I find it hard to imagine having thousands of important files on my computer and no backup. It simply boggles the mind. But then, smart enough to have backup is smart enough to avoid scamware.
Bitcoin ransomware racket makes bank
Criminals appear to be pocketing hundreds of thousands of dollars with upgraded Cryptowall ransomware that has encrypted scores of hard drives across Britain, America and Australia demanding victims pay hefty Bitcoin ransoms. The ransomware was foisted on victims through sneaky malvertising through unsuspecting big ticket …
-
-
Tuesday 10th June 2014 05:13 GMT Busby
"smart enough to have backup is smart enough to avoid scamware"
Apologies in advance as I'm sure to give offence but that is one of the most fucking idiotic comments I've read this month.
I can assure you intelligence has SFA to do with being stung. Don't get me wrong stupid people are probably more at risk than average joe but I've seen plenty of people I consider to be very sharp caught out.
-
Tuesday 10th June 2014 06:18 GMT dan1980
@Sureo
". . . smart enough to have backup is smart enough to avoid scamware."
Sure, if 'smart enough' was all that was required. Unfortunately it isn't. What you really need is to be is:
- smart enough to understand the risks,
- up-to-date enough to know that the threat exists in the first place,
- vigilant enough to watch for any suspicious sites/activity,
- thorough enough to be on-top-of all security patches and definition updates, and
- ruthless enough to forbid anyone else to use your PC and to close access to all shares. (Remember - it will attack networked storage as well!)
I know plenty of folks who backup to USB hard drives but yet don't know the difference between a search engine and a web browser or the search field and the address bar.
-
Tuesday 10th June 2014 06:35 GMT big_D
Assuming the encryption is noted quickly and you haven't had it slowly growing in your backup cycle, so that key files are encrypted in your backups as well.
I keep 5 different backups on 5 different devices, some offline, some online and on different schedules. But I've also seen companies that assume a mirrored server with mirrored RAID arrays >= Backup!
It didn't require an encrypted bitcoin ransom to wake them up, the primary server corrupted itself and mirrored the corruption straight away, before anybody noticed! The admin even had the idea of tar-and-zip the database dumps, but they were just mirrored to the secondary server and were never stored offline!
-
Tuesday 10th June 2014 10:16 GMT Graham Marsden
@Sureo
> smart enough to have backup is smart enough to avoid scamware.
I wouldn't be too smug if I were you.
I'm pretty clued up on this stuff, my system is well firewalled and virus protected, I have good spam filters, I run ghostery, NoScript, Flashblock, I keep regular backups etc etc, yet still, a few weeks ago, I almost got taken in by a phishing e-mail because I had been expecting a message from $site and this one came in at virtually the same time and it came from a well faked domain name that was so close to the original so I didn't spot the substitution.
Fortunately what saved me was the fact that my browser *didn't* auto-fill the log-in details because it didn't recognise the substituted domain name, but, had I been distracted, I could have logged in and given away my details.
So although, like you, I may have been thinking "I'm not going to be caught by these scams" that was a saultary wake-up call that you can't let your guard down *ever*.
-
Tuesday 10th June 2014 10:36 GMT VinceH
Re: @Sureo
Quite. Although I haven't come that close to falling for a phishing scam, I have had to read the odd few a second time before deleting because of just how good they were - instead of "Phish - delete" they were more "Phish - del...oh, hang on... no, I was right first time - delete."
I can therefore easily imagine some otherwise intelligent people being fooled.
-
Tuesday 10th June 2014 12:18 GMT big_D
Re: @Sureo
And that is why I never clink on a link in an email, unless it is registration confirmation or I've just requested a password reset.
I always go to the domain first, then either navigate to the relevant page or paste in the tail of the URL.
I nearly had a heart attack last week, when I got a scam mail, because it mentioned my UK bank and an international transfer over over 2K. It was only on second glance that I realised it was a payment INTO my bank (but different A/c number) from a German bank I don't bank with. Phew!
-
-
Tuesday 10th June 2014 07:46 GMT David Roberts
Air gap!
I wonder how many people who do backup their files also keep the backup medium disconnected apart from during the backup?
It just doesn't fit with any automated backup manager and overnight backup strategy.
It doesn't fit with any strategy using NAS.
In the "good old days" when you could fit your backup onto tape or CD you could have your rack of media and even an off site backup if you were really paranoid.
Now disc storage is so huge that old style backup strategies don't really work and I would guess that most people who back up regularly are still at risk.
Small businesses especially so where you probably don't get backups unless someone has automated the whole thing. Manual backup procedures are unlikely to be correctly followed until after the first big disaster.
Finally, if you improve your backup strategy the malware will just wait a bit longer before attacking to ensure that it has had time to infect all your backups, or at least infect enough crucial current data that you have to pay.
