back to article Ransomware scum offer free decryption if you infect two mates

Ransomware scum are suggesting that victims infect their friends instead of paying for decryption keys. The ransomware variant "Popcorn Time", unrelated to the popular Bittorrent client by the same name, first tells users they have a week in which to pay one bitcoin (US$770) in order to have their files decrypted. The menace …

Page:

  1. inmypjs Silver badge

    If only someone....

    would invent backups.

    1. ecofeco Silver badge

      Re: If only someone....

      That's just crazy talk!

    2. Anonymous Coward
      Anonymous Coward

      Re: If only someone....

      I'll risk saying it... Backups *should* help for Joe Blow, but that chance seems 50/50 in reality to me.

      I've know 2 people that have been hit by these scams that did run backups on their home machines. But being they hot swap drives and have access to their LAN (chiefly the NAS) from their workstation...everything went. I've still yet to figure out if this stuff would attack a "cloud", but I don't see why not if it's mounted.

      I can't lie, I've not dealt with ransomware (yet) so correct me if I'm wrong, but if the sneaky stuff hangs around for a few days meddling about before popping its head up, many of us could be more susceptible than we think.

      1. Anonymous Coward
        Anonymous Coward

        Re: If only someone....

        There are good ways around this, but they'd require rather more technical expertise than could be expected of the average user. The way to stop ransomware attacks is for no one to pay ransom. Heck, pass a law making it illegal to do so.

        If you make their return on investment negative, it will quickly stop.

        1. TheProf
          Unhappy

          Re: If only someone....

          "If you make their return on investment negative, it will quickly stop."

          Nice thought but it won't work. No-one gets paid to vandalise public monuments but it happens.

        2. Law

          Re: If only someone....

          We've got:

          - NAS for central data point for all devices in the house (it's RAID, with time-machine-esc feature of rolling versions back)

          - Changes to NAS data are automatically encrypted and backed up to cloud backup (amazon drive)

          - Once every 3 months I physically plug in a 4TB HDD via usb3 into the back of the NAS for half a day, which triggers a full backup to the external disk. This is stored in a locked box in my locked desk cupboard in a very secure building (my office).

          If the ransomware times it perfectly, they could kill my cloud and offline backup at the same time... but the chances are very small.

          I get told this is overkill, they might be right, but it helps me sleep at night knowing I wouldn't lose it all in a fire, or ransomware attack (it'd be lost for sure, as I'd never pay the scumbags). Plus, it took like an hour to set up, and it all works fairly automatically - except the physical plugging in of the offline backup.

          1. Alan Brown Silver badge

            Re: If only someone....

            "- Once every 3 months I physically plug in a 4TB HDD via usb3 into the back of the NAS for half a day, which triggers a full backup to the external disk. "

            The same external disk each time. *Facepalm*

      2. AMBxx Silver badge
        Joke

        I've know 2 people that have been hit by these scams

        But did you get your files decrypted free of charge after infecting them?

      3. Pascal Monett Silver badge

        @MyBackDoor

        And therein lies the mistake : hard drives do not a backup make.

        I am constantly bleating this horn and next to nobody is listening : the only valid backup system for Joe User is the optical disk. Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.

        Hard disks can be wiped by magnets, they can fail outright, the data can fade until it is not readable any more. In a word, they are not a reliable backup system. They are a perfect transport system for large amounts of data, but they are not backup.

        The WORM disc is a far better backup support, cannot be modified once written and can reliably store data for decades. I wrote my first CD backup in 1995 and it is still perfectly readable. It does take longer to write, but it lasts way longer once written.

        1. This post has been deleted by its author

        2. Steve K

          Re: @MyBackDoor

          Whilst I applaud the sentiment of a RO backup, optical disks - particularly the cheap ones commonly available to the average user - are prone to fading too.

          You are fortunate that a 1995 CD backup is still viable as I have encountered azo dye-based CDR/DVDRs which are unreadable or showing errors after only 5-6 years.

