Feeds

back to article We're making TOO MUCH CASH, say CryptoLocker scum in ransom price cut

The soaring price of BitCoin has prompted the cybercrooks behind the infamous CryptoLocker malware to reduce the levy they impose on victims from 2 BTC to 0.5 BTC. The reduced price scam was spotted in variants of the malware, which encrypts personal files on infected Windows PCs, spotted earlier this week by security firm F- …

COMMENTS

This topic is closed for new posts.
Meh

How nice of them

Will they be offering loyalty points next?

Sign up to our crypto-bot-net offer now - infect 1000 machines in the next month and we will be giving away sheeple bitstuff free!

3
1
Bronze badge
Holmes

If the spam problem were reduced, then this would be reduced, too

Excellent example of why the major email providers should actually try to disrupt the spammers' business models. It's the total volume of garbage that makes it easier for these sorts of crooks to run their scams.

My own suggestion remains integrated multi-round anti-spammer tools that would allow volunteers to disrupt every part of the spammers' infrastructure and pursue ALL of the spammers' accomplices. No, you better not give me a rope or a nuclear bomb, because I would push that button several times a second, but I really want to help with the targeting against the spammers.

Here's another trivial wrinkle that could be done with this approach: You could agree to let other spam fighters use your probable spam in their spam-fighting efforts. As I would like to set it, if I'm not online when spam arrives, other volunteers could compare it with their own fresh spam, and if two of them agree it's spam, then it would disappear from my spam folder or move from my inbox to the spam folder.

By the way, the reason freshness matters is because the spammers need time to reach the human suckers. If their dropboxes and websites are nuked before they can get any suckers, then their business model stops working so well.

1
2
Bronze badge

Re: If the spam problem were reduced, then this would be reduced, too

The solution to unsolicited junk email, IMHO, is to get off it and start charging money for email service. I suggest the sender pays 1¢ (or equivalent) per email sent between domains, split equally between the sender's and recipient's ISPs. (Intra-organizational email would be free.)

This has two positive effects: First, it requires that ISPs verify the identity of a sender so that they can bill them (or else they would have to pay other ISPs a 1/2¢ per email themselves.) And second, it destroys the spammer's business model; they can't spam-blast 10 million email addresses hoping for 1000 replies if it costs them $100,000 to do so.

You could even establish a bulk-class email system that still allows for free email, but its all marked "3rd class" and gets automatically routed to a Bulk Mail folder for your ease of ignoring.

0
1
Vic
Silver badge

Re: If the spam problem were reduced, then this would be reduced, too

> I suggest the sender pays 1¢ (or equivalent) per email sent

This does not work.

> they can't spam-blast 10 million email addresses hoping for 1000 replies if it costs them $100,000

But it doesn't cost them - spammers do not send spam from their own machines. They send it from zombies. So it costs someone else all that money.

All your proposal does is to make legitimate email users have to account for everything; the spammers are competely untouched by it.

Vic.

2
0
Bronze badge

Re: If the spam problem were reduced, then this would be reduced, too

But it doesn't cost them - spammers do not send spam from their own machines. They send it from zombies. So it costs someone else all that money.

Errr, right. That was my point exactly - SPAMing works now *because* it is free. What I'm suggesting is essentially postage stamps for email. If an email isn't stamped then it doesn't get delivered; it wouldn't matter what computer it came from. Obviously this would require new or vastly rewritten email protocols, but if that's what it is going to take...

0
0
Vic
Silver badge

Re: If the spam problem were reduced, then this would be reduced, too

> That was my point exactly

I hope not, because you'd be arguing against yourself if it was...

> SPAMing works now *because* it is free.

And spamming will *continue* to be free under your proposal.

> If an email isn't stamped then it doesn't get delivered;

And all spam will be stamped, so it will be delivered. But it won't be the spammers who pay for those stamps; they'd be stolen from the computer's owner.

> Obviously this would require new or vastly rewritten email protocols

Yes. You'll have to strip out the entirety of the email system.

> but if that's what it is going to take...

It won't take that because your suggestion simply will not work. The spammers will steal credit in the way they currently steal bandwidth from unsuspecting users. Spam levels will not decrease in the slightest; your proposal simply adds bueaucracy to legitimate users without benefiting them in any way.

Vic.

0
0
Bronze badge

Re: If the spam problem were reduced, then this would be reduced, too

It won't take that because your suggestion simply will not work. The spammers will steal credit in the way they currently steal bandwidth from unsuspecting users. Spam levels will not decrease in the slightest; your proposal simply adds bueaucracy to legitimate users without benefiting them in any way.

The reason you're not flooded with the equivalent volume of junk snail-mail as you are email is that it costs money to print and deliver it all. I only propose to make junk email as equally an unattractive method.