-
Tuesday 10th June 2014 08:04 GMT adnim
Is it so hard
for IT professionals to think like consumers?
I have deleted dozens of these emails from my inbox...emails along the lines of tax refunds, cant deliver a parcel, your invoice is attached, you have been billed for..., thank you for your payment etc.
All mails contain zipped attachments with an exe inside the zip. I know what they are immediately because I do IT, I read things about IT, I play with malware on a VM.
When the FBI took control of some C&C servers it was news worthy for a day. If a lay person did not see the news on that day where else would they get a warning from? I don't read national newspapers of any kind so cannot comment on the coverage in the tabloids and broadsheets.
Clued up IT people are in the minority. Ill informed consumers are the vast majority.
Email users unaware of such scams see the email and are either concerned or curious about the contents because of the subject line. So they open the zip and run the contents.
-
Tuesday 10th June 2014 09:50 GMT Anonymous Coward
Re. Crypto-Malware
2048 bit encryption is more of an inconvenience, if you know the approximate contents of the file it is relatively simple to figure out the key used.
As it turns out most if not all of these cryptomalwares assume that the victims don't have a copy of the file somewhere else ie on DVDR or BDR backup, with which it is a matter of using a custom GPU rig similar to the one for mining Bitcoins to reverse the code.
Obviously with a quantum computer it is even easier than that but that would be tricky as most of these are owned by Governments although work on my version is progressing well.
If someone on here happens to have any Y123 or Y268 powder or scrap ceramic they have spare it would be useful.
-
Tuesday 10th June 2014 10:28 GMT Anonymous Coward 101
Re: Re. Crypto-Malware
"Obviously with a quantum computer it is even easier than that but that would be tricky as most of these are owned by Governments although work on my version is progressing well."
Please keep us informed on the progress of your quantum computer!
My time machine is coming along well. If you have any flux capacitors or underpowered 80's sports cars going spare that would be useful.
-
Tuesday 10th June 2014 11:45 GMT Anonymous Coward
Re: Re. Crypto-Malware
"2048 bit encryption is more of an inconvenience, if you know the approximate contents of the file it is relatively simple to figure out the key used."
I sincerely hope you jest. Cryptanalysts are well aware of Known Plaintext Attacks. Most algorithms are hardened against it. Just for 56-bit Single-DES, even given the plaintext and the ciphertext, using top-end GPU hardware, you'd still be looking in the neighborhood of days, if not weeks, to obtain the key unless you're lucky. AES, even now, is considered computationally infeasible for the KPA.
-
Tuesday 10th June 2014 19:33 GMT lotus49
Re: Re. Crypto-Malware
What utter rubbish.
First of all, 2048 bit keys are used in asymmetric key cryptography whereas trojans such as these use symmetric key encryption like AES where 256 bits would be a very strong key.
Secondly, you cannot just play these backwards and extract the key so even knowing the exact plaintext (let alone a rough approximation) will not allow you easily to recover the key.
-
-
Tuesday 10th June 2014 14:20 GMT Anonymous Coward
Air-gapped backups of critical data ..
"El Reg strongly recommends users maintain air-gapped backups of critical data as synchronised cloud backups which could also be affected"
What click-and-install-malware Operating System does this ransomware run on ?
-------
'Bitcoin, Cisco, Criminals, CryptoDefence, Cryptowall, eBay., encrypted, Facebook, Flash, Java, malvertising, malware, ransomware, RIG, RSA-2048, Silverlight, TOR' ..
-
Tuesday 10th June 2014 18:25 GMT Anonymous Coward
Re. time machine
Yeah, the quantum computer would have to run in a self contained region of subspace time to get around the decoherence issue, simplez.
Turns out that noise from solar axion flux is why these are so tricky to get working for more than 64 qubits, the higher the density the worse it gets.
D-Wave wouldn't return my emails when I asked them if they had run into this problem so am pretty sure they haven't fixed it yet.
Its not that hard, if you use a closed timelike curve then the region inside is insulated, as the chip is millikelvins above absolute zero anyway shielding it further will allow the qubits to function for a very long time (ie decades of virtual time) so the size of the problem is no longer a factor.
-
Thursday 12th June 2014 06:34 GMT Anonymous Coward
Re. Don't pay up
Its actually worth holding onto the drive(s) affected, at some point when the database gets recovered all the data held on the Cryptowrecked drives are going to be recoverable
The standard procedure if you can't afford the recovery costs on a crashed HDD is to put it in a drawer, in an antistatic bag with a label on it showing the problem and recovery costs.
I've found drives from 2002 which this has been done to and with modern software a lot of unfixable firmware related issues can be easily repaired.
Throwing away/destroying the drive is stupid because Moore's Law ensures that eventually the data will be recoverable (say 2019) so those precious irreplaceable pictures and movies can be brought back.