back to article Ransomware scum offer free decryption if you infect two mates

Ransomware scum are suggesting that victims infect their friends instead of paying for decryption keys. The ransomware variant "Popcorn Time", unrelated to the popular Bittorrent client by the same name, first tells users they have a week in which to pay one bitcoin (US$770) in order to have their files decrypted. The menace …

  1. inmypjs Silver badge

    If only someone....

    would invent backups.

    1. ecofeco Silver badge

      Re: If only someone....

      That's just crazy talk!

    2. Anonymous Coward
      Anonymous Coward

      Re: If only someone....

      I'll risk saying it... Backups *should* help for Joe Blow, but that chance seems 50/50 in reality to me.

      I've know 2 people that have been hit by these scams that did run backups on their home machines. But being they hot swap drives and have access to their LAN (chiefly the NAS) from their workstation...everything went. I've still yet to figure out if this stuff would attack a "cloud", but I don't see why not if it's mounted.

      I can't lie, I've not dealt with ransomware (yet) so correct me if I'm wrong, but if the sneaky stuff hangs around for a few days meddling about before popping its head up, many of us could be more susceptible than we think.

      1. Anonymous Coward
        Anonymous Coward

        Re: If only someone....

        There are good ways around this, but they'd require rather more technical expertise than could be expected of the average user. The way to stop ransomware attacks is for no one to pay ransom. Heck, pass a law making it illegal to do so.

        If you make their return on investment negative, it will quickly stop.

        1. TheProf
          Unhappy

          Re: If only someone....

          "If you make their return on investment negative, it will quickly stop."

          Nice thought but it won't work. No-one gets paid to vandalise public monuments but it happens.

        2. Law

          Re: If only someone....

          We've got:

          - NAS for central data point for all devices in the house (it's RAID, with time-machine-esc feature of rolling versions back)

          - Changes to NAS data are automatically encrypted and backed up to cloud backup (amazon drive)

          - Once every 3 months I physically plug in a 4TB HDD via usb3 into the back of the NAS for half a day, which triggers a full backup to the external disk. This is stored in a locked box in my locked desk cupboard in a very secure building (my office).

          If the ransomware times it perfectly, they could kill my cloud and offline backup at the same time... but the chances are very small.

          I get told this is overkill, they might be right, but it helps me sleep at night knowing I wouldn't lose it all in a fire, or ransomware attack (it'd be lost for sure, as I'd never pay the scumbags). Plus, it took like an hour to set up, and it all works fairly automatically - except the physical plugging in of the offline backup.

          1. Alan Brown Silver badge

            Re: If only someone....

            "- Once every 3 months I physically plug in a 4TB HDD via usb3 into the back of the NAS for half a day, which triggers a full backup to the external disk. "

            The same external disk each time. *Facepalm*

      2. AMBxx Silver badge
        Joke

        I've know 2 people that have been hit by these scams

        But did you get your files decrypted free of charge after infecting them?

      3. Pascal Monett Silver badge

        @MyBackDoor

        And therein lies the mistake : hard drives do not a backup make.

        I am constantly bleating this horn and next to nobody is listening : the only valid backup system for Joe User is the optical disk. Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.

        Hard disks can be wiped by magnets, they can fail outright, the data can fade until it is not readable any more. In a word, they are not a reliable backup system. They are a perfect transport system for large amounts of data, but they are not backup.

        The WORM disc is a far better backup support, cannot be modified once written and can reliably store data for decades. I wrote my first CD backup in 1995 and it is still perfectly readable. It does take longer to write, but it lasts way longer once written.

        1. This post has been deleted by its author

        2. Steve K

          Re: @MyBackDoor

          Whilst I applaud the sentiment of a RO backup, optical disks - particularly the cheap ones commonly available to the average user - are prone to fading too.

          You are fortunate that a 1995 CD backup is still viable as I have encountered azo dye-based CDR/DVDRs which are unreadable or showing errors after only 5-6 years.

          1. Alan Brown Silver badge

            Re: @MyBackDoor

            "You are fortunate that a 1995 CD backup is still viable as I have encountered azo dye-based CDR/DVDRs which are unreadable or showing errors after only 5-6 years."

            DVD-Rs are a particular problem as they slowly delaminate if flexed.

            I'm surprised anyone is still using AZO. Phtalocyanen has proven much more stable.

            CD-RWs are better still as they are a real phase change material, not a dye.