          1. Alan Brown Silver badge

            Re: @MyBackDoor

            "You are fortunate that a 1995 CD backup is still viable as I have encountered azo dye-based CDR/DVDRs which are unreadable or showing errors after only 5-6 years."

            DVD-Rs are a particular problem as they slowly delaminate if flexed.

            I'm surprised anyone is still using AZO. Phtalocyanen has proven much more stable.

            CD-RWs are better still as they are a real phase change material, not a dye.

        3. Anonymous Coward Silver badge
          Facepalm

          Re: @MyBackDoor

          Hard drives can make a perfectly valid backup if done correctly. That means unplugging them when not in use and storing them separately from the source (ideally in a fire safe, like you would with tapes and your optical thingies).

          Personally, I have my own backups on (effectively) a NAS, but with some scripting that creates a read-only copy of each backup... but then I'm techy and know what I'm doing. I recognise the risks and have mitigated them to an extent that I'm comfortable with. YMMV

          1. Lotaresco

            Re: @MyBackDoor

            "Personally, I have my own backups on (effectively) a NAS"

            It's easier to do with a NAS because you can mount/unmount the share as required, even in Windows hence the drive is only vulnerable during backup. Require a password for each mount and you prevent malware from getting at it easily. Run a cron job on the NAS to replicate the backups to copies with a data serial and you have another layer of availability.

            I've recovered some seriously borked systems with only minimal downtime and loss of data by following a tiered backup strategy.

            The problem, as ever, is the user. Users don't like having to do *anything* other than surf their porn and shop online. Having to do something like mount/unmount a drive isn't going to happen and they won't pay someone who knows how to do it to set it up for them. It's very difficult to device effective controls and strategies for SOHO because the users/owners don't understand the issues and largely don't care. Not until the Day It All Goes Horribly Wrong.

            In an enterprise you can work around this by providing thin client access to VMs and snapshotting the VM. The worst case then is loss of a few hours work.

            1. Anonymous Coward
              Anonymous Coward

              Re: @MyBackDoor

              Require a password for each mount and you prevent malware from getting at it easily.

              That is rather naïve. Do you think that malware runs visible in a top level desktop window that says "I AM NOW ENCRYPTING YOUR FILES, PLEASE WAIT"?

              Ransomware runs as a hidden background process so you won't know you've been infected, and will encrypt whatever it can gain access to. This means, as soon as you mount your NAS (password or not), the process will have as much access to the storage as your backup program has. Worse, because iterative backups tend to be stored on the same medium you may lose previous generation backups too.

              This is the major issue: if you run iterative backups (which most people do due to the time it takes to back up from scratch) you run the risk of having them encrypted too by ransomware.

              If you still dump onto tape, however, you may have less of an issue if you use a grandfather-father-son scheme, but all the random access read/write approaches are wide open. It takes longer for a network drive than local storage, but it's no less vulnerable.

              1. psychonaut

                Re: @MyBackDoor

                use carbonite.

                they have point in time restore. if you get hit, you get in touch and they can roll your backup back to before it happened. then you rebuild the machine, and press "get my files back" and thats it, job done. it can take a while to get all your data if you have a lot of it but you do get it back. you might lose some changes - they have to roll back to before anything was encrypted, but you wont lose much.

                ive seen it work in anger. i sell lots of it, you can make reasonable money out of it.

                unlimited storage is £69 dollars a year per device (for non server OS)

                its more expensive for servers of course but they have products that do all of that too.

                it really is very good indeed for the money.

                this is for non server/domain setups - not many small offices i deal with can afford a server, but you can also set up a spare pc (say dual core intel, 4gb ram, ssd if needed - hp elte 8000 for instance, say £50 for the box, £40 quid for the backup disk, same for [primary unless you want ssd) as a data server, then have network shares to it under a standard account. put a big backup disk in it and have macrium or windows backup run to that, remove permissions for standard users to access the backup disk. i prefer macrium because it can email if it is successfull or failed.

                then you have a box that cryptolocker can get at through the network shares, but it cant get at the backup disk.

                if you back that pc up with carbonite (69 dollars a year), you have belt and braces. (in case of fire, theft, stupidity)

                you can then run openvpn if you want remote access to the files, put prooper security on it etc etc....miles better than a nas.

