I hate Ransomware

[mdhofstee]

Article is titled TeslaCrypt ransomware is now unbeatable.  Let me start off that I have been hit with ransom ware once and was able to get rid of it by using AVG's free tools to create a boot able USB stick that cleared out the issue.  It used a Linux OS to do this with so I am guessing with the recent attacks of Linux with ransom ware this option is going to become limited in abilities. 

Quote

Cisco's Talos research group found that TeslaCrypt 3.0.1 has improved its implementation of a cryptographic algorithm making it impossible now to decrypt files. 

This is more than likely the method AVG was able to kill it but I am not sure I was hit with this version of ransom ware.  I was hit with the FBI warning one so I am not sure what had occurred outside of the fact I was able to get it beaten a few years ago.  Cisco was able to create some of the tools that others more than like licensed to resolve this issue. 

Quote

Weaknesses in versions of TeslaCrypt allowed researchers to create tools including TeslaCrack, Tesladecrypt and TeslaDecoder for people to decrypt their files without paying a ransom.

That encryption weakness has now been closed.

"Unfortunately, so far we are not aware of any tool which can do the same for this variant of TeslaCrypt," the Cisco reseachers wrote.

But given the fact that each version of attack and defense tends to raise the stakes I think at the end of the day we will see a defense against this version in the near future. 

Of course this final quote makes me cringe.

Quote

Backing up files is the best defense, but the FBI warned last month that cybercriminals are increasingly aiming "to infect whole networks with ransomware and use persistent access to locate and delete network backups," according to the Security Ledger.

Having a bug like this attack not just one computer but an entire companies network would really suck. 

[Sors]

I have deal with the FBI warning ransomeware you mention and is nothing like the file encrypting ransomewares that are attacking now, the one you saw only puts a screen warning when you boot and doesn't let you work on the PC, but all your files are still there, and yes, all you had to do was delete the virus and everything came back to normal.

 

The new ones encrypt all the personal files in a PC, and there is no way to recover them yet.  I have seen this virus once already, that came through an email on a company's PC, I have the HDD right here, with all the encrypted files in case someone ever finds a way to decrypt them..

[mdhofstee]

I think Cisco might have some tools that could help for the hard drive.  You might want to take a look at it. 

[Sunshine1868]

I hope I run into ransomware on my Windows 7 machine..... it's a VM, so I'll just restore to a snapshot and not have to pay the suckas! ? 

[Tieox]

I hope the people that created this ransomware, end up in a dark room, with the only sound heard, is Celine Dion covering Rammstein songs for years on end.

 

 

 

[Bojamijams]

9 minutes ago, Kierax said:

Celine Dion covering Rammstein songs

has this happened? I want to hear it!

9 minutes ago, Kierax said:

 

 

 

 

[ChineseChef]

1 hour ago, Sunshine1868 said:

I hope I run into ransomware on my Windows 7 machine..... it's a VM, so I'll just restore to a snapshot and not have to pay the suckas! ? 

Just be careful that the VM doesn't have write access to network files.

 

On topic:  I can see ransomware and other malware being the primary push that fixes online ads.  Since online ads are becoming the primary vector for things like this.  Now that criminal groups and people have seen the easy money that can be made, and bitcoin and similar cryptocurrencies allow for anonymous payment, this will keep getting worse and worse.  There will be no reason to stop, and the only software protection that will work is one that doesn't let the program run, and (really the key here) doesn't ask the user or even let them decide.

 

There is no anti-virus/anti-malware/OS update on the planet that can protect against users clicking "do it anyway".  The only real option to stop them is to just not show them the choice.  Adblock and Noscript and all the similar variations are really the only way to stop the masses from getting infected, since it simply won't show or allow the programs to run.  The key thing is you can't give the masses an option for "do it anyway", because they have shown time and again, that they will always click it. 

 

This means that more and more websites will have to start designing better websites, and increasing their security.  And I don't honestly see the Advert companies doing even a single thing until someone like Google just starts massively cutting them off, or legal regulations come into play that hold them financially responsible and a company actually gets hit with fee/penalties that are enough to matter.  The Advert companies would sooner burn every system on the planet than spend money fixing and vetting their systems/ads; besides, then more people would need services they could sell ads for!

[Sunshine1868]

42 minutes ago, ChineseChef said:

Just be careful that the VM doesn't have write access to network files.

 

...do you take me for a fool? hahaha

[Arty]

i don't understand how you get this lol, do you all just randomly click on everything on the internet lol?

