Just plain nasty.
Scammers become the scammed: Ransomware payments diverted with Tor proxy trickery
Cybercriminals are using Tor proxies to divert ransomware payments to their own Bitcoin wallets. Ransomware scammers have long directed victims to payment portals on the Tor network. For those who do not want to or cannot install the Tor browser necessary to pay their ransoms, operators generally direct victims to a Tor proxy …
COMMENTS
-
-
This post has been deleted by its author
-
-
-
Tuesday 30th January 2018 16:23 GMT Gene Cash
Re: Twice screwed
For those that lost their term paper or vacation pictures, Confucius says:
"There are those that make backups, and those that have yet to lose irreplaceable data."
"You don't convince family members to take periodic backups. Repeated, tragic data loss convinces family members to take periodic backups. Same as everyone else."
"If it's in an online NAS, it's not a backup."
-
Tuesday 30th January 2018 20:57 GMT billdehaan
Re: Twice screwed
I cannot agree more with backups.
Though most of my friends are engineering types, many are married to/derived from/have spawned mundanes. It happens in the best of the families.
I cannot count the number of quintuple levels of backups that have been casually tossed aside, reformatted, lost, or otherwise rendered inoperative, only to have absolute delirium descend when the inevitable occurred and the drive crashed.
I've had users near-hysterical because a laptop drive died (bad MBR and a heating issue to boot, very nasty), taking over a decade of irreplaceable data with it. Through a miracle of boot sector fiddling, and spraying freeze-mist at timed intervals to keep the drive at just the right temperature to not overheat not shut down, we managed to get it going, just barely.
Of course, our attempts to immediately scrape the essential data off to a backup were stymied as the user (who outranked us in the hierarchy by several levels) waved us aside, because she needed to work on the drive RIGHT NOW.
Fortunately, my co-worker, more savvy than I was, had prepared for this. He had a printed-out form ready for her to sign. It stated that she was fully aware the drive was dying, that using it prevented data from being backed up, and that her insistence on using it meant all data could be lost irretrievably.
She signed it, shooed us aside, and went to work on the "fixed" drive. Two hours later, the phone call came in, and no amount of freeze mist, holy water, or the like could put humpty dumpty back together again.
Fortunately, the business critical data had been scraped off (we'd insisted on that), the only things that had been lost were all of the personal things that were on the laptop. Of course, she tried to then escalate the issue because the "useless" techs had not saved her critical work. This apparently included her daughter's thesis, which raised the question of why her work laptop was being used by her daughter in the first place. My co-worker presented the form she had signed, taking full responsibility, and we were lucky enough to work for sane management, and the matter was dropped.
But to this day, I'm certain that that user blames her data loss on us, "bad luck", and learned absolutely nothing from it.
You can cure ignorance, but you can't fix stupid.
-
This post has been deleted by its author
-
-
-
Tuesday 30th January 2018 16:28 GMT }{amis}{
Re: Twice screwed
I will admit stuff like this makes me feel bad.
I happily bash companies that dont take proper precautions against this kind of thing, but the industry has failed the average jo off the street who just wants to send some email.
These are the people who suffer for the IT industries failures.
-
-
Tuesday 30th January 2018 22:01 GMT Mayday
Re: Twice screwed
"That's why Apple has Time Machine."
I use Time Machine, and it is good at what it does.
Time Machine would not prevent the average ransomware attack because they also target connected drives, such as a Time Machine backup, regardless if it is directly connected or mounted over a network.
-
-
-
-
Tuesday 30th January 2018 19:57 GMT steve 124
And Apples don't get viruses in 3....2.....1....
@gnasher, what took so long for you to say Apple products don't suffer from this sort of thing?
If we'd just all switch to Apple, this whole industry (heck even the entire security sector) would just fade away!
LOL, I'm sorry that just cracks me up every time someone claims it. Anyone want to speculate whether the Apple Gods will even tell their users their CPUs also suffer from Meltdown and Spectre? I'm sure they engineered around that issue when designing their own custom CPUs... oh wait, dang it... INTEL!!! You Bastards!
-
Tuesday 30th January 2018 23:07 GMT J. Cook
Go industrial grade or go home
Netapp snapshots are immune to being corrupted by ransomware, primarily because while it *does* act at a shadow copy to a mundane windows machine, it's an entirely different beast behind the curtain.
While I've not actively *tested* it (no safe environment *to* test in ATM), As long as the ransomware is not executing directly on the file server, I want to say that shares using shadow copies are safe as well. YMMV, not actively tested, do not take this as ironglad, no warrenty implied, etc etc etc.
-
Wednesday 31st January 2018 14:53 GMT BugabooSue
Beware Management Privilege...
We have a local offline (not connected to the Internet) network backup system, multiple write-once protected physical backup hardrives (in a father, grandfather, great... all the way back to the dinosaurs), and I guarantee that at some point, some idiot will screw the whole lot into Data Hell.
Our backups have (frequently tested) backups. Our servers are fully-patched, mirrored and protected physically by sharks with lasers. The servers spend more processor time searching for Nasties than they do serving, but it will inevitably happen that some Twot (last April it was the tight-fisted Financial Director in charge of IT spend - the delicious irony!) who brought the lot to a grinding halt by using his personal laptop on the local ISOLATED storage intranet.
This was after his “son” (yeah, right!) had been caught using it at home to surf every grubby porn linknknown to man or beast - literally. I saw the search history and browser caches!!
Not saying what he did to the system, but the damage went back through nearly 3 months of business data before we found the root cause.
That vulnerability attacked was completely outside what any of us had envisaged (he was using the servers to save his, er, “Son’s” porn collection).
We now have a new Finance Director. SHE doesn’t stand for any shit - from us, or anyone else. We get the money and resources we need, and hopefully the company doesn’t have to suffer this again.
It will happen again. To say it won’t is idiotic, but at least we know that the backup system works - The network was purged and refreshed overnight and we lost nothing of importance.
I love the Easy Life. :)