          2. Anonymous Coward
            Anonymous Coward

            Re: @MyBackDoor

            Exactly. I have two large external HDDs hooked up, and the power strip is turned on and off by a cheap chinese remote control

            Every week, I turn press the button to turn on, do backups, then push button to turn off the power.

          3. Alan Brown Silver badge

            Re: @MyBackDoor

            "Hard drives can make a perfectly valid backup if done correctly. That means ..."

            Amongst other things - NOT running the backups on the system which is hosting the original data.

            Bacula's pretty good for this. Not only does it backup clients across a network, but because it keeps hashes of all the files in a database, you can tell what's changed and when it changed - aka a semi-decent IDS with restoral mechanism.

        4. Anonymous Coward
          Anonymous Coward

          Re: @MyBackDoor

          Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.

          1 - never heard of multi-session drives then?

          2 - you tell someone they should fill up their homes with stacks of pretty coasters

          3 - the write speed of those media vs the ever increasing amount of data that people generate (the incorrect pissing match on number of camera pixels is one of the drivers) makes this a dead proposition. My own system backs up a couple of GB a night - I now use an SSHD (hybrid) which cuts backup time to reasonable amount (I also use that because it offers me a "start from the metal" recovery process - and it's not the only backup that takes place).

          4 - the read speed: ditto.

          That said, I am moving to a system of multiple drives with a week's gap in between and offsite storage cycling - just in case. My OS is presently not sensitive to this, but I'm human like everyone else and can make mistakes too (mostly before coffee :) ).

          1. Alan Brown Silver badge

            Re: @MyBackDoor

            "I am moving to a system of multiple drives with a week's gap in between and offsite storage cycling - just in case."

            This brings up an important point about backups. You need at _least_ 3 copies of your data on separated media (the one you're backing up on, the one before that (offline) and the one before that (offline), which will be recycled to be your backup disk next time.)

            I've seen script kiddies knock out ISPs and businesses because all their "backups" were online and directly attached to the system being "backed up". People really have no clue about keeping things safe.

            The other classic is burglaries - people have lost not only their computers/laptops, but all the external hard drives that held the backups - conveniently placed on a shelf above the PC. Don't do that.

        5. Just Enough

          Re: @MyBackDoor

          DVDs and BluRay have very limited capacities. When I do a backup I do not want to have to sit around for hours swapping disks like it's 1994.

          And if you think that optical disk backups are indestructible and forever, you're in for a nasty shock some day.

          1. david bates

            Re: @MyBackDoor

            You're telling me - About 10 years ago I bought some magazine archives, via the publisher no less, that are now utterly unreadable. Apparently Im not the only one.

            1. Alan Brown Silver badge

              Re: @MyBackDoor

              "About 10 years ago I bought some magazine archives, via the publisher no less, that are now utterly unreadable."

              There is software for Linux which will do its utmost to extract data from such disks.(Dvdisaster)

              There's other software which can merge multiple sets of such data (assuming you have several copies of those disks, each with their own bad spots)

              1. Danny 14

                Re: @MyBackDoor

                you can host the backups on the system and leave the backup drive plugged in all the time. Simply have an account that does the backups and DENY the "normal" logged in users (and administrators so you don't have $ shares being an issue) access to the drive. If it is a NAS then again have a dedicated backup account that can access the share and no one else. Then use backup software that has user credentials as the backup user and away you go (I use EASUS as it has worked for backup and restore for me)

          2. Anonymous Coward
            Anonymous Coward

            Re: @MyBackDoor

            DVDs and BluRay have very limited capacities. When I do a backup I do not want to have to sit around for hours swapping disks like it's 1994.

