Ransomware scammers: Won’t pay? We'll put your data on the internet

[JerkyMcDilerino]

Source: http://www.theregister.co.uk/2015/11/04/chimera_ransomware_publish_online/

 

Ransomware-peddling cybercrooks have come up with a sinister twist to their increasingly well-worn scam – online publishing.

Instead of just simply encrypting files on compromised Windows PCs, the relatively new Chimera ransomware offers victims a threat – if they don’t pay up, their data will be published online, presumably for all the world to see.

Scam emails punting the menace appear under the guise of job applications or business offers. Security researchers from anti-malware firm Botfrei spotted the ransomware, which is said to be targeting German SMBs.

If activated, Chimera also attempts to encrypt network drives connected to compromised Windows PCs, as a blog post by Botfrei explains.

So this is full-spectrum blackmail, providing cybercrooks are actually in a position to deliver on their threats. However, that seems far from certain.

For one thing, even Botfrei reports there is no evidence that personal data has actually been published on the internet. It doesn’t know whether private keys are handed over if victims meet extortionate payments either. All it knows is that the scam has been doing the rounds in Germany for at least the last couple of weeks.

Ransomware normally works by encrypting files on local machines without siphoning it off and storing it on the cloud. And there’s no immediate technical difference that would show Chimera ransomware is capable of any such thing.

Troy Gill, manager of security research at AppRiver, commented: "While this specific threat is a new addition to the crypto ransomware malware family, it is in perfect keeping with typical malware attacks. Making threats is the name of the game when it comes to ransomware or 'scareware'."

He added: “However, I think it is very unlikely that the victim is in any real danger of having their actual documents posted online. With all instances of cryptographic ransomware that we have observed in the past few years, all have simply encrypted the users files on their machine.

"None have shown any evidence that the documents were exfiltrated from the victims machine. Doing so would be a significant increase in risk for the attacker with much less reward,” Gill said, adding that Chimera is “essentially a variant of CryptoLocker with the added scareware element”.

“If this tactic (of threatening to release documents online) proves to increase the attackers effectiveness then we can rest assured it will become more widespread,” he concluded.

Whether the tactic will work is far from certain. Leaking otherwise locked-up data might actually suit some victims.

Ransomware, in general, highlights the need to keep backups, run up-to-date security software and apply common sense while surfing online, especially when it comes to opening suspicious email attachments and the like.

None of this is certain but anything that minimises the chances of getting infected ought to be encouraged

People say ransomware is gay because all they do is encrypting the files and demand you to pay certain amounts of money to decrypting it, but many of us have backup drives so we can restore it back right? Well guess what? This time, ransomware scammers will publish your data on the internet if you don't pay. Just imagine, all your porno files, banking details, and even your personal informations will be seen by millions of people around the world which is embarrassing. 

[ThatOneRussian]

this is old news

[Jerakl]

I don't keep porn or bank info on my PC. 

 

My personal info isn't very interesting.

[BlueChinchillaEatingDorito]

Something more frightening than Cortana spying on you. 

[Guest]

I don't keep porn or bank info on my PC. 

 

My personal info isn't very interesting.

It's not that sort of thing they're worried about  - client lists, sales data, product design information ect.

[Jerakl]

It's not that sort of thing they're worried about  - client lists, sales data, product design information ect.

 

That's true. 

If they got a big corps info, oh boy.

[XTankSlayerX]

Privacy is just an illusion...

:rolleyes:​

I can only see this being a major issue for companies or people who do business on the net.

That's true.

If they got a big corps info, oh boy.

Anyone remember a little company that got leaked entirely?

Sney? Soy?

Ahh, can't remember

/s

[Albatross]

Something more frightening than Cortana spying on you. 

 

Both hold your information prisoner and use it to exploit you.

[Guest]

That's true. 

If they got a big corps info, oh boy.

That's normally who they go after - I see about 25-40 Cryptolocker emails in my work inbox each week and some of them look pretty convincing. The scammers go after big business mostly because they are more likely to pay up. Steve at home may not have $40k to get his files back but a legal office sure will.

[DIV1D3]

Eh, Google has it all already. 

[iamdarkyoshi]

That's normally who they go after - I see about 25-40 Cryptolocker emails in my work inbox each week and some of them look pretty convincing. The scammers go after big business mostly because they are more likely to pay up. Steve at home may not have $40k to get his files back but a legal office sure will.

