back to article Bitcoin ransomware racket makes bank

Criminals appear to be pocketing hundreds of thousands of dollars with upgraded Cryptowall ransomware that has encrypted scores of hard drives across Britain, America and Australia demanding victims pay hefty Bitcoin ransoms. The ransomware was foisted on victims through sneaky malvertising through unsuspecting big ticket …

COMMENTS

This topic is closed for new posts.
  1. Sureo

    I find it hard to imagine having thousands of important files on my computer and no backup. It simply boggles the mind. But then, smart enough to have backup is smart enough to avoid scamware.

    1. P. Lee

      > But then, smart enough to have backup is smart enough to avoid scamware.

      Assuming it isn't a shared computer.

    2. Busby

      "smart enough to have backup is smart enough to avoid scamware"

      Apologies in advance as I'm sure to give offence but that is one of the most fucking idiotic comments I've read this month.

      I can assure you intelligence has SFA to do with being stung. Don't get me wrong stupid people are probably more at risk than average joe but I've seen plenty of people I consider to be very sharp caught out.

    3. dan1980

      @Sureo

      ". . . smart enough to have backup is smart enough to avoid scamware."

      Sure, if 'smart enough' was all that was required. Unfortunately it isn't. What you really need is to be is:

      • smart enough to understand the risks,
      • up-to-date enough to know that the threat exists in the first place,
      • vigilant enough to watch for any suspicious sites/activity,
      • thorough enough to be on-top-of all security patches and definition updates, and
      • ruthless enough to forbid anyone else to use your PC and to close access to all shares. (Remember - it will attack networked storage as well!)

      I know plenty of folks who backup to USB hard drives but yet don't know the difference between a search engine and a web browser or the search field and the address bar.

    4. big_D Silver badge

      Assuming the encryption is noted quickly and you haven't had it slowly growing in your backup cycle, so that key files are encrypted in your backups as well.

      I keep 5 different backups on 5 different devices, some offline, some online and on different schedules. But I've also seen companies that assume a mirrored server with mirrored RAID arrays >= Backup!

      It didn't require an encrypted bitcoin ransom to wake them up, the primary server corrupted itself and mirrored the corruption straight away, before anybody noticed! The admin even had the idea of tar-and-zip the database dumps, but they were just mirrored to the secondary server and were never stored offline!

    5. Graham Marsden

      @Sureo

      > smart enough to have backup is smart enough to avoid scamware.

      I wouldn't be too smug if I were you.

      I'm pretty clued up on this stuff, my system is well firewalled and virus protected, I have good spam filters, I run ghostery, NoScript, Flashblock, I keep regular backups etc etc, yet still, a few weeks ago, I almost got taken in by a phishing e-mail because I had been expecting a message from $site and this one came in at virtually the same time and it came from a well faked domain name that was so close to the original so I didn't spot the substitution.

      Fortunately what saved me was the fact that my browser *didn't* auto-fill the log-in details because it didn't recognise the substituted domain name, but, had I been distracted, I could have logged in and given away my details.

      So although, like you, I may have been thinking "I'm not going to be caught by these scams" that was a saultary wake-up call that you can't let your guard down *ever*.

      1. VinceH

        Re: @Sureo

        Quite. Although I haven't come that close to falling for a phishing scam, I have had to read the odd few a second time before deleting because of just how good they were - instead of "Phish - delete" they were more "Phish - del...oh, hang on... no, I was right first time - delete."

        I can therefore easily imagine some otherwise intelligent people being fooled.

      2. big_D Silver badge

        Re: @Sureo

        And that is why I never clink on a link in an email, unless it is registration confirmation or I've just requested a password reset.

        I always go to the domain first, then either navigate to the relevant page or paste in the tail of the URL.

        I nearly had a heart attack last week, when I got a scam mail, because it mentioned my UK bank and an international transfer over over 2K. It was only on second glance that I realised it was a payment INTO my bank (but different A/c number) from a German bank I don't bank with. Phew!

  2. William Donelson

    What's the problem>?

    WINDOWS.

  3. David Roberts

    Air gap!

    I wonder how many people who do backup their files also keep the backup medium disconnected apart from during the backup?

    It just doesn't fit with any automated backup manager and overnight backup strategy.

    It doesn't fit with any strategy using NAS.

    In the "good old days" when you could fit your backup onto tape or CD you could have your rack of media and even an off site backup if you were really paranoid.

    Now disc storage is so huge that old style backup strategies don't really work and I would guess that most people who back up regularly are still at risk.

    Small businesses especially so where you probably don't get backups unless someone has automated the whole thing. Manual backup procedures are unlikely to be correctly followed until after the first big disaster.

    Finally, if you improve your backup strategy the malware will just wait a bit longer before attacking to ensure that it has had time to infect all your backups, or at least infect enough crucial current data that you have to pay.

  4. adnim

    Is it so hard

    for IT professionals to think like consumers?

    I have deleted dozens of these emails from my inbox...emails along the lines of tax refunds, cant deliver a parcel, your invoice is attached, you have been billed for..., thank you for your payment etc.

    All mails contain zipped attachments with an exe inside the zip. I know what they are immediately because I do IT, I read things about IT, I play with malware on a VM.

