back to article Watership downtime: BadRabbit encrypts Russian media, Ukraine transport hub PCs

Computers at Russian media outlets and Ukraine's transport hubs were among Windows PCs infected and shut down today by another fast-spreading strain of ransomware. Corporate systems within Interfax and two other major Russian news publishers had their files encrypted and held to ransom by malware dubbed BadRabbit. In Ukraine, …

  1. Ken Hagan Gold badge

    Ransom demands in BitCoin again

    How long before the authorities decide that BitCoin's main use is in laundering the proceeds of crime and that anyone accepting BitCoin payments is an accessory?

    (Note for would-be downvoters: This is a genuine question and not a rhetorical device.)

    1. Paul Hovnanian Silver badge

      Re: Ransom demands in BitCoin again

      They have already criminalized large amounts of cash and other assets*. So extending this to BitCoin isn't much of a stretch, IMO. They won't actually shut BitCoin down. Because that would devalue the assets seized by law enforcement to zero.

      *US civil forfeiture laws actually charge the cash or other assets with a crime, not the holder.

      1. Aitor 1

        Re: Ransom demands in BitCoin again

        civil forfeiture is a mockery of justice.

    2. Anonymous Coward
      Anonymous Coward

      Re: Ransom demands in BitCoin again

      "How long before the authorities decide that BitCoin's main use is in laundering the proceeds of crime and that anyone accepting BitCoin payments is an accessory?"

      You could say the same about US $100 bills...

      1. Snorlax Silver badge
        1. Not also known as SC

          Re: Ransom demands in BitCoin again

          You beat me to this.

      2. This post has been deleted by its author

    3. Florida1920

      Re: Ransom demands in BitCoin again

      How long before the authorities decide that BitCoin's main use is in laundering the proceeds of crime and that anyone accepting BitCoin payments is an accessory?
      Unfortunately, you could make a similar claim against anyone still using Adobe Flash.

      1. Viv

        Re: Ransom demands in BitCoin again

        How long before they criminalise the use of flash

        1. daflibble

          Re: Ransom demands in BitCoin again

          How long before they criminalise the use of flash?

          Longer than they should have ; )

      2. Anonymous Coward
        Anonymous Coward

        Re: Ransom demands in BitCoin again

        Unfortunately, you could make a similar claim against anyone still using Adobe Flash.

        .. and Windows ..

    4. MonkeyCee

      Re: Ransom demands in BitCoin again

      "How long before the authorities decide that BitCoin's main use is in laundering the proceeds of crime and that anyone accepting BitCoin payments is an accessory?"

      It would set a very dangerous precedent. If $thing is used for illegal laundering of money, then accepting payments for $thing is an accesory to a crime, then a whole range of things would be in danger of being banned. Real estate, cash, gold, trusts, off shore companies, etc etc.

      The amount that crooks use BTC for is peanuts compared to almost any other system. Have a look at estimates of the illegal drugs, arms and people smuggling economies, there isn't enough BTC around to transact a fraction of them. By far the most common currency of crime is the greenback, then the euro, and so on. Cocaine is probably used more as an illegal currency than BTC, and it turns out that it's already pretty illegal. Property and real estate development is used for more money laundering than you can imagine, and even the Chinese are having trouble stopping that.

      The authorities can also use existing legislation on proceeds of crime. If you appear to have a bunch of assets with no record of acquiring them and no visible income, then you can get investigated and charged, without needing to ban the ownership of any of the assets you acquired. Explaining away a million bucks buried in a backyard or a million in BTC/Monero is trickier. You can't even go "oh, I mined it back in the day" since a quick squiz at the blockchain will pretty quickly show you didn't.

      So we don't ban cash because criminals use it, thus we don't ban BTC for the same reasons. However, if you have a bunch of cash without a legitimate reason, then that can be considered suspicious, ditto for BTC et al.