Yup. I used to work at an IT buisiness (I am 17) and I had to figure out what the hell was eating out PCs and network files. Turns out someone got a cryptolocker and it wreaked havoc on the network (Thank you backup tapes) but I just used our remote management software to search for the "howtogetyourstuffback.txt" files on each PC. Then we ran extensive AV on any suspect PCs until we found one that had... a couple viruses on it... and we talked to the user of the PC and we have not seen anything since.

[iamdarkyoshi]

Night theme and black text nazi warning

[vanished]

Hold on, wouldn't that take quite a while?  If you have terabytes of data and a typically miserable upload speed, it could take literally weeks to transfer it all.

[Tigerbomb8]

Yer good luck to them.. My upload speed is to slow for them to take anything.

[simson0606]

but hey, if it's on the internet you can get your data back for free!

[TriviaBeast]

In an age where people are literally desperate to put what they ate for lunch on the Internet I don't imagine this will do much.

[Albatross]

In an age where people are literally desperate to put what they ate for lunch on the Internet I don't imagine this will do much.

 

I guess they meant credit card info or other personal details that could lead to problems.

 

Otherwise, yea, not really a threat to most people on the internet. I've seen just how many people care for their privacy, and it isn't much.

[UnknownEngineer]

Hold on, wouldn't that take quite a while?  If you have terabytes of data and a typically miserable upload speed, it could take literally weeks to transfer it all.

Could just be file names with file types, not the actual data necessarily. That way you could still possibly embarrass a person with it.

Or the program reads the files and targets specific types such as word, exel, PDF documents.

 

My mom's laptop has at best, 6GB worth of that kind of data, that amount can be transferred over night.

 

This makes me think that there probably is a threshold on how large files get targeted, say you put all you documents into a zip file with 5GB size, it wouldn't get sent. You would still be able to access said "library's" contents locally, but if you get a virus, you will only lose what you haven't backed up, nothing will be sent.

[Pesmerga]

These people should be whipped :I

[lubblig]

For companies this could really be bad.

 

But for everyday people getting like, photos and documents, leaked online is just a nice way of getting your stuff back without paying really.

 

Sure, having your all your family photos posted online is probably not something you'd enjoy a ton but getting it back for free is a plus.

[GoodBytes]

Just encrypt you data.

Windows Pro and up allows you encrypt your data with certificate. Sure, its not the best encryption in the world, but it is fairly solid, and random unreadable data on the web will just get mixed by million of garbage ones that has no value, it will jot worth the effort.

Plus, Windows encryption certificate system ties with your account (or business if you want. A win10 new feature). So, you, as a user don't experience any difference in accessing your data (if that is what you are afraid off/worried about if it bugs you from all encryption system).

Of course a proper encryption is best, but that one is 'free' in Windows and easy to setup, and don't affect in any way your experience, beside the file name in green

[Master Disaster]

Format C: /Q

Problem solved.

[iwasaperson]

Just encrypt you data.

Windows Pro and up allows you encrypt your data with certificate. Sure, its not the best encryption in the world, but it is fairly solid, and random unreadable data on the web will just get mixed by million of garbage ones that has no value, it will jot worth the effort.

Plus, Windows encryption certificate system ties with your account (or business if you want. A win10 new feature). So, you, as a user don't experience any difference in accessing your data (if that is what you are afraid off/worried about if it bugs you from all encryption system).

Of course a proper encryption is best, but that one is 'free' in Windows and easy to setup, and don't affect in any way your experience, beside the file name in green

Or just use Veracrypt containers.

Or you can just use GNU/Linux since CryptoWall only targets Windows.

[iamdarkyoshi]

For companies this could really be bad.

 

But for everyday people getting like, photos and documents, leaked online is just a nice way of getting your stuff back without paying really.

 

Sure, having your all your family photos posted online is probably not something you'd enjoy a ton but getting it back for free is a plus.

Agreed. I hope this extra bit of assholyism gets them caught somehow

[TriviaBeast]

Or just use Veracrypt containers.

Or you can just use GNU/Linux since CryptoWall only targets Windows.

That's an interesting point. I do most of my business or important work on Linux and game on windows. Anything valuable goes to Linux really.