            And if you think that optical disk backups are indestructible and forever, you're in for a nasty shock some day.

            for media, M-Discs supposedly last longer.

            I'm still waiting for Archival Disc.

          3. Orv Silver badge

            Re: @MyBackDoor

            "DVDs and BluRay have very limited capacities. When I do a backup I do not want to have to sit around for hours swapping disks like it's 1994."

            Bingo. I'm a sysadmin, and a pretty conscientious one, but if backing up requires a long period of manual intervention and I can't automate it, it probably won't happen on a regular basis. Certainly not daily. Hard drives have gotten so big compared to removable media that the only practical thing to back them up to is other hard drives.

            That's why I've gone the cloud route -- CrashPlan, in my case. It's worth the money for me to make it someone else's problem. Since it's not mounted as a disk and it allows me to go back to previous versions, I think it should be pretty resistant to ransomware. It also has the benefit of not being in my house, so I can still recover my data if I have a house fire or something similarly disastrous.

            I do make local disk backups as well, but those are more for convenience.

        6. Mark Dempster

          Re: @MyBackDoor

          >I am constantly bleating this horn and next to nobody is listening : the only valid backup system for Joe User is the optical disk. Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.<

          You have a point, but if the ransomware has been sitting on your system for a while before activating its payload, then your recent backups will also be infected. For many companies, the last week's (or other time period) data is the most important of all, and yet it's too risky to restore.

          That does depend on the nature of the backup, of course. But even if you only backup your documents it's quite feasible for one of them to have a macrothat triggers a ransomware download.

          1. Pascal Monett Silver badge

            Re: @everyone

            It's interesting that just about everyone here answered my post with variations concerning NAS and/or company backup procedures.

            Funny, I clearly indicated that I was talking about Joe User.

            Joe User does not have a NAS and wouldn't know how to set it up if you gift-wrapped it and installed it for him and, if you did do that for him, it would do eff all for his data when he gets infected with an encryption virus as is such the rage right now.

            And please stop going on about how optical discs "are not forever". Nothing is forever and it is hilarious to think that optical discs without any moving parts are more at risk than spinning rust. Your optical drive can fail, it has no bearing on the data on the disk. The same cannot be said about hard disks.

            Optical discs can fade (or so I've heard as well), but I take my data seriously enough to not buy the cheapest sort and, for the moment, I have indeed been lucky - if you call "luck" the staged multi-copy process I go through.

            Once again, optical discs are the best bet for Joe User. When/if he gets around to it, he'll have a valid copy that will be stable and reliable long enough for him to completely forget what was on it in the first place.

            You guys are experienced enough to choose your own path and take your own risks.

            1. Prst. V.Jeltz Silver badge

              Re: @everyone

              Pascal,

              Joe user these days uses a usb stick or a cheap 2.5" external drive from maplins.

              I myself use a Hard drive, I have 4 drives (2tb) with the same data on thereby eliminating the risk of losing data if one fails.

              Its better than burning 3077 CDs every week.

            2. Anonymous Coward
              Anonymous Coward

              Re: @everyone

              Used to back up to dvd, until we discovered at least half of them had self destructed within 2 years. Never again.

            3. Kiwi

              Re: @everyone

              Once again, optical discs are the best bet for Joe User. When/if he gets around to it, he'll have a valid copy that will be stable and reliable long enough for him to completely forget what was on it in the first place.

              1) DVD's are one of the flimsiest, crappiest data mediums out there, especially in "joe user's" house with the sprogs and their wonderful treatment of such things.

              2) Joe User likely has at least 500Mb worth of data to back up. Probably Joe User has at least a terrabyte HDD with a lot of movies/music, and maybe 40 of 50Gb worth of "junk files" on their system (Windows is great at cleaning up temp folders!). Junk files alone would just about take up a packet of DVD's.

