wifi4milez
Big Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY | Wow, that is sneaky!
I dont think I have seen anything like this before, and I have to admit that it is a creative tactic!
--
I like dogs, guns, and cheeseburgers. Whats your malfunction? |
|
nivago
Think For Yourself
join:2000-11-16
Little Rock, AR | USB drive
Would it be safer to store personal files on a removable drive? Or is it also vulnerable to infection when you plug it in? |
|
exocet_cm
In memory of dadkins
Premium
join:2003-03-23
New Orleans, LA
clubs:   | Although bad
neat idea.  |
|
Network Guy
join:2000-08-25
New York | Hmm
Does the trojan have a deadline for ransom? And if so, does it go kamikaze on the file if you don't pay?
lol  |
|
Liontaur
Lets Get Boincing Already
Premium,MVM,ExMod 2004-06
join:2001-11-03
Salmon Arm, BC
clubs:
| reply to nivago
Re: USB drive
quote:
This website hosts the application that encodes files on the user's local hard disk and on any mapped drives on the machine.
Looks like any drives that are mapped could be affected. Very sneaky.
--
Are you ready to start BOINCing? Read my blog |
|
MrBentor
join:2003-02-18
Seattle, WA
 ·Comcast
2 edits | reply to wifi4milez
Should be a capital crime.
That is why we need to put those people who write those sorts or malicious programs put to sleep, if you know what I mean. And/Or solitary confinement until the release all the codes necessary decrypt the all files they encrypted, even if that means the rest of their life. |
|
rob_in_chatt
Premium
join:2004-09-17
Chattanooga, TN | money
damn now that is funny. i am not condoning it by any means but that is just too damn funny. |
|
Ender_W
Does Microsoft Mean Small And Squishy?
join:2002-09-14
Saint Louis, MO | reply to nivago
Re: USB drive
They will be at the same risk if plugged in. |
|
Jack Flash
join:2005-04-28
Saint Michael, MN | More Crapware
Where did I leave my anti-ransom-ware?
I'm running out of disk space to store all the crapware killers I need to just to surf. |
|
OrigZaphod042
Didn't You Hear? I Come In Six Packs Now
Premium
join:2001-07-22
Round Lake, IL
clubs: | Just have to...
....figure a way to attach a trojen ourselves to a payment, once deposited in thier account send allthe money there back to us....
lol |
|
DirtyMic
join:2003-11-19
Pompano Beach, FL | reply to Jack Flash
Re: More Crapware
$200 to get my pron back? It just might be worth it. |
|
wifi4milez
Big Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY
 ·Verizon FIOS
 ·Sprint Mobile Broa..
·RoadRunner Cable
 ·BroadVoice
| reply to Liontaur
Re: USB drive
Cant they just track where you send the money and have the local authorities arrest the criminals when they come to pick up the cash? Clearly the criminals are not in the US, but extortion MUST be illegal in 99% of the countries in the world. Unless of course the local authorities (or govt) are in on the scheme......
--
I like dogs, guns, and cheeseburgers. Whats your malfunction? |
|
MrBentor
join:2003-02-18
Seattle, WA | reply to MrBentor
Re: Should be a capital crime.
It's time to send cousin Guido. |
|
qdemn7
Smurf in My Loop
Premium
join:2003-09-16
Fort Worth, TX
| reply to OrigZaphod042
Re: Just have to...
Jeezuz, going to Mac, for everything except for gaming, looks better and better every day. 
Damned scum. A bullet in the head sounds about right for these ........  |
|
youngo
join:2001-07-03 | reply to MrBentor
Re: Should be a capital crime.
i wonder if dmca protects ransomware. try decrypt your own ransom encrypted files and get sued?! |
|
Derch
Premium
join:2004-10-16
Tulsa, OK | Forget it.
I would just erase the partition and start from new rather than paying those asshats off. |
|
Jason Levine
Premium
join:2001-07-13
USA
| reply to qdemn7
Re: Just have to...
Considering that this utilizes a vulnerability that was already patched, you should be safe on a fully patched Windows box. Even safer if you follow a layered security approach.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
ninersfan
join:2001-02-09
Hayward, CA |  Update your machines
Maybe this threat if perpetuated might be the motivation to catch the attention of the average user about just what is at stake if they don't practice safe hex. |
|
wilburyan
join:2002-08-01 | reply to wifi4milez
Re: USB drive
Not if it's a Westurn Union Money order... a con artist's best friend |
|
Jason Levine
Premium
join:2001-07-13
USA
1 edit | reply to wifi4milez
Exactly. If anything, this is a dumb criminal scheme.
First of all, they have an e-mail address (removed for purposes of the screenshot, but I'm sure it's fully visible in the "live" version). This is apparently a box that's being checked by the extortionists in some way, shape, or form. (Otherwise, how would they arrange for those $200 payments?) There's got to be a way to track who's accessed that account and from where.
In addition, it relies on redirecting users to a website to download the trojan. Find out who set up that website and you've found your scammer (or at least one of them).
Failing that, the authorities could e-mail the address pretending to be a user whose data files were locked out. (For additional authenticity, they could intentionally infect a sacrificial box that didn't have anything important on it.) Once contact is made, payment arrangements can be set up and the criminals tracked down.
This guy (group?) has left many ways to track them down. I wouldn't be surprised to hear of an arrest in this case in the not too distant future. (Law enforcement can take it's time in order to get things right sometimes, so that might slow down the actual arrest announcement somewhat.)
EDIT: The Websense article reveals that the payment method is an e-Gold account. This should be very easy to trace. In addition, the whole thing should be easy to take offline. Take down the website hosting the trojan and shut down the e-Gold account. (Sure, the scammers will release another version that connects to a different website and e-Gold account, but it'll take them offline for awhile.)
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
