So, where are the Boys?
Here you have criminality, the 'T' word and 'Cyber' all rolled into one. Surely this is a legitimate target for all those three letter organisations rather than the kid ripping his CDs.
Cryptowall authors have wrought some US$18 million in damages on US users and businesses alone, according to the FBI. The Cryptolocker-imitation ransomware family has etched itself as one of the most prolific and capable since it was first detected in April 2014. Global damage reported to the US agency are likely considerably …
The "kid ripping his CDs" is a WAY easier target and they can put a name and a face to a crime. So the media hypmermegaconglomorate is happy as another criminal is roundly and soundly lambasted and thrown to the lions. No doubt being fined, criminal record, distraught parents etc.
The scuzz-buckets behind cryptowall, locker etc have no such compunctions as they are essentially safe from the governement(s) and law enforcement agencies...
See how the USofA becomes utterly powerless when faced with THIS kind of enemy. No amount of toys being thrown out of a pram will facilitate the eradication of cyberscum.
Makes my shit itch......
Justice??? My arse.....
The scuzz-buckets behind cryptowall might just be the government and law enforcement agencies. Given the millions killed by the good old USA and its allies protecting their corporate interests around the world over the last few decades, encrypting someone's PC seems fairly tame. Proxy armies rampaging through Northern Europe, the Middle East and Africa don't fund themselves and what better way to raise money for off-the-books operations than tapping the vast number of saps on the internet.
Indeed, the money is about what $ANY_GOVERNMENT_AGENCY spends annually on peanuts.
Which, pedantically, aren't really nuts in fact, but are still liable to make some people extremely unwell.
And possibly that isn't the point. I mean, US.gov can't very well say "We'll give you $20 million a year * if you leave U.S. businesses alone."
* in used nuts. ** eww.
"while features including the ability to destroy backups and encrypt cloud-synchronised files increases the chances victims will pay."
Dropbox will let you rollback your account prior to a specific event. (e.g Cryptolocker).
Not that big of a deal if you store project files in dropbox and it gets encrypted.
The malware can just contacts Dropbox and tells it to purge its history (which you can do). It can also wait for a couple of months before becoming active, so it is already in all of your backups.
The real problem is the rubbish over-complex and ill conceived engineering that goes into tools like Windows and html5 that makes them such easy targets for malware in the first place.
Offsite backups on tape? Dude, that's so 1970's and none of the cool kids do stuff like that anymore! Everybody knows TAPE IS DEAD and you don't need backups anyway, your SAN has a RAID array so it's all backed up. If your that worried about this backup lark we could stick it all on this cloud service! (which only costs as much as buying an LTO tape drive and the tapes every year)
"[Cryptolocker] features include the ability to destroy backups and encrypt cloud-synchronised files"
Am I the only one to quietly chuckle at the cool kids chasing the latest fashions instead of carefully considering operational requirements and designing systems to survive worst case scenerios?
Yes, i'm a horrible person. I know. BOFH syndrome kicks in after a few years in this job though.
Sounds good. Right up until it's parked itself in the incremental to wait for it to be re-loaded. If the encryption has started, your incrementals are screwed. Unless you do the back up and pull it off line. The catch to beware of: did it or did it not put a copy of itself in the backup.... do you feel lucky?