              Then there's the space requirements. I could get 2 2Tb USB HDD's in the same space as 10 DVD's. The 10 DVD's would not quite give enough backup space for the average home user's junk files, whereas the 2x2Tb HDD's would give enough for 3 full backups.

              They won't fade. They're not as easy to damage as DVD's. Using the wrong marker type on them won't destroy them. A kid sliding one across a carpet won't damage them. Having the DVD tray close on the last one of them won't mean you just wiped out a 50-disk backup procedure coz disk#50 is now stuffed. They don't require a shitload of stuffing around every 30 minutes changing disk.

              For backup, optical is a dead medium. I know a number of home users who would need in excess of 300 dvds each backup (think I am adding up the numbers right), whereas ONE external HDD will do it. For Joe User, it is the worst thing imaginable and perhaps only marginally better than nothing at all. It's like clothing yourself with a single layer of cling wrap before going for a walk in the snow.

        7. Kiwi

          Re: @MyBackDoor

          Use DVDs or BluRay, I don't care, but write your data on something that cannot be changed afterwards.

          Grab DVD from machine, sit on carpet/rough surface. Grab backup external HDD from machine, sit on same rough surface. Which is likely to survive? Hit : Not the optical media, which seems rather fragile in most people's homes (y'know, with little tykes running around who can never understand the concept of "don't put my DVD's on the fecking carpet!")

          Hard disks can be wiped by magnets, they can fail outright, the data can fade until it is not readable any more. In a word, they are not a reliable backup system. They are a perfect transport system for large amounts of data, but they are not backup.

          I've never known a HDD to be wiped by close proximity to magnets. Did you know that HDD's have some quite powerful magnets INSIDE them, as part of the head mechanism, that are unsheilded and only a few mm from the platters? So the platters are spinning through a strong magnetic field? Nor have I ever heard of data "fading" on them.

          I wrote my first CD backup in 1995 and it is still perfectly readable. It does take longer to write, but it lasts way longer once writte

          Back about when you were doing your first backup CD, I upgraded a HDD in a machine. It was a whopping 120Mb HDD that I upgraded to a "cheap" (nearly$NZ600!) 1Gb drive that went in. Recently I discovered that disk and what the hell, spun it up. Still works fine, and data still fine.In fact a few days ago I played WarCraft 2 off a copy I took of that disk a couple of weeks ago.

          Anyone know where I can find a PCI MFM controller? Coz I also found a massive 5Mb HDD I'd love to spin up. And by "massive" I mean full height/full width. Don't think I have any mobo's left that have ISA slots.

      4. Steve K

        Re: If only someone....

        You'd have the same issue on Cloud/SharePoint really unless you have another challenge mechanism - it's a trade-off between convenience and security.

        If you want your files available seamlessly as if they were locally-attached then that's a risk you have to take. Versioning could help here, but it depends on how sneaky the payload is since if it activates over a longer period before popping up the demand then where do you start....?

        One way to protect the NAS backups at least is to have the NAS backup jobs running as a dedicated backup user - with a strong password - and these backup filesystems RO to their normal user.

      5. 9Rune5

        Re: If only someone....

        "I've still yet to figure out if this stuff would attack a "cloud", but I don't see why not if it's mounted."

        A while back, somebody on this forum told the story of such an infection. BUT! The backup vendor in question had a backup of several generations worth of changes. Rolling back to a point in time before the attack took place, and presto: The originals restored, safe and sound.

        The vendor mentioned was Carbonite and after reading about them here I became a subscriber. Roughly four years ago I think. I haven't had any use for them so far, but my local storage isn't getting younger or healthier.

