back to article 'You've been hacked, pay up' ... Ransomware forces your PC to read out a hostage note

Ransomware miscreants have developed a strain of malware that lets victims known that their computer has been encrypted verbally. The Cerber ransomware encrypts users' files using AES encryption before demanding an extortionate payment of 1.24 Bitcoins ($500) in order to supply a private key needed to decrypt files. The …

  1. TRT Silver badge

    "Eastern Europeans go free"

    The Czech's in the post...

    1. Voland's right hand Silver badge

      Re: "Eastern Europeans go free"

      Exactly - the list of countries that get the red carpet treatment is ex-Soviet Union, not Eastern Europe. So the Czech's are indeed in the post.

      1. Ian Johnston Silver badge

        Re: "Eastern Europeans go free"

        My Czech friends are most insistent that their country is in Central Europe (civilised), not Eastern Europe (barbaric).

        1. Monty Cantsin

          Re: "Eastern Europeans go free"

          "Anything east of Prague is Eastern Europe" was the answer I got from some Czech clients recently. Obviously Praguers.

    2. Halfmad

      Re: "Eastern Europeans go free"

      "I'm russian to get that czech in the post..."

      ^^ Surely?

      1. This post has been deleted by its author

        1. TRT Silver badge

          Re: "Eastern Europeans go free"

          It's a Freepost address.

    3. Mark 85 Silver badge

      Re: "Eastern Europeans go free"

      Can anyone here cache a small Czech?

      1. Adam 1 Silver badge

        Re: "Eastern Europeans go free"

        African or European?

  2. Anonymous Blowhard

    This is the kind of user-friendly notification that would improve many other products; instead of making users check their file-systems for signs of infection, it gives a clear audio-confirmation that they're up Fertilizer Creek.

    Clearly the black-hats have been profiling their market segment and have realised that the clueless, their best customers, are likely to miss the fact that they're infected for a significant period of time, potentially affecting cash flow (always a problem for a growing business).

    They've also realised it's a good idea to avoid breaking the law in a country that can get their hands on you.

    Could be a sign that "Malware Consultant" is now a thing.

    1. Anonymous Coward
      Anonymous Coward

      "This is the kind of user-friendly notification" .... Genius! (Copy / paste as it deserves 2nd read)

      "This is the kind of user-friendly notification that would improve many other products; instead of making users check their file-systems for signs of infection, it gives a clear audio-confirmation that they're up Fertilizer Creek.

      Clearly the black-hats have been profiling their market segment and have realised that the clueless, their best customers, are likely to miss the fact that they're infected for a significant period of time, potentially affecting cash flow (always a problem for a growing business).

      They've also realised it's a good idea to avoid breaking the law in a country that can get their hands on you.

      Could be a sign that "Malware Consultant" is now a thing."

  3. wikkity

    One way to scupper ransomware

    would be to create a bunch of these and NOT give out decryption keys. People would stop believing they can recover their data and stop paying. The victims may even learn to backup important stuff and stop using an account with admin privileges for everyday stuff.

    1. TRT Silver badge

      Re: One way to scupper ransomware

      Interesting idea. Similar to banning seatbelts and installing spikes in the middle of the steering wheel.

    2. Voland's right hand Silver badge

      Re: One way to scupper ransomware

      In a world where you still get Nigerian bank manager emails and Microsoft support scams there will still be someone idiot enough to pay.

    3. emmanuel goldstein

      Re: One way to scupper ransomware

      is to make the effort to maintain a basic knowledge of OS security.

    4. Halfmad

      Re: One way to scupper ransomware

      Most of them can only activate if you've got macros enabled in office, don't do that and you won't even get the payload, at least on the current worse set of ransomware guff.

    5. Anonymous Coward
      Anonymous Coward

      Re: One way to scupper ransomware

      So causing pain and suffering is your way to enlightenment.

      You have much to learn grasshopper.

      1. Mark 85 Silver badge
        Joke

        Re: One way to scupper ransomware

        "Pain is weakness leaving the body" -- Boot Camp Drill Sargent

    6. Anonymous Coward
      Anonymous Coward

      "create a bunch of these and NOT give out decryption keys."

      Why all the Downvotes?

      Its a useful thought experiment... We definitely need a better way to get warnings out, and the mass media aren't helping! ....