With the proper PKI and protocols in place, I think it is possible to do so, and at a minimum of cost to the legitimate email user. If you disagree then I guess we'll just have to disagree since we are arguing in the hypothetical.

0
0
Vic
Silver badge

Re: If the spam problem were reduced, then this would be reduced, too

> I only propose to make junk email as equally an unattractive method.

I understand exactly what you're trying to do.

What I'm trying to explain to you is that your proposal does not achieve this. Not even slightly.

Spam is sent from compromised machines. If those machines have credit to send legitimate email, then they have credit to send spam.

So you either make email availably only to the rich (by pricing it so highly that everyday users can't afford it), or you end up with compromised machines holding credit to send spam.

And so those compromised machines will send that spam, with the *machine owners* footing the bill. The spammers get their spam out without paying a penny.

The end result? No decrease in spam, but problems with ham. This is the worst of all possible worlds.

> we'll just have to disagree since we are arguing in the hypothetical.

But this isn't just hypothetical; the micro-payment idea has been touted and dismissed more times than I'd care to count. It doesn't work, it won't work. It even has its own entry in the FUSSP list.

Vic.

0
0
Bronze badge

Re: If the spam problem were reduced, then this would be reduced, too

But this isn't just hypothetical

So you have a duplicate copy of the Internet somewhere so we can test this? If not, it's hypothetical.

Spam is sent from compromised machines. If those machines have credit to send legitimate email, then they have credit to send spam.

Users would have the credit, not thier computers. Compromised machines would still have to sign the email before it would be accepted by mail servers so they'd have to also obtain the user's signing certificate first.

0
0
Vic
Silver badge

Re: If the spam problem were reduced, then this would be reduced, too

> If not, it's hypothetical.

ISTR Microsoft and Yahoo! both attempted this quite a few years ago. Just because you don't know about something, that doesn't mean it didn't happen.

> Users would have the credit, not thier computers

And what form will that credit take? It will be accessible from the computer - because otherwise, users won't be able to send it. You won't be pulling out the credit card and doing the 3D-sec login for each and every email, because that is unworkable and no-one will use it. So the computer will have access to that credit. And that means that spammers will have access to that credit on compromised computers.

> Compromised machines would still have to sign the email

Big deal. The computer will have the capability to sign email.

> they'd have to also obtain the user's signing certificate first.

The computer will be compromised. That means the malware will be able to do anything the legitimate mail client will be able to do. And that means it will be able to send email.

The spammers win. Continuing to support this daft proposal isn't helping anyone. Search for the term "FUSSP" to see why. This has been done to death on many occasions; a little research will save you a lot of embarrassment.

Vic.

0
0
Bronze badge

Re: If the spam problem were reduced, then this would be reduced, too

The transfer of millions, if not billions, of dollars is securely processed over the Internet each day with hardly any direct human intervention. I just don't see why email can't be secured using similar technologies.

0
0
Vic
Silver badge

Re: If the spam problem were reduced, then this would be reduced, too

> I just don't see why email can't be secured using similar technologies.

It's astronomically simple.

If you have to get your credit card out for every single mail you send, you'll stop sending email. If you have to key in a PIN for every post, you'll have precious little contact with other people.

So what will happen? Email clients will hold credit, and pay for emails in hundreds or thousands at a time - after all, transaction fees are going to dominate if you're paying in anything less than that quantity. Paying 50p in fees to process a 0.1p payment is just daft.

So we now have an email client with sufficient credit to send a significant number of emails - either spam or ham.

If you think you can secure Joe Punter's machine against malware that can take over that client, then I fear you may have an inflated opinion of your capabilities. And if you can't, then the spam will keep on flowing in spite of the oppressive payment scheme you're proposing.

Vic.

0
0

Re: If the spam problem were reduced, then this would be reduced, too

>"My own suggestion remains integrated multi-round anti-spammer tools that would allow volunteers to disrupt >every part of the spammers' infrastructure "

YOU OBVIOUSLY DO NOT HAVE A CLUE! Any volunteers would not have the expertise to correctly report the REAL culprits. Totally clueless comment!

0
0
Silver badge

So what you are saying is...

...these ransomeware dealers have more honour than the likes of British Gas and the other utility companies.

12
0

Re: So what you are saying is...

I was thinking about this: Seeing as these guys clearly know how to use encryption properly, couldn't we could kill two birds with one stone, and get Adobe to legitimately hire them?

4
0
Silver badge

Good News

Now, since they seem to have the same business model as the Cryptolocker crowd, can we expect the car clamping firms that infest our cities to be shamed into reducing their fees?

5
0
Silver badge

The thing that gets me...