        YMMV, but dealing with DVDs is hardly a walk in the park. I have had the "pleasure" of retrieving some of my old DVD backups, and though some files survived, others did not. It is a very temporary way of storing files. (I doubt I even found all the DVDs I started out with) Depends of course what you are saving. In my case 1TB worth of pictures. Those files never change, so not too tempting to keep weekly backups around on tapes or optical storage.

        1. Anonymous Coward
          Anonymous Coward

          Re: If only someone....

          Use DVDs or BluRay - Quick reminder if you follow this path is to buy a WATER-BASED marker to label your discs with. If you just use a random permanent marker it's probably spirit-based and these can fuck up the discs in 18 months or less. Reasonable-sized stationers should have them.

    3. FordPrefect

      Re: If only someone....

      Well they are useful unless the clever ransomware writers sneakily encrypt your daily backups for a period of time before and then encrypt the main machine, meaning when you try and revert to your backups for the past week you find they are all encrypted too.

  2. Oh Homer
    Paris Hilton

    Your chance to win!

    Dear soon-to-be-former pal,

    I write to you as someone who bought you a pint in the pub last night to introduce you to this exciting new opportunity exclusive to the soon-to-be-former pals of ransomware victims!

    Please send all your dosh to a Ukrainian criminal so I can unlock the full potential of my pr0n and warez collection which took me all week to download on my heavily monitored and throttled BT slowband connection, since I've never heard of backup and therefore this is my only copy.

    Hugz,

    Johnny B. Shite.

    1. Dan 55 Silver badge
      Happy

      Re: Your chance to win!

      Don't laugh, Johnny B. Shite's got an off-premises backup. He's doing quite well.

      1. Kiwi
        Coat

        Re: Your chance to win!

        Don't laugh, Johnny B. Shite's got an off-premises backup. He's doing quite well.

        Is that what The Pirate Bay is called these days?

  3. Destroy All Monsters Silver badge
    Gimp

    Wow. These guys are hardcore.

    This sounds like a story from one of those anime "I will not publish these compromising photos of you with kitchen implements if you deliver your two school friends to my rape cellar"

    How I know that?

    Err... research. Yeah, research.

    > Ransomware authors claim the ransom will be used to pay for food and shelter in Syria.

    Hopefully the Russkies clean up, because the France/UK leadership (more like Frankenship, amirite) - which is basically the root cause of this mess together with the Saudi pals - is currently doubling down on the "regime change before ISIS" fantasy.

    1. Destroy All Monsters Silver badge

      Re: Wow. These guys are hardcore.

      The thought occurs that paying up would mean "materially aiding terrorism", which is currently a no-no in our "haven of civilization", so better demur.

      1. Anonymous Coward
        Anonymous Coward

        Sounds like an argument for the Surveillance State

        By protesting and contesting Our right to spy on your every last electronic and non-electronic communications you are "materially aiding terrorism [and paedos]".

  4. Anonymous Coward
    Facepalm

    So...

    You spin up two VM's... get them infected... and get all your files back ?

    1. Nathan 13

      Re: So...

      With VMs making a V payment?

    2. Pascal Monett Silver badge

      Re: So...

      You forgot a step : pay twice the extortion amount

      Up to you, but I don't see how that is better.

      1. Doctor Syntax Silver badge

        Re: So...

        "You forgot a step : pay twice the extortion amount"

        No, it's easy. You spin up another couple of VMs for each of the VMs.

        It's VMs all the way down.

    3. chivo243 Silver badge

      Re: So...

      I was thinking the same thing. +1 for you, in fact, one could start a service... point these guys to phony users on disposable VM's, something, something, profit...

      1. Danny 14

        Re: So...

        again, reading fail. The TWO OTHERS NEED TO PAY UP before you get your free key.

        1. Prst. V.Jeltz Silver badge

          Re: So...

          interesting marketing technique.

          I wonder if traffic wardens will take it up?

  5. ecofeco Silver badge

    Well that's novel

    They are scum of the earth but that's rather novel for this.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like