        3. Anonymous Coward Silver badge
          Facepalm

          Re: @MyBackDoor

          Hard drives can make a perfectly valid backup if done correctly. That means unplugging them when not in use and storing them separately from the source (ideally in a fire safe, like you would with tapes and your optical thingies).

          Personally, I have my own backups on (effectively) a NAS, but with some scripting that creates a read-only copy of each backup... but then I'm techy and know what I'm doing. I recognise the risks and have mitigated them to an extent that I'm comfortable with. YMMV

          1. Lotaresco

            Re: @MyBackDoor

            "Personally, I have my own backups on (effectively) a NAS"

            It's easier to do with a NAS because you can mount/unmount the share as required, even in Windows hence the drive is only vulnerable during backup. Require a password for each mount and you prevent malware from getting at it easily. Run a cron job on the NAS to replicate the backups to copies with a data serial and you have another layer of availability.

            I've recovered some seriously borked systems with only minimal downtime and loss of data by following a tiered backup strategy.

            The problem, as ever, is the user. Users don't like having to do *anything* other than surf their porn and shop online. Having to do something like mount/unmount a drive isn't going to happen and they won't pay someone who knows how to do it to set it up for them. It's very difficult to device effective controls and strategies for SOHO because the users/owners don't understand the issues and largely don't care. Not until the Day It All Goes Horribly Wrong.

            In an enterprise you can work around this by providing thin client access to VMs and snapshotting the VM. The worst case then is loss of a few hours work.

            1. Anonymous Coward
              Anonymous Coward

              Re: @MyBackDoor

              Require a password for each mount and you prevent malware from getting at it easily.

              That is rather naïve. Do you think that malware runs visible in a top level desktop window that says "I AM NOW ENCRYPTING YOUR FILES, PLEASE WAIT"?

              Ransomware runs as a hidden background process so you won't know you've been infected, and will encrypt whatever it can gain access to. This means, as soon as you mount your NAS (password or not), the process will have as much access to the storage as your backup program has. Worse, because iterative backups tend to be stored on the same medium you may lose previous generation backups too.

              This is the major issue: if you run iterative backups (which most people do due to the time it takes to back up from scratch) you run the risk of having them encrypted too by ransomware.

              If you still dump onto tape, however, you may have less of an issue if you use a grandfather-father-son scheme, but all the random access read/write approaches are wide open. It takes longer for a network drive than local storage, but it's no less vulnerable.

              1. psychonaut

                Re: @MyBackDoor

                use carbonite.

                they have point in time restore. if you get hit, you get in touch and they can roll your backup back to before it happened. then you rebuild the machine, and press "get my files back" and thats it, job done. it can take a while to get all your data if you have a lot of it but you do get it back. you might lose some changes - they have to roll back to before anything was encrypted, but you wont lose much.

                ive seen it work in anger. i sell lots of it, you can make reasonable money out of it.

                unlimited storage is £69 dollars a year per device (for non server OS)

                its more expensive for servers of course but they have products that do all of that too.

                it really is very good indeed for the money.

                this is for non server/domain setups - not many small offices i deal with can afford a server, but you can also set up a spare pc (say dual core intel, 4gb ram, ssd if needed - hp elte 8000 for instance, say £50 for the box, £40 quid for the backup disk, same for [primary unless you want ssd) as a data server, then have network shares to it under a standard account. put a big backup disk in it and have macrium or windows backup run to that, remove permissions for standard users to access the backup disk. i prefer macrium because it can email if it is successfull or failed.

                then you have a box that cryptolocker can get at through the network shares, but it cant get at the backup disk.

                if you back that pc up with carbonite (69 dollars a year), you have belt and braces. (in case of fire, theft, stupidity)

                you can then run openvpn if you want remote access to the files, put prooper security on it etc etc....miles better than a nas.

          2. Anonymous Coward
            Anonymous Coward

            Re: @MyBackDoor

            Exactly. I have two large external HDDs hooked up, and the power strip is turned on and off by a cheap chinese remote control

            Every week, I turn press the button to turn on, do backups, then push button to turn off the power.

          3. Alan Brown Silver badge

            Re: @MyBackDoor

            "Hard drives can make a perfectly valid backup if done correctly. That means ..."

            Amongst other things - NOT running the backups on the system which is hosting the original data.

            Bacula's pretty good for this. Not only does it backup clients across a network, but because it keeps hashes of all the files in a database, you can tell what's changed and when it changed - aka a semi-decent IDS with restoral mechanism.

