started requesting payments the baiter indicated they would make the payments, and then stopped communicating. After a suitably worrying period of silence, the baiter posed as an angry mafia baron who had discovered this accountant had embezzled a large sum of money from his "family business" equal to the amount the 419er had requested. The baiter indicated that he expected the 419er to repay the mssing amount (that he had never received), or else his family business associates in Nigeria would find him, etc. Based on his replies the 419er was sh**ing himself! :)

0
0

Oh no!

Oh no , have the 419'ers have developed a new franchise!

Time to switch to Linux , is at hand , with M$ threatening to spy on you with it's open government back doors , windows and built in future key loggers!

What a sad world we live in!

0
0

re: DMCA

Kaspersky Lab is a russian company if memory serves -- they're not subject to the DMCA.

0
0
Gav
Bronze badge

Scam The Scammers

Funny how people always think they can pull a fast one on these kind of criminal malware outfits. Hey! Pay by paypal then freeze the account! They'll never see that one coming!!

Part of a good scam is getting the victim to think they are actually smarter than the scammer. That way its easier to take their money off them.

0
0

Identity theft is not just for mobsters

Quote:

Sad to say that this is the utopian world of anonymous surfing that seemed so attractive to naive geeks 15 years ago. Is it clear yet that anonymity facilitates anarchy, not freedom?

---

I am one of those geeks from 15 years ago and still believe that the internet should not be regulated. I'm not naive, I just like being able to criticize governments.

I feel more comfortable with Russian mobsters knowing my name than I do with the American government obtaining my credit card reports without a warrant *just in case* I might be a terrorist. Russian mobsters are currently not known for holding hundreds of people hostage on an island and torturing them. I have yet to see photographs of Russian mobsters forcing innocent Arabian gentlemen to engage in sex acts.

Regulation results in loss of freedom and having your private bits exposed to the world by a US army sergeant. I'm sure you wouldn't want your dangly bits being displayed to all and sundry in the interests of the "war against terror"?

The government is not your friend.

Common sense is a much better prophylactic to disaster. If you see a dark alley with Russian mobsters in it, just walk past it. If you use a computer, install a firewall. If you see an American, it's probably too late anyway.

0
0

Re:Identity theft is not just for mobsters

@Andy

"I feel more comfortable with Russian mobsters knowing my name than I do with the American government obtaining my credit card reports without a warrant *just in case* I might be a terrorist."

The recently deceased Alexander Litvinenko might disagree with you if he were able.

Be careful who you have tea with....

0
0

Re:Identity theft is not just for mobsters

I agree with Andy... Internet shouldn't be regulated. And as for anonymity I use tor

http://tor.eff.org and privoxy that way nobody knows my real ip and I surf with js off and other

measures. And yet I'm always looking for that bit of an edge. anonymity just like security is never final. Want to be secure read some material on the subject then implement some of the ideas. Want to be anonymous again read some material on the subject then implement some or all of the ideas.

Simple as that...

If you want to make the net safer for Joe Average sell them an appliance that has those ideas implemented and running. Provide them some literature. Get decent spam blocking and recommend safer than usual mail clients. Recommend basic ideas on how to avoid getting infected etc...

In the past I've ran a win box for years without an av and never got infected by anything(I did run some live demos every few months). But that's been years ago and have since then moved fully to linux :) Yet I still follow those same ideas I was using on windows.

0
0

another windows exploit.

oh my yes another stupid windows exploit

news at 11 bah so what. I just blocked

a xss exploit from a major news corporation

there's more to life than calling trojans

viruses even though they aren't viruses.

Unless by virus you mean any malware

they force IE to download.

0
0

sic the RIAA on them...

If you have your (legally encoded) songs on your hard drive, the virus makes an illegal copy to the authors of the viruses... or so it claims.

At last we've found a use for the RIAA! Think how many thousands of illegal copies of songs the virus authors have initiated!

0
0

Re:Identity theft is not just for mobsters

Tony did sed:

> @Andy

>> I feel more comfortable with Russian mobsters knowing my name than I do with the American government obtaining my credit card reports without a warrant

> The recently deceased Alexander Litvinenko might disagree with you if he were able.

Litvinenko was killed by the Russian secret service, not the Russian mafia, dude.

0
0
This topic is closed for new posts.