[mdhofstee]

Nope I just happened to be on the net at night and use Yahoo! as my homepage.  I think I am the last person on the planet that does.  In any case I uhm just happened to see something tech related, see if it is interesting to me and then read the article.  I then check on the forum and see if anybody posted this and if they did I read their thoughts and input anything of importance or post the article to allow people to see the article in question.  The thing is I am not big on video cards and the such.  I am big on security and storage so those are the articles I am interested in reading.

[cummerou1]

I have been hit with ransomware a couple of times, i just had to open the job list and cancel it and it stopped (this was when i entered a website and i could not press the "x" to close the browser).

[eyecantseeover24fps]

Ransomware is the only type of virus I'm afraid of. Any other virus I can just remove, but encrypting ransomware is extremely scary. I keep backups, but even then a smart ransomware program can wait until you plug in the device you're backing up to before it goes off, keylog your passwords for stuff like Google Drive, etc.

[BuckGup]

Thanks to javascript ransomeware is easier then ever to get! Just go to a website and boom you got it. Like R32

[zenodio]

As a person working in IT Support for a pharmaceutical company I can definitely agree that ransomware is a major pain in the arse.

We have been battling it for months, it's definitely keeping our server term busy, that's for sure...

 

The worst thing about ransomware in a corporate network is that it spreads like cancer making it more and more difficult to track the source as well as completely getting rid of it without re-rolling all the servers back to a previous state before the infection.

To make it even worse, you never really know when the the first workstation or server was infected since the encryption kicks in days or maybe even months after the infection.

[Lazmarr]

On 18/03/2016 at 4:43 AM, Sors said:

I have deal with the FBI warning ransomeware you mention and is nothing like the file encrypting ransomewares that are attacking now, the one you saw only puts a screen warning when you boot and doesn't let you work on the PC, but all your files are still there, and yes, all you had to do was delete the virus and everything came back to normal.

 

The new ones encrypt all the personal files in a PC, and there is no way to recover them yet.  I have seen this virus once already, that came through an email on a company's PC, I have the HDD right here, with all the encrypted files in case someone ever finds a way to decrypt them..

The encryption one infected the computers attached to my universities' network. But they use multiple networks and regular backups so it didn't do as much damage as it could have done

[Roawoao]

On 18/03/2016 at 7:43 AM, ChineseChef said:

On topic:  I can see ransomware and other malware being the primary push that fixes online ads.  Since online ads are becoming the primary vector for things like this.  Now that criminal groups and people have seen the easy money that can be made, and bitcoin and similar cryptocurrencies allow for anonymous payment, this will keep getting worse and worse.  There will be no reason to stop, and the only software protection that will work is one that doesn't let the program run, and (really the key here) doesn't ask the user or even let them decide.

 

There is no anti-virus/anti-malware/OS update on the planet that can protect against users clicking "do it anyway".  The only real option to stop them is to just not show them the choice.  Adblock and Noscript and all the similar variations are really the only way to stop the masses from getting infected, since it simply won't show or allow the programs to run.  The key thing is you can't give the masses an option for "do it anyway", because they have shown time and again, that they will always click it. 

 

This means that more and more websites will have to start designing better websites, and increasing their security.  And I don't honestly see the Advert companies doing even a single thing until someone like Google just starts massively cutting them off, or legal regulations come into play that hold them financially responsible and a company actually gets hit with fee/penalties that are enough to matter.  The Advert companies would sooner burn every system on the planet than spend money fixing and vetting their systems/ads; besides, then more people would need services they could sell ads for!

Not sure how you can fix all vectors they use not every ransomware is through online ads. But things like cryptocurrencies are required for their ransom model to work. So obviously the easy thing is to break the anonymity of bitcoin and your golden. Since the block chain is not designed to protect anonymity but is actually more of a totally transparent log all you have to do is a lot of heavy lifting on the monitoring/side channel attacks to break the criminals privacy.

 

Using bitcoins to what is effectively money laundering is extremely illegal anyway and going after mixing services and online wallets is not impossible. 

[Energycore]

I assume running a sandboxed web browser will add that additional layer of protection against these kinds of threats. Is this correct?

[ChineseChef]

12 hours ago, Roawoao said:

Not sure how you can fix all vectors they use not every ransomware is through online ads.-snip-

I wasn't meaning to fix every avenue of attack, just the ones that come from web ads.  They can be fixed, assuming websites don't just farm out space on their sites for anyone willing to pay. 