        4. Anonymous Coward
          Anonymous Coward

          Re: @MyBackDoor

          Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.

          1 - never heard of multi-session drives then?

          2 - you tell someone they should fill up their homes with stacks of pretty coasters

          3 - the write speed of those media vs the ever increasing amount of data that people generate (the incorrect pissing match on number of camera pixels is one of the drivers) makes this a dead proposition. My own system backs up a couple of GB a night - I now use an SSHD (hybrid) which cuts backup time to reasonable amount (I also use that because it offers me a "start from the metal" recovery process - and it's not the only backup that takes place).

          4 - the read speed: ditto.

          That said, I am moving to a system of multiple drives with a week's gap in between and offsite storage cycling - just in case. My OS is presently not sensitive to this, but I'm human like everyone else and can make mistakes too (mostly before coffee :) ).

          1. Alan Brown Silver badge

            Re: @MyBackDoor

            "I am moving to a system of multiple drives with a week's gap in between and offsite storage cycling - just in case."

            This brings up an important point about backups. You need at _least_ 3 copies of your data on separated media (the one you're backing up on, the one before that (offline) and the one before that (offline), which will be recycled to be your backup disk next time.)

            I've seen script kiddies knock out ISPs and businesses because all their "backups" were online and directly attached to the system being "backed up". People really have no clue about keeping things safe.

            The other classic is burglaries - people have lost not only their computers/laptops, but all the external hard drives that held the backups - conveniently placed on a shelf above the PC. Don't do that.

        5. Just Enough

          Re: @MyBackDoor

          DVDs and BluRay have very limited capacities. When I do a backup I do not want to have to sit around for hours swapping disks like it's 1994.

          And if you think that optical disk backups are indestructible and forever, you're in for a nasty shock some day.

          1. david bates

            Re: @MyBackDoor

            You're telling me - About 10 years ago I bought some magazine archives, via the publisher no less, that are now utterly unreadable. Apparently Im not the only one.

            1. Alan Brown Silver badge

              Re: @MyBackDoor

              "About 10 years ago I bought some magazine archives, via the publisher no less, that are now utterly unreadable."

              There is software for Linux which will do its utmost to extract data from such disks.(Dvdisaster)

              There's other software which can merge multiple sets of such data (assuming you have several copies of those disks, each with their own bad spots)

              1. Danny 14

                Re: @MyBackDoor

                you can host the backups on the system and leave the backup drive plugged in all the time. Simply have an account that does the backups and DENY the "normal" logged in users (and administrators so you don't have $ shares being an issue) access to the drive. If it is a NAS then again have a dedicated backup account that can access the share and no one else. Then use backup software that has user credentials as the backup user and away you go (I use EASUS as it has worked for backup and restore for me)

          2. Anonymous Coward
            Anonymous Coward

            Re: @MyBackDoor

            DVDs and BluRay have very limited capacities. When I do a backup I do not want to have to sit around for hours swapping disks like it's 1994.

            And if you think that optical disk backups are indestructible and forever, you're in for a nasty shock some day.

            for media, M-Discs supposedly last longer.

            I'm still waiting for Archival Disc.

          3. Orv Silver badge

            Re: @MyBackDoor

            "DVDs and BluRay have very limited capacities. When I do a backup I do not want to have to sit around for hours swapping disks like it's 1994."

            Bingo. I'm a sysadmin, and a pretty conscientious one, but if backing up requires a long period of manual intervention and I can't automate it, it probably won't happen on a regular basis. Certainly not daily. Hard drives have gotten so big compared to removable media that the only practical thing to back them up to is other hard drives.

            That's why I've gone the cloud route -- CrashPlan, in my case. It's worth the money for me to make it someone else's problem. Since it's not mounted as a disk and it allows me to go back to previous versions, I think it should be pretty resistant to ransomware. It also has the benefit of not being in my house, so I can still recover my data if I have a house fire or something similarly disastrous.

            I do make local disk backups as well, but those are more for convenience.

        6. Mark Dempster

          Re: @MyBackDoor

          >I am constantly bleating this horn and next to nobody is listening : the only valid backup system for Joe User is the optical disk. Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.<

          You have a point, but if the ransomware has been sitting on your system for a while before activating its payload, then your recent backups will also be infected. For many companies, the last week's (or other time period) data is the most important of all, and yet it's too risky to restore.

