• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Ransomware: Yet One More Reason To Beef Up On Security

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

JaY_III

Senior of BX
Joined
Dec 17, 2000
Saw this:
http://theinquirer.net/default.aspx?article=33392

And it surprised me that Kaspersky says it may be impossible to deal with soon.

Also searched he with no results..
Basicly, the payload does not zombie your PC, Del or Damage anything.
However what it does do is hold your PC hostage.

How it seems to be doing this would be once you get hit, it then moves onto encrypt files on your system. A randsom note is left behind with instructions on how to pay money to the attacker to get the key to decrypt you files.
So you either pay up, or have to try your luck breaking the encryption, more than likly losing everything.
 
Uh oh, I do not like the way this is sounding. I must be more careful when it comes to my surfing habits.

Wouldn't a reformat take care of it though?
 
So it is a like a normal virus that destroys your information except they give you an option to buy yourself out of it.

You would think the FBI would be able to track these people down pretty easily by following the transfer of money into their accounts? With the co-operation of Interpol they should be able to stop it and hand out some pretty hefty jail time for extorsion.
 
The bank thing is a non issue.
Not only do you have the Swiss, you have many in the Caribbeans, Africa, ect. Everyone doesnt play nice, and if they get a cut, well enough said.

Also look at this:
http://www.viruslist.com/en/weblog?weblogid=185454886
Its a bluff saying 1 file per 30 min gets del till you pay up.
Well the average user wont know better.

And here:
http://www.viruslist.com/en/weblog?weblogid=188229060
The police in the UK did not follow through with the investigation
I think this is very bad as it encourages more of them

Whats to come is found here:
http://www.viruslist.com/en/analysis?pubid=184012401
http://www.viruslist.com/en/analysis?pubid=191951869

Things to Google to learn now would be:
Cryptovirology
cryptovirus
cryptologists
Ransomware

Lastly i found this FAQ
http://www.cryptovirology.com/cryptovfiles/cryptovirologyfaqver1.html
Seems very informative.

But getting one of these thngs seems like real bad news.
Any normal virus can be defeated with ease, even more so if you can pull the drive...

However am i missing something we can do beside brute force crack the crypto? As paying is not cool to have your stuff back. Plus every time someone pays one of these guys they ar jut funding another project for them to do this again.

As from what i am seeing you SOL if something important gets taken over by this new threat. I fell sorry for the PC repair guys who are gona have to tell customers they lost thier kids baby pics ect.
 
I don't know how strong the encryption was before of how strong it is now, but it diddn't take them very long to crack the unlock code the last time this happened.

Still sucks though.
 
IIRC, the last bit of ransomware (stupidly) had the password stored in plaintext within the binary. Newer ones may get a bit smarter and store a password hash instead. As for encryption strength, apparently the first ransomware used 56-bit encryption, and the latest uses 660-bit. For comparison, SSL uses 128 or 256-bit encryption (with 128-bit symmetric SSL encryption about equal to 2048-bit asymetric PGP encryption)

JigPu
 
Another reason to consider running Linux at this present time imho :D

Im not even convinced Vista will be much better at protecting the user from such things, the reality of Vista is that its still built on the legacy base of previous Windows and as such is by large subject to the same issues.
 
Last edited:
PWatterson said:
Wouldn't a reformat take care of it though?

You would be losing the files that are being held ransom anyway, so not really. Unless you don't need your files of course.
 
I thought having to clean systems with Spyfalcon was tough... I normally don't say "flatten and reinstall" as a first-strike measure, but I think I'm going to have to start soon if this becomes widespread.
 
UnseenMenace said:
Im not even convinced Vista will be much better at protecting the user from such things, the reality of Vista is that its still built on the legacy base of previous Windows and as such is by large subject to the same issues.

Who ever said Vista was for the betterment of the user.
I always thought it was for the betterment of the stockholder
 
UnseenMenace said:
Another reason to consider running Linux at this present time imho :D

Im not even convinced Vista will be much better at protecting the user from such things, the reality of Vista is that its still built on the legacy base of previous Windows and as such is by large subject to the same issues.
We (we, Linux/BSD people) are not immune. We're just smarter and also tend to keep backups so that when the crap hits the fan we shrug and format the disks and go back to yesterday's /home/ snapshot.

Flatten and reinstall has to be the order of the day for Windows as once it's compromised you can't trust anything the OS or 'priveleged' programs start telling you.

IIRC, the last bit of ransomware (stupidly) had the password stored in plaintext within the binary. Newer ones may get a bit smarter and store a password hash instead. As for encryption strength, apparently the first ransomware used 56-bit encryption, and the latest uses 660-bit. For comparison, SSL uses 128 or 256-bit encryption (with 128-bit symmetric SSL encryption about equal to 2048-bit asymetric PGP encryption)
You're gonna be there for a while... :(
 
^^^
Get Norton Ghost (or in my case Seagate's discwizard) and make regular backups. Also get a crazy software firewall, leave the crappy windows firewall on for good measure.. heck.. use a hardware solution like smoothwall or m0n0wall. Just keep an eye on what's going in and out. An internet condom will only go so far though and therefore the need for backups.

Suddenly Linux is starting to look more feasible.


Quick edit: No.. no it's not. Internet condom.
 
Back