 

But that is a good point about crypto currencies.  The only real way I could see them dealing with the expense of effort to find each of the malicious users/groups that use crypto currencies, would be if the gov't spent the effort to simply identify everyone using it, or made it illegal for banks and financial groups to interact with crypto currency providers/markets.  If you know that users from country X can't give you bitcoin, because they literally can't convert their money from X to bitcoin, you will have to find a different way to get paid, or simply give up.  And I could easily see the USA going full dystopia and banning all crypto currency of any kind.

[Roawoao]

1 hour ago, ChineseChef said:

I wasn't meaning to fix every avenue of attack, just the ones that come from web ads.  They can be fixed, assuming websites don't just farm out space on their sites for anyone willing to pay. 

 

But that is a good point about crypto currencies.  The only real way I could see them dealing with the expense of effort to find each of the malicious users/groups that use crypto currencies, would be if the gov't spent the effort to simply identify everyone using it, or made it illegal for banks and financial groups to interact with crypto currency providers/markets.  If you know that users from country X can't give you bitcoin, because they literally can't convert their money from X to bitcoin, you will have to find a different way to get paid, or simply give up.  And I could easily see the USA going full dystopia and banning all crypto currency of any kind.

You don't really need to ban the use of crypto currencies you just have to force them to comply with existing financial regulations which make it possible to follow the money trail. Even offshore bank accounts are not immune to inspection due to international treaties and laws. I don't really see the benefit to have pseudo anonymity since the currencies are about total transparency anyway and were never designed to hide anything. The hiding aspect is something people tacked on with what amounts to money laundering techniques (splitting, going through pools, multiple accounts, ...) Arguably cash transactions provide very good anonymity and are far more useful for most people if they want to have private transactions that would never be recorded in any way let alone a public cryptographically protected ledger. 

 

I don't even really see a future for cryto-currencies as they just don't scale very well compared to say cash or credit cards the transaction volume it can technically handle is minuscule. Probably a good example of the trade off of security vs. usability in the extreme since the system is a secure decentralized currency system but suffers from the high energy demands to provide such security and the low volume of transactions it can handle in practice. Then there is the fact these inconveniences result in hubs (exchanges) forming that become critical weaknesses and mining groups becoming too large also results in unintentional centralization. Multiple world currencies and banks basically has the same structure just transactions are both traceable and reversible provided cash has not been taken physically. With cryptocurrency the moment you spend there is no method to reverse a transaction as it literally is designed to prevent such an action. Then you have the uncertainty in instead of financial leaders you have developers leading where the currency goes. In the end it becomes the same thing with a whole set of very similar problems just is much slower and less energy efficient.

[Roawoao]

Ops edited into a new reply.

[PlayStation 2]

12 hours ago, Energycore said:

I assume running a sandboxed web browser will add that additional layer of protection against these kinds of threats. Is this correct?

It won't guarantee that you're safe but it will be a decent safeguard. Especially if said randomware or anything doesn't really pass through.

[Energycore]

21 hours ago, Dan Castellaneta said:

snip

That's great news. Now I just have to figure out how to fix performance issues on the sandboxed browser. 

[Sir Asvald]

On 24 March 2016 at 1:34 AM, KaptajnKnass said:

As a person working in IT Support for a pharmaceutical company I can definitely agree that ransomware is a major pain in the arse.

We have been battling it for months, it's definitely keeping our server term busy, that's for sure...

 

The worst thing about ransomware in a corporate network is that it spreads like cancer making it more and more difficult to track the source as well as completely getting rid of it without re-rolling all the servers back to a previous state before the infection.

To make it even worse, you never really know when the the first workstation or server was infected since the encryption kicks in days or maybe even months after the infection.

That is why having back ups is essential. We've had cases of viruses spreading throughout the network. We have a cold site and a hot site ready when everything was going to be a mess. 

[Counter-Strike Player]

On 3/18/2016 at 4:24 PM, Arty said:

i don't understand how you get this lol, do you all just randomly click on everything on the internet lol?

flash, java, old browser version, all executable files (including RTL override, themes, screen savers, modified firmware, modified drivers, modified bios), code injection from request interception from man in the middle (eg. windows gadgets), code injection from media files exploiting players accessing free memory ranges, code injection from domain-linked pc's and usb sticks.

 

and the fact most people always run as admin in windows.

 

and the fact large scale businesses (hospitals, etc) need to pay bitcoins to get essential data back drives devs to make more code.

 

and the fact that only "the 1%" ever run backups.