          That does depend on the nature of the backup, of course. But even if you only backup your documents it's quite feasible for one of them to have a macrothat triggers a ransomware download.

          1. Pascal Monett Silver badge

            Re: @everyone

            It's interesting that just about everyone here answered my post with variations concerning NAS and/or company backup procedures.

            Funny, I clearly indicated that I was talking about Joe User.

            Joe User does not have a NAS and wouldn't know how to set it up if you gift-wrapped it and installed it for him and, if you did do that for him, it would do eff all for his data when he gets infected with an encryption virus as is such the rage right now.

            And please stop going on about how optical discs "are not forever". Nothing is forever and it is hilarious to think that optical discs without any moving parts are more at risk than spinning rust. Your optical drive can fail, it has no bearing on the data on the disk. The same cannot be said about hard disks.

            Optical discs can fade (or so I've heard as well), but I take my data seriously enough to not buy the cheapest sort and, for the moment, I have indeed been lucky - if you call "luck" the staged multi-copy process I go through.

            Once again, optical discs are the best bet for Joe User. When/if he gets around to it, he'll have a valid copy that will be stable and reliable long enough for him to completely forget what was on it in the first place.

            You guys are experienced enough to choose your own path and take your own risks.

            1. Prst. V.Jeltz Silver badge

              Re: @everyone

              Pascal,

              Joe user these days uses a usb stick or a cheap 2.5" external drive from maplins.

              I myself use a Hard drive, I have 4 drives (2tb) with the same data on thereby eliminating the risk of losing data if one fails.

              Its better than burning 3077 CDs every week.

            2. Anonymous Coward
              Anonymous Coward

              Re: @everyone

              Used to back up to dvd, until we discovered at least half of them had self destructed within 2 years. Never again.

            3. Kiwi

              Re: @everyone

              Once again, optical discs are the best bet for Joe User. When/if he gets around to it, he'll have a valid copy that will be stable and reliable long enough for him to completely forget what was on it in the first place.

              1) DVD's are one of the flimsiest, crappiest data mediums out there, especially in "joe user's" house with the sprogs and their wonderful treatment of such things.

              2) Joe User likely has at least 500Mb worth of data to back up. Probably Joe User has at least a terrabyte HDD with a lot of movies/music, and maybe 40 of 50Gb worth of "junk files" on their system (Windows is great at cleaning up temp folders!). Junk files alone would just about take up a packet of DVD's.

              Then there's the space requirements. I could get 2 2Tb USB HDD's in the same space as 10 DVD's. The 10 DVD's would not quite give enough backup space for the average home user's junk files, whereas the 2x2Tb HDD's would give enough for 3 full backups.

              They won't fade. They're not as easy to damage as DVD's. Using the wrong marker type on them won't destroy them. A kid sliding one across a carpet won't damage them. Having the DVD tray close on the last one of them won't mean you just wiped out a 50-disk backup procedure coz disk#50 is now stuffed. They don't require a shitload of stuffing around every 30 minutes changing disk.

              For backup, optical is a dead medium. I know a number of home users who would need in excess of 300 dvds each backup (think I am adding up the numbers right), whereas ONE external HDD will do it. For Joe User, it is the worst thing imaginable and perhaps only marginally better than nothing at all. It's like clothing yourself with a single layer of cling wrap before going for a walk in the snow.

        7. Kiwi

          Re: @MyBackDoor

          Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.

          Grab DVD from machine, sit on carpet/rough surface. Grab backup external HDD from machine, sit on same rough surface. Which is likely to survive? Hit : Not the optical media, which seems rather fragile in most people's homes (y'know, with little tykes running around who can never understand the concept of "don't put my DVD's on the fecking carpet!")

          Hard disks can be wiped by magnets, they can fail outright, the data can fade until it is not readable any more. In a word, they are not a reliable backup system. They are a perfect transport system for large amounts of data, but they are not backup.

          I've never known a HDD to be wiped by close proximity to magnets. Did you know that HDD's have some quite powerful magnets INSIDE them, as part of the head mechanism, that are unsheilded and only a few mm from the platters? So the platters are spinning through a strong magnetic field? Nor have I ever heard of data "fading" on them.

