back to article Hi! You've reached TeslaCrypt ransomware customer support. How may we fleece you?

The TeslaCrypt ransomware gang raked in $76,500 in around 10 weeks, according to new research into the scam. TeslaCrypt, which was distributed through the widely-used Angler browser exploit kit, was first spotted in February 2015 by security researchers at Dell SecureWorks. After encrypting popular file types on compromised …

  1. jason 7

    Cryptoprevent

    from foolishit.com.

    Works a treat. I've installed it on several machines for customers and its saved three of them so far from being wiped out.

    Even the free version after 6 months without being updated meant one only lost about 15% of their data rather than everything. That was after they bothered to tell me after they noticed it happen two weeks before! I guess they hoped it would just 'go away'.

    https://www.foolishit.com/cryptoprevent-malware-prevention/

    Worth buying a license or two for those in the firm that like to click on everything (you know the ones). Just check your spam filter due to the name...

    1. mythicalduck
      FAIL

      Re: Cryptoprevent

      >from foolishit.com

      First time I read this I read "Fool o sh*t .com" (as a play on fools and "full of sh*t"... Then I noticed it had an I instead of an O.

      Wasn't till I went to the site that I saw it was "Foolish"

      Could do with better marketing :)

      Fail icon - not sure if for me or the fools in sh*t?

      1. jason 7

        Re: Cryptoprevent

        Yeah I think the Reg did an interview with the guy a couple of years ago and he said he didn't realise till after the event but decided it was too late and stuck with it.

        Bit like when I see 'therapist' (or analrapist ha) in a URL or email addy.

        1. Keith Bee

          Re: Cryptoprevent

          I seem to remember there was also kidsexchange.org too

  2. Boris the Cockroach Silver badge

    How

    about GCHQ/NSA doing their job and tracking down these bastards and giving their address to a suitable law enforcement agency.

    Sounds a better use of their resources than listening to everyone's mail looking for the words 'nuclear' 'bomb' 'jihad' and 'tommorrow'

  3. David Lawrence

    How

    Upvote for Boris - well said. This is the 21st century so we should be able to track them down.

    It's not totally clear how Cryptolocker gets onto one's computer in the first place..... is it....a) User gets clever 'social engineering' email and foolishly clicks on a link it contains or b) User is browsing really dodgy, NSFW sites which they know darned well they shouldn't be looking at, and picks up a nasty infection dropped onto an unprotected PC which doesn't have all the latest updates installed or c) User is illegally downloading free warez because they don't want to pay for their software, and download somethign with a nasty payload in it.

    I know I will get downvotes for this but either way they must be mouth-breathing knuckle-draggers who need to try harder so it is quite difficult to empathise.

    1. jason 7

      Re: How

      From what I've been able to find out 'after the event' it seems these mostly come in via email attachments marked 'Resume' or similar.

      The people I've seen hit all use outlook or an email client that hooks up to a email server (run/admin by the guy in his bedroom that manages their cheap hosting too) with little or no filtering. Quite common in small business circles.

      Folks who run their email through the likes of Gmail etc. appear to get all that filtered out.

    2. Amorous Cowherder
      Facepalm

      Re: How

      I was with you until your final patronising paragraph. Have you ever descended from your ivory tower to walk among the mortals of this earth?

      Normal PC users see a PC as a gadget, like a fridge or a washing machine. The PC is simply a tool that does stuff and much like their car, when it stops doing stuff it's supposed to Joe Public needs help. I've worked in IT for close on 30 years, it's my life career I know how much of a pain in the arse computers are but I also have a good idea where to start looking to sort stuff out. If my plumbing or my car starts playing up I might have an idea but I don't have the skills or the tools to fix complicated problems, it's not my job so I hire a plumber or a mechanic to look at it. I trust someone with the skills in that area, that I don't know. Non techies hire people like us. Yes they make some fucking stupid decisions and abuse the PC but can you honestly tell me you've never done anything stupid with things outside IT? I know I have.

      1. jason 7

        Re: How

        " If my plumbing or my car starts playing up I might have an idea but I don't have the skills or the tools to fix complicated problems, it's not my job so I hire a plumber or a mechanic to look at it. I trust someone with the skills in that area, that I don't know."

        Brother! Where have you been!"

        I say the exact same thing to my customers when they look at me all embarrassed about something that they really wouldn't be expected to have a clue about.

        In fact I had to make a promise to my plumber to never ever touch the plumbing again after I had a go...

      2. Lysenko

        Re: How

        "The PC is simply a tool that does stuff and much like their car..."

        If that were true then they would have to pass an exam before being allowed to use a PC and risk prosecution if caught drunk in charge of one. These problems arise because users *don't* think of a PC in the same way as a car. Your fridge analogy (or possibly bogroll in some cases) is closer to the mark.

        1. Anonymous Coward
          Meh

          Re: How

          "These problems arise because users *don't* think of a PC in the same way as a car."

          yes they do....

          do you check your tyres for damage each day? Do you check them for pressure each week? When was the last time you checked the oil and water levels? How about the wheel alignment and tracking?