    When the FBI took control of some C&C servers it was news worthy for a day. If a lay person did not see the news on that day where else would they get a warning from? I don't read national newspapers of any kind so cannot comment on the coverage in the tabloids and broadsheets.

    Clued up IT people are in the minority. Ill informed consumers are the vast majority.

    Email users unaware of such scams see the email and are either concerned or curious about the contents because of the subject line. So they open the zip and run the contents.

  5. Anonymous Coward
    Anonymous Coward

    Would love to know...

    If any of these Crypto-Malware treasures show up the task list or processes list or active services etc? If so what names do they use? This must eat CPU....

  6. Anonymous Coward
    Anonymous Coward

    "El Reg recommends air-gapped backups as cloud backups could also be affected"

    Ah, the joys of the Cloud-Fog, just as vulnerable...

  7. Anonymous Coward
    Anonymous Coward

    Re. Crypto-Malware

    2048 bit encryption is more of an inconvenience, if you know the approximate contents of the file it is relatively simple to figure out the key used.

    As it turns out most if not all of these cryptomalwares assume that the victims don't have a copy of the file somewhere else ie on DVDR or BDR backup, with which it is a matter of using a custom GPU rig similar to the one for mining Bitcoins to reverse the code.

    Obviously with a quantum computer it is even easier than that but that would be tricky as most of these are owned by Governments although work on my version is progressing well.

    If someone on here happens to have any Y123 or Y268 powder or scrap ceramic they have spare it would be useful.

    1. Anonymous Coward 101

      Re: Re. Crypto-Malware

      "Obviously with a quantum computer it is even easier than that but that would be tricky as most of these are owned by Governments although work on my version is progressing well."

      Please keep us informed on the progress of your quantum computer!

      My time machine is coming along well. If you have any flux capacitors or underpowered 80's sports cars going spare that would be useful.

    2. Steven Raith

      Re: Re. Crypto-Malware @AC with his quantum computer

      Fuck me, is it school holiday time again?

      Edit: AC101, I spent my whole life making a time machine, and got it working when I was 70. I came back in time to last week and told myself not to bother as I'd totally wasted my life on it.

    3. Anonymous Coward
      Anonymous Coward

      Re: Re. Crypto-Malware

      "2048 bit encryption is more of an inconvenience, if you know the approximate contents of the file it is relatively simple to figure out the key used."

      I sincerely hope you jest. Cryptanalysts are well aware of Known Plaintext Attacks. Most algorithms are hardened against it. Just for 56-bit Single-DES, even given the plaintext and the ciphertext, using top-end GPU hardware, you'd still be looking in the neighborhood of days, if not weeks, to obtain the key unless you're lucky. AES, even now, is considered computationally infeasible for the KPA.

    4. lotus49

      Re: Re. Crypto-Malware

      What utter rubbish.

      First of all, 2048 bit keys are used in asymmetric key cryptography whereas trojans such as these use symmetric key encryption like AES where 256 bits would be a very strong key.

      Secondly, you cannot just play these backwards and extract the key so even knowing the exact plaintext (let alone a rough approximation) will not allow you easily to recover the key.

  8. Anonymous Coward
    Anonymous Coward

    Air-gapped backups of critical data ..

    "El Reg strongly recommends users maintain air-gapped backups of critical data as synchronised cloud backups which could also be affected"

    What click-and-install-malware Operating System does this ransomware run on ?

    -------

    'Bitcoin, Cisco, Criminals, CryptoDefence, Cryptowall, eBay., encrypted, Facebook, Flash, Java, malvertising, malware, ransomware, RIG, RSA-2048, Silverlight, TOR' ..

  9. Anonymous Coward
    Anonymous Coward

    Re. time machine

    Yeah, the quantum computer would have to run in a self contained region of subspace time to get around the decoherence issue, simplez.

    Turns out that noise from solar axion flux is why these are so tricky to get working for more than 64 qubits, the higher the density the worse it gets.

    D-Wave wouldn't return my emails when I asked them if they had run into this problem so am pretty sure they haven't fixed it yet.

    Its not that hard, if you use a closed timelike curve then the region inside is insulated, as the chip is millikelvins above absolute zero anyway shielding it further will allow the qubits to function for a very long time (ie decades of virtual time) so the size of the problem is no longer a factor.

  10. Stifler

    Don't pay up

    I know of a firm that paid a .6 Bitcoin ransom to unlock their important files in early 2014. The hacker did not respond. Fortunately, some files were recovered from a backup.

  11. Anonymous Coward
    Anonymous Coward

    Re. Don't pay up

    Its actually worth holding onto the drive(s) affected, at some point when the database gets recovered all the data held on the Cryptowrecked drives are going to be recoverable

    The standard procedure if you can't afford the recovery costs on a crashed HDD is to put it in a drawer, in an antistatic bag with a label on it showing the problem and recovery costs.

    I've found drives from 2002 which this has been done to and with modern software a lot of unfixable firmware related issues can be easily repaired.

    Throwing away/destroying the drive is stupid because Moore's Law ensures that eventually the data will be recoverable (say 2019) so those precious irreplaceable pictures and movies can be brought back.

This topic is closed for new posts.

Other stories you might like