          I wrote my first CD backup in 1995 and it is still perfectly readable. It does take longer to write, but it lasts way longer once writte

          Back about when you were doing your first backup CD, I upgraded a HDD in a machine. It was a whopping 120Mb HDD that I upgraded to a "cheap" (nearly$NZ600!) 1Gb drive that went in. Recently I discovered that disk and what the hell, spun it up. Still works fine, and data still fine.In fact a few days ago I played WarCraft 2 off a copy I took of that disk a couple of weeks ago.

          Anyone know where I can find a PCI MFM controller? Coz I also found a massive 5Mb HDD I'd love to spin up. And by "massive" I mean full height/full width. Don't think I have any mobo's left that have ISA slots.

      4. Steve K

        Re: If only someone....

        You'd have the same issue on Cloud/SharePoint really unless you have another challenge mechanism - it's a trade-off between convenience and security.

        If you want your files available seamlessly as if they were locally-attached then that's a risk you have to take. Versioning could help here, but it depends on how sneaky the payload is since if it activates over a longer period before popping up the demand then where do you start....?

        One way to protect the NAS backups at least is to have the NAS backup jobs running as a dedicated backup user - with a strong password - and these backup filesystems RO to their normal user.

      5. 9Rune5

        Re: If only someone....

        "I've still yet to figure out if this stuff would attack a "cloud", but I don't see why not if it's mounted."

        A while back, somebody on this forum told the story of such an infection. BUT! The backup vendor in question had a backup of several generations worth of changes. Rolling back to a point in time before the attack took place, and presto: The originals restored, safe and sound.

        The vendor mentioned was Carbonite and after reading about them here I became a subscriber. Roughly four years ago I think. I haven't had any use for them so far, but my local storage isn't getting younger or healthier.

        YMMV, but dealing with DVDs is hardly a walk in the park. I have had the "pleasure" of retrieving some of my old DVD backups, and though some files survived, others did not. It is a very temporary way of storing files. (I doubt I even found all the DVDs I started out with) Depends of course what you are saving. In my case 1TB worth of pictures. Those files never change, so not too tempting to keep weekly backups around on tapes or optical storage.

        1. Anonymous Coward
          Anonymous Coward

          Re: If only someone....

          Use DVDs or BluRay - Quick reminder if you follow this path is to buy a WATER-BASED marker to label your discs with. If you just use a random permanent marker it's probably spirit-based and these can fuck up the discs in 18 months or less. Reasonable-sized stationers should have them.

    3. FordPrefect

      Re: If only someone....

      Well they are useful unless the clever ransomware writers sneakily encrypt your daily backups for a period of time before and then encrypt the main machine, meaning when you try and revert to your backups for the past week you find they are all encrypted too.

  2. Oh Homer
    Paris Hilton

    Your chance to win!

    Dear soon-to-be-former pal,

    I write to you as someone who bought you a pint in the pub last night to introduce you to this exciting new opportunity exclusive to the soon-to-be-former pals of ransomware victims!

    Please send all your dosh to a Ukrainian criminal so I can unlock the full potential of my pr0n and warez collection which took me all week to download on my heavily monitored and throttled BT slowband connection, since I've never heard of backup and therefore this is my only copy.

    Hugz,

    Johnny B. Shite.

    1. Dan 55 Silver badge
      Happy

      Re: Your chance to win!

      Don't laugh, Johnny B. Shite's got an off-premises backup. He's doing quite well.

      1. Kiwi
        Coat

        Re: Your chance to win!

        Don't laugh, Johnny B. Shite's got an off-premises backup. He's doing quite well.

        Is that what The Pirate Bay is called these days?

  3. Destroy All Monsters Silver badge
    Gimp

    Wow. These guys are hardcore.

    This sounds like a story from one of those anime "I will not publish these compromising photos of you with kitchen implements if you deliver your two school friends to my rape cellar"

    How I know that?

    Err... research. Yeah, research.

    > Ransomware authors claim the ransom will be used to pay for food and shelter in Syria.

    Hopefully the Russkies clean up, because the France/UK leadership (more like Frankenship, amirite) - which is basically the root cause of this mess together with the Saudi pals - is currently doubling down on the "regime change before ISIS" fantasy.

    1. Destroy All Monsters Silver badge

      Re: Wow. These guys are hardcore.

      The thought occurs that paying up would mean "materially aiding terrorism", which is currently a no-no in our "haven of civilization", so better demur.

      1. Anonymous Coward
        Anonymous Coward

        Sounds like an argument for the Surveillance State

        By protesting and contesting Our right to spy on your every last electronic and non-electronic communications you are "materially aiding terrorism [and paedos]".