      1. Jamie Jones Silver badge

        Re: Ransom demands in BitCoin again

        I think a few of you are missing Kens point:

        Encryption is used for all sorts of goodness, but the authorities want to ban that. (Well, backdoor-it, which leads to the same thing)

        Remember way back then people were calling for the internet to be banned, because... kids and terrorists. (*)

        There need be no logic to it - I'm sure some will call for the evil bitcoin to be banned... It's internet/encryption/techie stuff.. All the best bogeyman things rolled into one... Just wait until the UK tabloids pick up the cause..

        (*) Not so long ago in the case of Our-supreme-leader-in-chief-covfefe: "Donald Trump wants to ban the internet, plans to ask Bill Gates to ‘close it up’"

        - "Theresa May's Call to Ban "Safe Spaces" Undermines Encryption—And Misses the Point | WIRED"

      2. c1ue

        Re: Ransom demands in BitCoin again

        Why so you believe the criminals/bad actors are only a small fraction of bitcoin use?

        Cyber crime worldwide could be as high as $750 billion per year - Europol said cyber crime is more profitable worldwide than the illegal drug trade. The illegal drug trade was a shade under 1% of world GDP in 2003; world GDP today is $75 trillion vs $35 trillion then.

        The Reg just published something not long ago where OT was estimated that 10% of the cryptocurrency going into ICOs was from criminals.

        Methinks your assertion if hopeful rather than factual.

      3. Prst. V.Jeltz Silver badge
        Trollface

        Re: Ransom demands in BitCoin again

        " then a whole range of things would be in danger of being banned. Real estate, cash, gold, trusts, off shore companies, "

        Off shore banks *are* purely used for crime. Its about time someone invaded Switzerland and the Caymens and shut them down!

        1. Paul Hovnanian Silver badge

          Re: Ransom demands in BitCoin again

          "Off shore banks *are* purely used for crime."

          We are on opposite sides of the pond. Which one of us is 'off shore'?

    5. Snorlax Silver badge

      Re: Ransom demands in BitCoin again

      @Ken Hagan:"How long before the authorities decide that BitCoin's main use is in laundering the proceeds of crime and that anyone accepting BitCoin payments is an accessory?"

      No big deal. Leaving aside Bitcoin, there are another 1194 (at the last count) other cryptocurrencies.

      A new currency, Metronome, was announced today; it can hop between blockchains, so that should make the game of whack-a-mole all the more interesting...

      1. HieronymusBloggs

        Re: Ransom demands in BitCoin again

        "there are another 1194 (at the last count) other cryptocurrencies"

        What makes you think they'd ban them one at a time, rather than just banning all cryptocurrency?

        1. Snorlax Silver badge
          WTF?

          Re: Ransom demands in BitCoin again

          @HieronymusBloggs:"What makes you think they'd ban them one at a time, rather than just banning all cryptocurrency?"

          Who are "they"?

          What makes you think "they" would be able to ban all cryptocurrency in one fell swoop?

          1. HieronymusBloggs

            Re: Ransom demands in BitCoin again

            "Who are "they"?

            What makes you think "they" would be able to ban all cryptocurrency in one fell swoop?"

            'They' are the government of whatever country you live in. Governments have the power to make things illegal, including things like cryptocurrency. A legal ban wouldn't stop everyone using it, but it would make it difficult to convert into normal currency. If you think that can't happen, you have a lot more faith in politicians than I have.

        2. Paul Hovnanian Silver badge

          Re: Ransom demands in BitCoin again

          "banning all cryptocurrency"

          First, you'd have to define it in a legal sense. Write those rules to cast a broad net and you may end up banning things like SWIFT.

      2. Ken Hagan Gold badge

        Re: Ransom demands in BitCoin again

        "No big deal. Leaving aside Bitcoin, there are another 1194 (at the last count) other cryptocurrencies."

        That's the *easiest* possible loophole for them to close if you point it out, though.