Is that people are actually paying the ransom!

1
1
Silver badge

Re: The thing that gets me...

Well, if they didn't back up their data, and they need that data, they have literally no other option.

That's kind of the whole point of it.

3
0
Silver badge

Re: The thing that gets me...

Who doesn't back up valuable data?

0
0
Silver badge

Re: Who doesn't back up valuable data?

Easy : idiots.

Their numbers are uncountable.

I cannot count the number of times I have told people to back up their data. In the best case, the response I get is "yeah, I know, I'll get to it". Then, six months later, I hear that they are in a spat of trouble because their PC went down and they . . didn't have a backup.

The worst part is that some of these people, the ones who have already HAD the problem, felt the pain and KNOW the solution, STILL don't backup their data.

There truly is no cure for stupidity.

4
0
Silver badge

Re: The thing that gets me...

Idiots. Their numbers are overwhelming.

0
0

Re: The thing that gets me...

http://forums.theregister.co.uk/forum/1/2013/09/23/data_backup_column/

Gene Cash

Re: Speaking as a humble home user

"There are two types of people:

Those that make backups.

And those that have yet to lose irreplaceable data."

"You don't convince family members to take periodic backups. Repeated, tragic data loss convinces family members to take periodic backups. Same as everyone else."

0
0
Bronze badge
Coat

Re: The thing that gets me...

isn't that from Douglas adams....?

P.

0
0
Anonymous Coward

this doesn't make business sense

given the nature of the "business", i.e. that it's short-lived, and the growing risk of the Big Boys (e.g. FBI and NSA) turning their sharp gaze to the scam, it would make sense to maximize the profits while their day lasts. Unless the sudden increase in bitcoin value tips the balance in favour of "fuck those files, I can't afford to pay that much!".

0
2
Bronze badge

Re: this doesn't make business sense

Unless the sudden increase in bitcoin value tips the balance in favour of "fuck those files, I can't afford to pay that much!".

I assume that's exactly it. Obviously they could have demanded even more money from the start, but they must have decided low hundreds struck the right balance being being a good amount of money and being low enough that people would pay. As long as there are more then four people willing to pay $400 for their data for every one willing to pay $1600, they come out ahead, and I would guess this is in fact the case.

0
0
Anonymous Coward

how to profit on bitcoin

Buy shitload of bitcoins. Hire people to run a cyberscam. Wait. Let the scammers collect their share. Collect your profit by selling the shitload of bitcoins.

Wait, this is not some legitimate business, is it?! Cause it looks sooooo mainstream....

1
0
Bronze badge

Re: how to profit on bitcoin

I have visions of those nice record labels or movie studios using this as a way of being given permission to scan all the files on your hard drive to track down those naughty freeloading pirates while making money out of it.

0
0
Bronze badge

Just when governments start closing tax havens down, along comes Bitlocker

The supply of new Bitcoins is rationed to prevent inflation by excessive growth of money supply.

But IF the supply of Bitcoins is not that high yet, and a scam like ransomware comes along and boosts demand for Bitcoins greatly, that leads to out-of-control Bitcoin inflation from excessive demand.

Oh well, that is life. A more serious problem is the tax haven and black market problem.

Just when governments start closing tax havens down, along comes Bitlocker.

I imagine the mega rich and powerful, those with inherited wealth plus despotic dictators and corrupt government officials around the world, will lobby to keep Bitlocker outside of taxation rules and regulations -- we can't have the mega rich paying their fair share for the national services and assets they consume.

I like privacy on the web. I like the idea of legalized marijuana. But even more I dislike the mega rich, idle rich, and mega corrupt not paying their way in society.

1
0
Silver badge

I think the mega-rich and powerful view Bitlocker as pocket money.

They are lobbying for easier transit rules and less tax on drugs, petrol, gas and/or weapons imports/exports, and they laugh at the notion that would think them interested in mere millions.

They don't even get up in the morning before their first billion (of the day).

0
0
Bronze badge

Re: Just when governments start closing tax havens down, along comes Bitlocker

Bitlocker is the hard drive encryption system that comes with professionals versions of Windows. What are you talking about?

0
0
Bronze badge

I got an email from Kaspersky today that they've got two free decryption tools for ransomware

I got an email from Kaspersky today announcing they've created two free decryption tools for ransomware.

They're XoristDecryptor and RectorDecryptor and they're here:

http://support.kaspersky.com/viruses/disinfection/2911

http://support.kaspersky.com/viruses/disinfection/4264

1
1

Re: I got an email from Kaspersky today that they've got two free decryption tools for ransomware

Except they are not decryption tools are they? (not criticising you, the names they have given them are misleading)

They just block the ransomware from executing, If you've already had your data encrypted there's nothing they can do about it. (Happy to be corrected if I'm wrong about this).