  4. Anonymous Coward
    Facepalm

    So...

    You spin up two VM's... get them infected... and get all your files back ?

    1. Nathan 13

      Re: So...

      With VMs making a V payment?

    2. Pascal Monett Silver badge

      Re: So...

      You forgot a step : pay twice the extortion amount

      Up to you, but I don't see how that is better.

      1. Doctor Syntax Silver badge

        Re: So...

        "You forgot a step : pay twice the extortion amount"

        No, it's easy. You spin up another couple of VMs for each of the VMs.

        It's VMs all the way down.

    3. chivo243 Silver badge

      Re: So...

      I was thinking the same thing. +1 for you, in fact, one could start a service... point these guys to phony users on disposable VM's, something, something, profit...

      1. Danny 14

        Re: So...

        again, reading fail. The TWO OTHERS NEED TO PAY UP before you get your free key.

        1. Prst. V.Jeltz Silver badge

          Re: So...

          interesting marketing technique.

          I wonder if traffic wardens will take it up?

  5. ecofeco Silver badge

    Well that's novel

    They are scum of the earth but that's rather novel for this.

  6. J. R. Hartley

    Say what you like

    But that's impressive.

  7. GrapeBunch

    MLR

    Every meme deserves an acronym.

  8. Mephistro
    Facepalm

    A perfect business plan

    Because once someone infects his mates, he can be blackmailed into bankruptcy, regardless of whether said mates paid the miscreants or not. An endless supply of fun, as the guy/company that collaborates in this scam will land in hot water, legally speaking.

    Seriously now, If someone is not keeping proper* backups of his data, it means that either the data wasn't worth the effort or that the data was doomed anyway, so no worries, eh?.

    Note*: proper backup= Hanoi Towers scheme + off site backups + regularly testing the backups.

    1. Kiwi

      Re: A perfect business plan

      Seriously now, If someone is not keeping proper* backups of his data, it means that either the data wasn't worth the effort or that the data was doomed anyway, so no worries, eh?.

      And how many users know what backups are? Even if the data is the last remaining pictures/video of a lost loved one?

      I saw this a lot in computer repair work. People had no idea of what backups were. The data was absolutely precious, but they had no idea even that they could protect it.

  9. veti Silver badge

    Just when you think the scum can't get any worse

    ... they do.

    "Paying for food and shelter in Syria" - I think I just threw up a little in my mouth, there.

    There must be some marketing opportunities here for backup services. Cloud providers gotta be good for something.

  10. Anonymous Coward
    Anonymous Coward

    This sounds serious!

    "tells users they have a week in which to pay one one bitcoin (US$770) in order to have their files decryoted."

    Having them decrypted is one thing, but decryoted makes it sound so much more bizarre!

    (sorry, couldn't resist) :)

  11. MrDamage Silver badge

    Solution

    Create 2 VMS, and 2 fake accounts. Infect those, and get decryption for free.

    1. Montreal Sean

      Re: Solution

      Both people you infect need to pay up before you receive your decryption key.

      VMs would end up costing you twice as much as just paying up for the first infection.

  12. Anonymous Coward
    Anonymous Coward

    Negan

    We are all Negan...

  13. Magani
    Headmaster

    Does nobody proofread any more?

    Thre ransomware ... in order to have their files decryoted.

    Before the alliance formed, ransomware-wrecking was a scattered and silo-ed, but furious efforts

    Come on, El Reg. Buck up or I'll have to have you decryoted.

  14. Anonymous Coward
    Anonymous Coward

    I suppose they mean Facebook friends, not friends, actual friends.

    The worrying thing here is how fast Facebook expanded early on, by spaming your contacts list to get new members, and new members from them. Sheer desperation on the part of the user, could cause this distribution method to go Viral. Worrying times.

    Three B's. Backup. Backup. Backup.

    Next they will be issuing Loyalty Cards...

    1. Anonymous Coward
      Anonymous Coward

      Re: I suppose they mean Facebook friends, not friends, actual friends.

      Erm, how has this turned into an attack on Facebook?

      The article says that you hand out a referral code. It could be to a Facebook friend, it could be to the bloke that works in the petrol station, it could be to that woman two doors down who found out that you work with computers and now brings her Packard Bell laptop round every time it gets an error message.

      Sheesh, I get nobody likes Facebook, but this isn't their fault.

    2. Just Enough

      Re: I suppose they mean Facebook friends, not friends, actual friends.

