password
The problem with that assumption is, that criminals are criminals; its the same with hostage situations... the family pays but the victim is dead already as its more an hassle to excange the hostage than kill and run.
Blackmailing is also such a crime, where complying with what the blackmailer asks never made it any better.
Dont look at me ? I would just nuke the system and reinstall and pull in my data from backups ? There is alot to be said about keeping the OS and your data seperate ?
1 Like
That very much depends on the hostage. Ransoms are paid all the time without hassle, petty criminals don't do ransoms right, large criminal organisations do, because its business, and not keeping your word is bad business as people will stop paying.
Ransomware is akin to shipping highjacking, its one of the few crime where law enforcement encourage you to just pay up.
1k isn't bad i guess - i could break through the encryption in a week for about $5k.
There are few ways to deal with encrypting russian scams aka ransomware's.
- when it loads encryption key
in case of many windows machines encryption is being loaded in unecryped from into your memory... a small debugger or vm can show the encryption key in clear text (well not that clear but very clear) - the start process of system.
most people forget that it doesn't ask you for ransom from your bios, or from dos to access your data (well most don't at least - god help you if it does - as your only hope is that for god.) a smart person would cut the malicious execution from system and you could keep using or copy your now encrypted drives into a backup storage and rebuild new servers. - few days of running bruteforce with rainbow tables with statistical attack would do the trick... since you are able to create exponential amounts of rainbowtables for hdrive or system as you have it locally... you could do them on fly with amd opencl card. (bruteforcing itself would be left to nvidia gpu)
- IF you feel lucky call for backup from police/fbi, if you recover anything you might be able to track those pirates to their homes in asia.
The problem is, the average person isn't going to possess the knowledge to implement any of these measures, except number 4.
yeah like that ever worked. I have a feeling governments like china, russia pay those guys to do this crap. Just a feeling tho...
best solution hire me.
:)
Can't speak for regions its daily business but over here in europe most high profile kidnappings ended in ransom being payed and hostage being killed anyway. - i have no info about the situation in Mexico or other places it's said to be "normal" practice to take hostages.
I never said it was effective.
Europe doesnt bode well to kidnappings, theres really no such thing as high profile. I dont know any criminally organised kidnappings in Europe except slave trafficking? Im not talking desperate person taking a person for money because there rich. Im talking organised criminals targeting multi million/billion companies knowing they have insurance and it costs them less to pay up and keep quiet than lose reputation and time.
1 Like
Yeah their aim is to get government departments medium to large business, a lot of small business's and home users get stung too.
Also this is interesting.
the last ransomware attack i had to deal with i just had to reinstall os as the storage drive was already encrypted, and had not been unlocked for the day. (they got lucky that it happened early in the day and not later in the day after they unlocked there files.)
if i ever got hit it would not be a big deal. anything important is stored on usb and cd, i could nuke all of my data and not look back as there is nothing important stored on any of my connected devices. hassle yes but not a big deal.
It's a big deal for businesses, most of them go looking for network shares even if not mapped to the infected machine, I saw one guy stick a permanently connected backup drive to the system, I explained to the customer that any hard drive connected to the system at the time will be encrypted, need like a rotation of 3 backup drives at least. I'm still not sure if disabling the windows scripting engine or whatever it's called in the registry prevents just some of them or most of them from running, This years version of bitdefender claimed to have anti cryptolocker/ransomware features to prevent infection, until now a lot of them fly under the radar of a lot of protection software hopefully this year the AV and ISS from the major security companies catch up with the problem.
and if the guys who made teslacrypt had a change of heart and handed over the decryption key maybe next time I've got one where we can't retrieve a backup of the data from somewhere maybe trying to guilt trip the makers of the virus into doing the right thing might work, never even thought of that
Three months ago my computer was attacked by ransomware Cerber. Then I started to look on the forums information about how to get rid of it. I have never met the recommendation "to pay". Here's the site that saved me then http://myspybot.com/cerber-virus/
Closing out this old topic.