18 September 2015

An introduction to "ransomware"

Excerpts from an article at Wired:
Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin. The digital extortion racket is not new—it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer. And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones...

Symantec has estimated, conservatively, that at least $5 million is extorted from ransomware victims each year. But forking over funds to pay the ransom doesn’t guarantee attackers will be true to their word and victims will be able to access their data again. In many cases, Symantec notes, this doesn’t occur....

One ransomware attack known as Reveton that is directed at US victims produces a pop-up message saying your machine has been involved in child porn activity or some other crime and has been locked by the FBI or Justice Department. Unless you pay a fine—in Bitcoin, of course, and sent to an address the attackers control—the government won’t restore access to your system...

CryptoWall can not only encrypt files on the victim’s computer but also any external or shared drives that connect to the computer. And the shakedown demand can range anywhere from $200 to $5,000...

TorrentLocker harvests email addresses from a victim’s mail client to spam itself to other victims. Fox-IT calculated at one point that TorrentLocker had amassed some 2.6 million email addresses in this manner.

Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, antivirus is still one of the best methods to protect yourself against known ransomware in the wild. It might not be possible to completely eliminate your risk of becoming a victim of ransomware, but you can lessen the pain of being a victim by doing regular backups of your data and storing it on a device that isn’t online.
More at the link.  The TL;DR seems to be in the last sentence - it may be cheaper to throw out and replace your computer than to pay the ransom.

5 comments:

  1. The action in Neal Stephenson's "Reamde" was initiated by a ransomware scheme. The victims were required to pay in the native currency of a WoW-like MMORPG.

    ReplyDelete
  2. One of the other people in my department had this happen to him. He had his external hooked up at the time, so both copies of his dissertation data were locked up. Taught all of us a lesson about the importance of keeping one backup not hooked up at all times, but heartbreaking for him.

    ReplyDelete
  3. I would think that throwing out your entire computer is a bit extreme - surely just reformatting and reinstalling is enough?

    Also it would be interesting to know if you can get infected/affected if you are already encrypting your files?

    ReplyDelete
  4. If you encrypt your info, that will only help you keep someone without the key from reading/accessing it (NSA and maybe others have the power to break many or all encryption schemes, so literally you're just holding someone off from decryption for some amount of time, not forever). But if you further encrypt your encrypted bytes, you present another layer to untangle. So if I encrypt a file, for example, and you cannot read it, then I win, but if you then encrypt the encrypted file, then I cannot read it, and you win. So it doesn't matter if you "beat me to the punch," it matters if I can access your bytes and cause them to be encrypted (scrambled).

    Presumably, if the BIOS (Basic In/Out System) of the hardware is not infected/compromised, then wiping the hard drive and reformatting/reinstalling the operating system would eliminate the lock on the computer itself. Not on any secondary or attached storage that is effected.

    ReplyDelete
  5. This happened to me a few years ago! I had never even heard of ransomware until I was the victim of it. One day I got a totally normal-looking alert from Microsoft. I didn't think twice about clicking it. And then all hell broke lose. My desktop was suddenly replaced by a screen 'informing' me that an evil virus had been detected on my machine and that I would have to pay 100 dollars to get it removed. What was so obnoxious was that the pretext for locking me out of my computer was to 'protect' me, when it was those sons of b*tches I needed protection from.

    I was so livid that I wouldn't have given them a penny to save their miserable lives. I took my machine to a computer repair shop instead. They were able to recover all my important files, thank god, but the computer had to be completely reformatted to 'free' it from the kidnappers.

    It took me a looong time before I could bring myself to click on totally legitimate popup notices from Microsoft or google afterwards and even now I feel a bit of dread when i do. These guys are scum.

    And wow, I'm glad for the tip that these guys can lock up external drives, since I back up my files to an external drive that I keep attached to my computer all the time. That ends NOW. While I was able to recover my files, I got kidnapped in the early days of this scam, and I think these criminals are more sophisticated now and it may not possible.

    Anyway, thanks for posting this! And btw, I love your blog.

    ReplyDelete