    6. Anonymous Coward
      Anonymous Coward

      Re: Ransom demands in BitCoin again

      "encrypts Russian media"

      What goes around comes around.....

    7. Destroy All Monsters Silver badge
      Windows

      Re: Ransom demands in BitCoin again

      How long before the authorities decide that BitCoin's main use is in laundering the proceeds of crime and that anyone accepting BitCoin payments is an accessory?

      We already have the War on Cash, thank you.

      Yes, the Surveillance Society, where we can pretend the whole world is a Safe Space where we can be babies being watched over by benevolent civil servants white as driven snow.

      Who knows, it could happen!

  2. Anonymous Coward
    Anonymous Coward

    How long before the authorities decide that BitCoin's main use is in laundering the proceeds of crime and that anyone accepting BitCoin payments is an accessory?

    That will depend on how much their sponsors make, will it not? Individually the "authorities" and politicos won't make much if anything. But if their paymasters - in the widest possible sense - see any value in blockchain currencies, then there won't be a crackdown.

    Now, thinking about the demonstrated moral compass of any major bank's trading division, and the opportunity to make money in a poorly regulated, semi-liquid market, what's the chance that those big banks won't let it be known that blockchain regulation could stop the very Earth's rotation?

  3. Anonymous Coward
    Anonymous Coward

    nb - Bitcoin payments themselves are fairly traceable, although you can make it harder via TOR, etc..

    It's "coin rinsing" services that make it much harder to trace transactions. If governments do anything they will probably go after those. And because those services don't actually need to convert bitcoin via banks etc. they can be run pretty much anywhere by anyone. The inevitable whack-a-mole game will ensure. And I cant recall a single one of those that was ever conclusively won!

  4. Anonymous Coward
    Windows

    Sweet!

    Just this morning I enabled the anti-ransomware in Windows 10 Fall Creators Update

    https://www.theregister.co.uk/2017/10/23/fyi_windows_10_ransomware_protection/

    1. Anonymous Coward
      Anonymous Coward

      Re: Sweet!

      Just get a Chromebook instead, none of this nonsense. Windows is dying old school it's time to rethink...

      1. Anonymous Coward
        Anonymous Coward

        Re: Sweet!

        "Just get a Chromebook instead, none of this nonsense."

        Some of us need to run local applications that actually work and a proper OS. And seeing as Google's Android alone needed more patches last month than every single supported Microsoft product I wouldn't trust Google much on security! And Chrome doesn't exactly have a great track record. You might want to take a look at say:

        https://nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=google+chrome

      2. Muscleguy

        Re: Sweet!

        Here in Mac land I have a system pref for flash. When some website tells me I need to update flash I leave the browser and use that instead. You always have to think phish.

  5. Kev99 Silver badge

    Once more the idiots who think it's smart to use the internet for proprietary, confidential, or sensitive data have gotten their comeuppance. I have no sympathy for them.

    1. Pen-y-gors

      True, but in this case people aren't putting confidential data on the internet/cloud - it's safely on their own network,which happens to have a device on the network that is merely connected to the internet.

      Doing all confidential work on an air-gapped pc, and transferring itt via CD and sneaker net can work, but it's pretty inefficient.

  6. Pu02

    Like all software

    The UI improves in each release...

    1. Anonymous Coward
      Anonymous Coward

      Re: Like all software

      @Pu02 - I feel it'd be harsh to give you a downvote, so I haven't, but one of the things that was enormously pissing me off in the tail end of my recently-ended IT career was the fact that so many UI's were actually becoming less user-friendly over time. What they were becoming was more arty, showy, featureful, slower, confusing and user-hostile.

    2. Pen-y-gors

      Re: Like all software

      Yeah - that screen shot is suggestive of someone skilled in the latest state-of-the-art techniques for programming a ZX81. Is it meant to be ironic, or has a skiddie just combined a few off-the-shelf components, and that is really the best they can do?