          Walked round and checked the bulbs?

          None of this is required on a test, but still pretty essential stuff people ignore.

      3. DasWezel
        Stop

        Re: How

        "If my plumbing or my car starts playing up I might have an idea but I don't have the skills or the tools to fix complicated problems, it's not my job so I hire a plumber or a mechanic to look at it."

        While this is mostly true, you'll in all probability try to hire a plumber or mechanic recommended to you or that generally has a good reputation. You probably won't hire Honest Jeff because he was first to rock up outside your house, pushing his rickety wooden cart, and promising to do the job for a really good price and of course he can keep an eye on things while you nip down to the shops to get some cash.

      4. 404
        Boffin

        Re: How

        Then there are some who do it all.

        Except drywall, I can't do drywall.

        ;)

    3. Anonymous Coward
      FAIL

      Re: How

      "User is browsing really dodgy, NSFW sites which they know darned well they shouldn't be looking at"

      Or maybe just a run of the mill compromised server perhaps running a 0-day exploit?

      Nah doesn't fit in with your "all users a stupid and should be treated with utter competent"

    4. John H Woods Silver badge

      Re: How

      Some people are really operating on the very edge - or beyond - their comfort zone when using a computer. I dealt with a cryptomalware case recently where a lady had phoned BT to complain about her broadband. Two days later 'BT' phoned her back and gave her 'lots of instructions' which she followed. "Wouldn't you?" she asked. "No", I said: "I wouldn't make modifications to my washing machine because people claiming to be Severn Trent Water had phoned me up"

      The lady in question is not an idiot, far from it. But you have to be online these days, it's almost impossible not to be. And computers used to be so crap that often you did get help (from software or hardware vendors) over the telephone, so people are still in that oh-my-god-i-can't-do-it mode and are still prepared to trust a friendly and confident voice on the phone belonging to anyone who claims to be from any remotely technological company.

  4. eJ2095

    Ahh i do miss the days of

    Me long lost relative leaving me a million quid

    Or i have won the Spanish lottery..

    Or Some where in Nigeria

  5. Anthony Hegedus Silver badge

    A PC isnt like a car or anything else we own. People use the car analogy a lot though, presumably because it too is a complex and expensive machine that can be used for so many things. A car can be used for going to work, going to the cinema, going on holiday, moving furniture, picking up a friend from the station etc. A computer can also be used for many diverse things.

    But a computer is also flexible, and can be treated (and mistreated) in so many ways. What is really sad is that nobody has come up with a foolproof way of restoring your computer back to factory settings without losing something.

    In microsoft's latest incarnation of its windows "OS", there's a facility to restore back to factory settings and "keep all your apps" but what it means by apps is the ones that nobody ever downloads off the "store". Other computers have complex restore options that people don't understand.

    I once had a customer who managed to wipe everything off her HP computer because every time it booted, it had "press F12 for restore options" (or similar), and so she decided that it must want her to press F12. So she did. And when it said it'll restore your PC and wipe all the programs and data, she thought it meant something else. When people are that fucking stupid they really aren't going to prevent a cryptolocker infection, are they?

    We have had customers infected with one of these crypto-style viruses, and every single one of them was a reasonably intelligent and careful person. They just had a momentary lapse, and that's all it takes.

    1. Charles 9

      "What is really sad is that nobody has come up with a foolproof way of restoring your computer back to factory settings without losing something."

      Because of the Douglas Adams problem. You can't make something foolproof because complete fools don't think (box or no box) so can do things that can defeat anything you can think of. Your bit about the F12 wipe is a prime example: reading something in plain English and interpreting it in something so nonsensical as to defy belief.

  6. tony2heads
    WTF?

    ransomware

    did any of the victims hear about backing up important stuff?

    1. jason 7

      Re: ransomware

      You haven't read how it works have you?

      Once activated it searches not only for any local user data but for any attached storage over the network, cloud or USB and encrypts that too. Bang go your backups.

      So basically once you've got over the hurdle of setting up an automated backup for the customer, cloud backup for offsite you also then need to setup and volunteer someone to do a manual backup and remember to unplug the storage. Sorry Miranda or Cheryl!

      I'm sure you could come up with something more sophisticated but these are normal people with average aspirations and better things they want to do in life. Hence why I just use Cryptoprevent.

      Vaccine rather than cure.

      1. Cynic_999

        Re: ransomware

        "

        Once activated it searches not only for any local user data but for any attached storage over the network, cloud or USB and encrypts that too. Bang go your backups.

        "

        Of the people who actually do regular backups (sadly not a large percentage of PC users), I should think very few will have their backups permanently accessible to their PC - backups will typically be written to some form of removable media that is removed from the PC after creating the backup.

        In my case all the data on my home PC that I cannot readily replace comes to about 3GB of photos, documents, design files and activation codes etc., so I just burn it all to a single layer DVD every week or so. 2 years of full weekly backups will fit onto the spindle of a 100 disk cake tin that sits in a cupboard and has cost me under £20 for the blank media. There is no way that any malware could compromise those backups.