1
0
Silver badge

I'd find that information a lot more interesting if their Rescue Disk actually worked.

When I tried it last month on a PC I had been given to repair (Windows was borked - again), it didn't even boot properly.

Neither did any other vendor's Rescue Disk, for that matter.

Thank God formatting & reinstalling still work.

0
0
Anonymous Coward

Clearly they lowered the price so people are more likely to pay it...

1
0

Microsoft needs to take the blame for these things. Why? Because of the brain-dead default setting in every version of Windows that I've seen, which is to 'hide file extensions of well known file types'. So the mark sees a file that looks like file.pdf when in reality it is file.pdf.exe ...

10
0
Silver badge

I agree wholeheartedly with you, and have been saying much the same thing since they introduced the bloody option.

Except for one thing : I'm pretty sure that in most cases, even if users saw the proper extension, they'd still click it.

1
0
Bronze badge

Don't forget a kick in the bum for the email clients. The default behaviour should be to rename any executable if it's "saved" from an email.

"CrypoLocker.pdf.exe.RENAMED" would be a novelty for viruses researchers rather than a real problem for average-Joe computer users.

0
0
Silver badge

I think it would be better to make sure that the full filename is shown by the email client (since that's where it's run from), independent of any setting in Explorer. I forget off hand what various email clients do on Windows (including say, Thunderbird)...

How do other OSs handle this btw, since the filename on other platforms gives no clue whatsoever about the executable status?

0
0
Vic
Silver badge

> How do other OSs handle this btw

You already did this last week

Vic.

1
0
Silver badge

And I'm still waiting for more answers :) Thanks for yours, but I was curious to see if anyone else had an input, especially as there are other OSes too than Linux. This is not a problem that has magically been solved since last week.

In this case, it wasn't a raw exe, but distributed as a zip. So because people have got used to exes being blocked in email, they're used to having to unzip it. I don't see that as harder than doing right click and select it to be executable (as can be done on Ubuntu) - if Windows used that method, the knowledge to do that would be commonplace too. So I still don't see that Linux (at least, versions which allow the bit to be set via the GUI) to be better. (OOI, are executable bit settings always lost when archived and downloaded on Linux?)

One answer is to make it really hard for average users to run an executable at all, though this has to be balanced with all the criticisms that Windows then gets for daring to make it slightly harder (e.g., Apple and its fans ridiculing it for having to click "Allow" - so imagine if people had to type commands for example). Windows 8 makes it harder still, e.g., applications downloaded from webpages don't run at all if deemed "untrusted" unless you go to an advanced tab to allow it. They could go further an make it so it doesn't run at all unless they run a command on it, but then that's frustrating for developers like myself who distribute free software, and need to explain to average users how to type in commands to get it to work...

There is also the problem that as restrictions on all executables are added, users simply learn the ways round them too.

0
0

I keep sayin'

Business email clients should allow only a small number of defined OPEN file types (limited in functionality).

Got a fancy 3D PDF with hidden stuff ? here have this blackhole.

Zip with EXE same.

At home if you feel at risk go to your ISP transport rules and select "business type mail only" until the threat has passed.

We accept all manner of shite in email, it should not be sent but beyond that it should never arrive.

0
0
Bronze badge
Pint

copy on write...

would copy on write solve this problem? I mean anyone had experience of this in Linux?

I went to the LTO tape talk at SC13, and feel a tape drive in my future....

P.

0
0
Gold badge

"My own suggestion remains integrated multi-round anti-spammer tools that would allow volunteers to disrupt every part of the spammers' infrastructure and pursue ALL of the spammers' accomplices. "

You already can disrupt the spammer's infrastructure, if you have the skill to break into it, and are perfectly free to pursue their accomplices as well. I'm sure not going to stop you. Here in the US, you are even allowed to DIRECTLY take them to court and demand damages (instead of reporting them to the FTC and having the FTC do nothing with spam reports, which is what most people do.) If they are stupid enough to spam from the US (and don't pay the settlement), you can then send martials out to take their stuff until you get enough to cover the settlement; if they don't have enough stuff you can put liens on their buildings and vehicles.

Anyway *shrug*. My Gmail doesn't seem to get much spam (other than EBay's psuedo-spam... why would I want to be told "There are 179 items I may be interested in this week". Umm, no, shotgunning out hundreds of products is not a way to get anyone interested in anything.) I started running a Bayesian filter on my other E-Mail account over 10 years ago and it works great too. And I'm, you know, NOT RUNNING WINDOWS so I am not succeptable to worms and viruses.

0
0
This topic is closed for new posts.