      Actually, it needn't be a friend of any sort. It just has to be a valid email address, with someone at the other end foolish enough to click on a link.

      But this really is a new low. I wonder if the randsomware reveals what's actually occured to the second tier victim?

  15. Tony S

    Had a rather disturbing conversation with a senior manager. I had outlined the problem (several times), but he refused to authorise the payments for a backup system. (Wouldn't even pay for a couple of external USB drives).

    The business was hit by ransomware; I got called in to help. I explained the processes to the IT staff, and they actually managed to recover about 97% of the files.

    I then highlighted that the business was extremely lucky to get off so lightly, and used this to identify just how exposed they were, and then provided some advice on suitable options. He thanked me for my input, and showed me the door.

    They still have no backups.

    1. Doctor Syntax Silver badge

      " I got called in to help."

      I hope your bill was more than a decent backup arrangement would have cost. A couple more incidents and they'll start to get the financial message. Financial because it's the only one they'll understand.

    2. DanDanDan

      Do you mind sharing how you recovered 97%? I'm just curious because these things are usually all or nothing.

      1. psychonaut

        he may have got stuff out of shadow volumes (google shadow explorer)

      2. Doctor Syntax Silver badge

        "Do you mind sharing how you recovered 97%?"

        I used photorec to help a cousin out. The particular ransomware involved wrote an encrypted file & just deleted the old one. That leaves the data sitting on disk ready to be recovered providing nothing else writes over it. That's the proviso - something, maybe the ransomware whilst writing out another encryption, may have written over some of the files. There was also a load of stuff not recovering - stacks of buttons, logos & what not from the browser cache. In the end it made sense to simply chop all the really tiny files rather than waste the user's time going through them. There's also the possibility that the recovery software might simply not be able to recognise some file formats.

        1. DanDanDan

          It's a bit late, but thank you very much for this. Worth keeping in mind just in case a relative contacts me. I'd be a bit worried what else I might dredge up from the deleted nether regions of their hard drive, but...

  16. Anonymous Coward
    Anonymous Coward

    Given that all money is supposed to be traceable

    How are the criminals still operating when the money must be transferred electronically and hence tracably.

    Even if they money was cash handed to an unknown on a dark street corner, then it would be fairly easy to track down who is benefitting and freeze their assets (ideally in Syberia).

    Clearly those cash streams being uemployed are complicit in the crime and should also join their friends in Syberia or at least be subject to the same money laundering rules as other financial institutions.

    1. Anonymous Coward
      Anonymous Coward

      Re: Given that all money is supposed to be traceable

      The article talks about Bitcoin payments, not electronic fund transfer.

      Whilst Bitcoin is not 100% anonymous, its very difficult to trace funds sent this way.

      I expect that the NSA could do this (and indeed probably are) but most orgs struggle. There are also Bitcoin washing services that allow you to make it even more difficult to trace.

      For most people Bitcoin is effectively untraceable.

      I know this as we were researching virtual payment systems for a large company.

  17. Doctor Syntax Silver badge

    There are a lot of "friends" who keep sending emails to my spam bin. I'm sure I could spare a couple of those.

  18. Anonymous Coward
    Anonymous Coward

    Another wonderful plan from the Trump school of business

    Forget morality or loyalty, it's far more important to save a buck or two.

  19. EJ

    Disappointed by accompanying graphic

    Way better graphic for this story would have been https://images-na.ssl-images-amazon.com/images/I/410wlv-29JL._SL500_.jpg

  20. This post has been deleted by its author

  21. Ropewash
    Trollface

    VM's all the way down...

    Everyone took this way too seriously and missed the opportunity for fun.

    Just keep spinning up and betraying "friends" until the week is almost up for your real machine. These guys will think they're going to have enough coming in at week's end to buy Bolivia and then you send a reply that just says "Nah, Fuck it." spin down all the VM's and format your machine like you were going to have to do anyhow.

    This could probably be automated.

    1. Kiwi

      Re: VM's all the way down...

      Just keep spinning up and betraying "friends" until the week is almost up for your real machine.

      Sounds like a plan.. though.. I've been getting some stuff in my spam where I'm kinda expected to fill out a pdf and send it back.

      What would be cool is if the two were the same organisation, and these guys got infected by a response to their own spam :)

  22. Anonymous Coward
    Anonymous Coward

    Only tard run a computer that can't be instantly reformatted. Fuck them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like