        1. Anonymous Coward
          Anonymous Coward

          Re: ransomware

          "In my case all the data on my home PC that I cannot readily replace comes to about 3GB of photos, documents, design files and activation codes etc., so I just burn it all to a single layer DVD every week or so. 2 years of full weekly backups will fit onto the spindle of a 100 disk cake tin that sits in a cupboard and has cost me under £20 for the blank media. There is no way that any malware could compromise those backups."

          But trust me, they can succumb to bit rot (which is why I've sworn off optical discs for backups until something like Archival Disc appears that's designed for longer-term storage). PLUS some of these malware are sneaky and like to sleep before pouncing so as to infiltrate your backups to the point that trying to restore them ends up re-infecting you. Finally, what if your backup needs are full of videos or other large files that make that impractical. I know people who's "precious data" runs into the terabyte range.

          1. Cynic_999

            Re: ransomware

            There are very few *home* users with *irreplaceable* data that runs into TB. Maybe people who have lots of home videos or photo enthusiasts who keep their images in raw format, but not much other *personal* data types will accumulate to that size. Bit-rot? Not really a problem if you are backing up *all* important data every week and never delete that data, so the same stuff exists on all the disks. Sleeping malware? Not really an issue with JPGs and documents, and also less likely when all the files in the "precious documents" directories are write protected.

            Yes, I have TB of data that I'd rather not lose, but if necessary I could re-download all of it from the places I got it in the first place.

            1. Anonymous Coward
              Anonymous Coward

              Re: ransomware

              Easy for you to say, but most of us have data caps, meaning downloading again can be a PITA. Plus JPGs and Documents HAVE been used as rather exotic avenues of pwning in the past. As for the sleeping malware, the idea is to be able to sneak INTO your backups so that when you try to restore them (at which point you CAN'T write protect since you're copying in) you re-infect yourself.

              And I can think of things that would easily add up to stuff you don't want to lose: TV recordings (especially HD recordings via a Happauge HD recorder) of shows that aren't sure to air again and so on. So no, I can't re-download them, I can't re-record them, and they're too big to store on disc, so what choices do I have left.

            2. jason 7

              Re: ransomware

              Even most domestic setups have more than one PC and the average user data has crept up big time over the past few years. Maybe around 40-50GB on average. I am seeing more folks with 500GB+.

              When you can get a cheap Zyxel NAS for around £75 and just plug that into the router and slap Cobian on the 3-4 desktops/laptops its job done.

              I rarely see anyone using optical media for backups nowadays. I maybe buy one pack of 25 DVDs a year now. So damn slow. If a customer comes to me for data recovery and they have more than 20GB of data I ask them to bring in external USB storage as I'm not backing that up to DVD.

              Forget optical in the workplace.

              1. Charles 9

                Re: ransomware

                I've thought about it but it gets a touch pricey when the bits start adding up, especially if you want both redundancy and a way to store offsite. My current regimen is to use two similarly-sized USB hard drives but only keep one of them running at a time except periodically when I sync changes between them, at which point I rotate them. Any other time, one of the drives is stored in a fire-resistant safe elsewhere. This combined with some parity archives seems to cover the optimal number of scenarios: the PARs can help treat bit rot and the odd corrupted file, a second drive, not from the same batch, normally kept offline but occasionally synced and rotated, should help cover one of them just up and dying (if it does, I should be able to replace it and sync against the good drive), and with the second drive in a separate location, I'm decently covered against theft and disaster.

        2. jason 7

          Re: ransomware

          "Of the people who actually do regular backups (sadly not a large percentage of PC users), I should think very few will have their backups permanently accessible to their PC - backups will typically be written to some form of removable media that is removed from the PC after creating the backup."

          Unfortunately, not in my version of the real world.

          Unless the backup destination is permanently connected and the backup process automated to happen at a certain time it doesn't happen.

          People are lazy or just don't care enough to think about it. It's a big enough challenge to get them to realise how important a backup is in the first place let alone getting them to actually do it and do it regularly.

          Had a few that go "Oh yes we have a backup!" I ask to see it and find it was last done 8 months ago and all the wrong data. Shambles.

          And burning to 4.5GB optical media? All RAID1 NAS boxes or bigger nowadays. Might work for for light home use but most businesses have too many users and data for that to work.

          It's a tough call.

  7. Sporkinum

    Pratchett

    I always smile when there is a Pratchett reference in an article. Igors stitching.. Thanks!

  8. phil dude
    Coat

    C.O.W...

    and not the sort you shoot in a field.

    P.

  9. David Lawrence
    Go

    Appliance/Car analogies

    I do like the "people treat a PC like a car" analogy - it's excellent, so let's stick with it.... most (but not all, apparently) of the people who get infected with this particular malware are doing the equivalent of driving a car at 120mph, without having passed a test, with no seat belt, and whilst tweeting/texting/posting a witty remark (with emoticons) on FuckwitBook. And then they act all dismayed when they crash and hurt themselves.

    Don't get me wrong - I will always do my level best to help them (if I can) but like I said earlier I struggle to ermpathise. Must be my particular combination of Tourettes and Autism I guess!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like