Late with your ransom payment? Never mind, CryptoLocker crooks will, er, give you a break Crybercrooks behind the infamous file-encrypting CryptoLocker ransomware have begun offering a late payment option, which costs victim five times as much to "buy" the decryption key necessary to unscramble their encrypted files. Previously, victims who failed to pay a $300+ ransom (up to 2 Bitcoins, $460) within three days …
#1. TrendMicro among others reported drive-by attacks also... But how common are these and Is JAVA, Flash, Browser Plug-ins or JavaScript a requirement?
#2. With the UK Govt pushing for filtered internet connections, I wonder why ISP's don't offer automatic filtering at the pipe level, to block Virus / Malware / Spyware / Bank Trojan keyloggers? Wouldn't it be good business for them?
#3. For those who pay, do they always receive a working key?
" It seems the crooks behind the scam have latched on a way to extort even more from such individuals as well as late payers in general."
The crooks might describe it as a "late payment" option, but please don't pander to them and use the term "late payers" when the correct term is "victims".
What next? Are they going to apply (in the UK, at least) the Late Payment of Commercial Debt regulations and apply a £40 late payment fee and statutory interest at 8% above the Bank of England base rate?
Had his bootcamp partition infected, refused to pay the demands, the time lapsed, and wanted it fixed, get this, under warranty. It was explained to him politely that only hardware is covered under warranty, and that software and data was effectively his responsibility. He had no backups, because in his own words "I've never had a problem before"
When the situation was fully explained to him about what had happened and that there was little chance of getting anything back yelling, screaming, and finally tears ensued - his entire life and business was on this single partition of the hard disk. Without it everything was gone.
While you can argue more fool you for not having a backup, and as tech people we're inclined to do so, seeing this happen right in front of me, brought me finally to the conclusion that these evil bastards ruin innocent peoples lives.
Being in IT, I'm mostly sympathetic towards users who have lost data from virus attacks, and I do my best to help and educate them. But in my darkest hours I do get incredibly pissed off about the way they still treat IT staff as a nerdy joke, disregard our warnings and best practice advice, and then blame us for not preventing the catastrophe caused by their own stupidity.
Y2K was a big wake-up call for me. We had resources thrown at us in the preceding years to investigate and mitigate any possible disaster, and then when nothing happened (mainly due to us pulling out all the stops) the IT community was accused of having manufactured the whole thing. If disaster had struck we would have been accused of not doing enough to prevent it.
So if it's raining outside, the sky's particularly black, I'm in a bad mood, and you tell me that Cryptolocker's eaten all your files because you never took a backup (like I've been telling you for years), then I apologise for telling you I told you so.
Dear Semi-intelligent Cyberthugs,
To paraphrase the wise and powerful Yoda: "Incredibly stupid are you for collecting ransoms via Bitcoin". Do you really think you cannot be found? Because your using super-uncrackable-double secretive-hyper encrypted-data stream? Uncrackable algorithms?
HA!
Perhaps you have not read about or understand today's espionage capabilities.
The NSA has the capabilities to reveal your true names and address' to the authorities. I have NO DOUBT WHATSOEVER they already know who you are, and where you live, and the color of your eyes. You can expect a rude early morning "wakeup call" and a gun in your face at any time! The tip-off information to the arresting authorities will be anonymous. The NSA does not like the limelight.
My recommendation for you is to destroy any proof of your existence, all the CryptoLocker program files and disappear - NOW! Even that may not help. Perhaps if you publish all know decryption keys? In any event, don't think that the NSA cannot track you. It is not a question of "can they", but "if and when" they want to.
I for one am surprised you have not already been caught. Perhaps if a few more Americans, or possible a US Senator two being snared in your trap, will encourage to NSA to act. Maybe the NSA will do it to gain some much needed public sympathy. Something they could really use now.
On second thought, perhaps it's already too late. You seem to have no clue what the REAL capabilities of the NSA are. None. Everything you may read about is old news to those who work or have worked for the NSA in the past. What you will never read about is the programs being developed in secret. The stuff that even Snowden DID NOT have access to. The really scary stuff...
If the NSA wants you "found" - it will happen.
Bail now. Warned you have been!
JB77
Although I like the idea of those despicable individuals getting a morning gun in the face, I seriously doubt the NSA is going to lift a little finger on this.
The NSA is there to keep The People in line and get juicy info on the next political scandal before it happens, NOT to actually catch anything ressembling a terrorist, or even less, a basic criminal.
A criminal is not a threat against the Government. Public malcontent is.
This post has been deleted by its author
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