      1. Prst. V.Jeltz Silver badge

        Re: Like all software

        I think they really were going for "Computery" so the muggles would be all like "wow look how technical that is , these guys know their shit , best do what they say"

        Whereas a nice windows box with a "pay now" button wouldnt give the same impression.

        1. bombastic bob Silver badge
          Trollface

          Re: Like all software

          "Whereas a nice windows box with a "pay now" button wouldnt give the same impression."

          yes. watch 'Wargames' or 'Hackers' or even 'The Matrix' and you'll get the impression that REAL hackers use that mysterious thing called "a console", something MOST users nowadays are either afraid of or forgot ever existed...

          "follow the white rabbit" indeed.

    3. bombastic bob Silver badge
      Facepalm

      Re: Like all software

      these days, "software" often means "slap together a bunch of 3rd party CRAPware into 'something' and call it 'an app'".

      BadRabbit is like that, according to the article anyway.

      '

      'Rabbit' is already a hacker term for "any hack that includes infinite self-replication" [according to online resources]. The alleged history is from a "hack called RABBITS reported from 1969 on a Burroughs 55000 at the University of Washington Computer Center".

      http://www.hacker-dictionary.com/terms/wabbit

      So the author is slapping TERMS together, too. How. Creative. NOT.

      icon, because, *FACEPALM*

  7. Anonymous Coward
    Anonymous Coward

    I bet some sysadmins need to hop to it this morning and by tomorrow morning they'll need some hare of the dog.

    1. John G Imrie

      I also bet that the entryway onto the corporate network was via some CxO who was to important for security.

  8. Anonymous South African Coward Bronze badge

    Alice in Wonderland... or Neo entering the Matrix.

  9. TheInnerPartSystem
    Joke

    Weak joke alert

    Oh, thank heavens for that.

    When the wife said she was infected with a Bad Rabbit I thought it was because of the intimate massager I got her from Gumtree.

  10. Anonymous Coward
    Anonymous Coward

    Commercial product

    DiskCryptor

    Does the main developer not have a 'back door' or master key to unlock the encrypted volumes?

    1. Paul Woodhouse

      Re: Commercial product

      well most politicians seem to think that... and that they can just hand it over to only the 'good guys'

    2. Anonymous Coward
      Anonymous Coward

      Re: Commercial product

      "Does the main developer not have a 'back door' or master key to unlock the encrypted volumes?"

      No. They generally use pc specific locally generated symmetric encryption keys to encrypt files and upload a copy on a CC server. Usually that key is encrypted by the attackers public asymmetrical encryption key so attacking the CC server doesn't help. When you pay the hacker uses their private key to recover your drive encryption key from the encrypted copy on the CC server.

    3. Prst. V.Jeltz Silver badge

      Re: Commercial product

      "not have a 'back door' or master key"

      From what I understand about encyption it seems to me that adding a master key would be incredibly difficult if not impossible if the cypher is actually ciphering to the user provided key.*

      They should use that excuse when the NSA keep banging on about it .

      *I suppose you could cheat and just double the size of the file by encoding two copies - one with your master key.

  11. Aodhhan

    Outlawing cryptocurrency

    You can't outlaw the currency but you can make the scheme illegal, and in-turn hold the sites supporting the scheme responsible.

    However, if politicians do this then they will not be able to launder the big money they receive for their foundations and other dark money making ventures.

    Rule 1 of being a politician: Never shoot yourself in the foot.

  12. Kiwi
    Unhappy

    So glad this isn't normal practice...

    Indeed, running the initial .exe may pop up a window asking you to disable any anti-malware software you have installed.

    So glad no legitimate software out there suggests that users turn off their AV. Why, that would be a big warning to someone that nefarious doings were afoot, and they should stop their activity forthwith!

    </sarc>

    :( So sad that there is so much software, from drivers to browsers to, well pretty much anything I guess, that suggests you should disable AV during the install. How many users now expect that as normal behaviour, when even legitimate programs ask for it? :(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like