      1. Anonymous Coward
        Anonymous Coward

        Re: "create a bunch of these and NOT give out decryption keys."

        So causing pain and suffering is your way to enlightenment.

        "We must embrace pain and burn it as fuel for our journey!"

        -- Kenji Miyazawa

        1. Anonymous Coward
          Anonymous Coward

          Re: "create a bunch of these and NOT give out decryption keys."

          I see you have eaten from the restaurant of many orders.

          Well played padowan. Your journey has yet to begin with a single step.

    7. Trigonoceps occipitalis

      Re: One way to scupper ransomware

      "Hello, You seem to be a victim of an encryption ransom demand. Fortunately my uncle, a Prince of the Nigerians, can help. Just send ....... "

    8. DropBear Silver badge

      Re: One way to scupper ransomware

      "...would be to create a bunch of these and NOT give out decryption keys."

      I have a better idea. Create a bunch of these that totally do the whole encryption thing right up to the ransom note, but make actual payments impossible (looks the part, but it fails / it's fake). Then, after exactly 24 hours they put up a different note telling you this time you got lucky as this was only a "drill" asking you how would it feel to have this happen to you for real - then they should proceed to nicely decrypt everything exactly as they found it. I believe going without your files for 24 hours would be worth the price of the education received...

  4. Crazy Operations Guy Silver badge

    "But the ransomware is deliberately programmed not to infect computers in eastern Europe."

    I'm a bit curious as to how it does that. Does it use some kind of GeoIP service? Bases it on language? Pings times to a server in E. Europe?

    1. allthecoolshortnamesweretaken

      Re: "But the ransomware is deliberately programmed not to infect computers in eastern Europe."

      My guess is it checks the language settings of the infected system.

  5. Anonymous Coward
    Anonymous Coward

    How kind of them to consider partially sighted users with a verbal message. You can't get that kind of service from 99% of legitimate software.

  6. DavidJB

    I guess they are not targeting Russian users because they don't want a 'visit' from Russian security bods. Which gives a clue to where they might be based.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Western Ukraine?

      1. TRT Silver badge

        It's not a crime 'ere. Crimea, geddit?

  7. Boris the Cockroach Silver badge
    Unhappy

    Hey NSA/GCHQ

    Job for you

    Track down these ransomware peddlars and shut them down by any means.

    ....................................

    Sorry whats that?

    ......................................

    ok you carry on tracking down 3 jihadies by slurping the entire internet every 15 millisecs

    1. Anonymous Coward
      Anonymous Coward

      Re: Hey NSA/GCHQ

      BUT:

      Do they own iPhones???

    2. Steven Roper
      Mushroom

      Re: Hey NSA/GCHQ

      "Track down these ransomware peddlars and shut them down by any means."

      Such as peeling the fuckers' skins off at a rate of one cubic centimetre per hour and streaming it live as a public warning to other sociopathic ransomware vermin that doing this to people carries the direst of consequences.

      1. TRT Silver badge

        Re: Such as peeling the fuckers' skins off at a rate of one cubic centimetre per hour

        Oddly that describes the sensation I had yesterday trying to set up an enterprise network (when the automatic parameter setting failed - all the CHAPv2 / PEAP stuff) then install Matlab, ImageJ, Office and EndNote on a new laptop running Windows 8.1

  8. Anonymous Coward
    Anonymous Coward

    Sigh.

    Why don't they send this stuff to Donald Trump?

    1. TRT Silver badge

      Re: Sigh.

      Because he would ban encryption completely if you did.

  9. foxyshadis

    I don't think "growing sophistication" and...

    ..."uses VBScript" belong together in the same description.

    I don't see how writing code to encrypt network drives but disabling it indicates sophistication, either. Cryptolocker and Cryptowall were already doing that by the end of 2013, and they're 90% of infections.

  10. Stevie Silver badge

    Bah!

    Curious that Eastern European computers are not targeted by this dastardly software.

    This Means Something.

    But what?

    1. Jan 0

      Re: Bah!

      I don't know either. It's all Greek to me.

    2. Fluffy Cactus

      Re: Bah!

      It means simply that the scammers do not want to get hunted down by their own people, by their own uncles, by their own police, by their own mafia, by their own secret police.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019