Ransomware: Would you pay? Are you protected?

[Virgil Showlion]

Zounds! A window pops up on your computer screen:



It's a ransomware attack (just like the one presently tearing through parts of Europe, and now the US). Pay the equivalent of $300 to the extortioners or lose all the files on your computer.

You have only a limited amount of time to pay, and the ransom notice speaks true: if you don't, there's zero probability you'll ever get your files back.

Are you protected? (Do you have a recent backup of your critical files [or preferably, several independent backups]?)

Do you pay to prevent your data from being lost?

[ArchietheDragon]

May 15, 2017 14:47:43 GMT -5 Virgil Showlion said:

Zounds! A window pops up on your computer screen:



It's a ransomware attack (just like the one presently tearing through parts of Europe, and now the US). Pay the equivalent of $300 to the extortioners or lose all the files on your computer.

You have only a limited amount of time to pay, and the ransom notice speaks true: if you don't, there's zero probability you'll ever get your files back.

Are you protected? (Do you have a recent backup of your critical files [or preferably, several independent backups]?)

Do you pay to prevent your data from being lost?

Most people pay. 

[Virgil Showlion]

May 15, 2017 14:50:19 GMT -5 ArchietheDragon said:

Most people pay. 

I know.

The extortioners in this latest attack are projected to make more than a billion dollars equivalent.

ETA: Special thanks to the NSA, who made it all possible.

[ArchietheDragon]

It really is a great scam. If the ransom was too big people would either not be able to pay it or figure a way around it. But because the amounts are small it is so much easier just to pay and get the key. Add a ton of volume to that equation and you have yourself a real moneymaker.

[Virgil Showlion]

May 15, 2017 14:55:34 GMT -5 ArchietheDragon said:

It really is a great scam. If the ransom was too big people would either not be able to pay it or figure a way around it. But because the amounts are small it is so much easier just to pay and get the key. Add a ton of volume to that equation and you have yourself a real moneymaker.

"Great" is debatable. But lucrative: absolutely.

And the copycats are just getting started.

[Jaguar]

They can have it, I've got every freaking thing saved.

[Rob Base 2.0]

But I heard on talk radio (Bloomberg) that even if you pay you probably won't get the info. They were saying that even being paid in Bitcoin that the NSA or whatever can track it, And that to actual undo the hack the hackers have to go back into your computer and do some stuff to reset it back......and that leaves more of a trace that the NSA or whatever can track........not 100% sure if that is true or not though- maybe Virgil or another computer nerd can chime in?

[Virgil Showlion]

May 15, 2017 19:05:01 GMT -5 Rob Base 2.0 said:

But I heard on talk radio (Bloomberg) that even if you pay you probably won't get the info. They were saying that even being paid in Bitcoin that the NSA or whatever can track it, And that to actual undo the hack the hackers have to go back into your computer and do some stuff to reset it back......and that leaves more of a trace that the NSA or whatever can track........not 100% sure if that is true or not though- maybe Virgil or another computer nerd can chime in?

The bitcoin ledger is public, hence all transactions between bitcoin accounts are public record. However, bitcoins can be laundered through services called "anonymizers", which is where a middleman with numerous clients acts as a black box, making it difficult to match up inflows and outflows without having the anonymizer's private ledger. Most anonymizers routinely purge their ledgers.

The difficulty depends on the number of transactions the baddies make and the number of clients the anonymizer has. Some reportedly have hundreds of thousands of clients and clear billions in transactions per day, hence if the baddies move slowly and NSA isn't able to get at the anonymizer's ledger (and it's unlikely they will), the baddies will probably get away with it.

Since bitcoin wallets are just numbers, creating thousands or even millions of wallets is child's play. It's impossible to determine who owns a bitcoin wallet until its transaction history gives it away, hence the hackers will probably route the money they collect through an anonymizer into a bunch of anonymous "throw-away" wallets, then route the money from these wallets over time to other throw-away wallets through the anonymizer, and so on and so forth until it winds up in some destination set of wallets and all the pattern matching in the world can't link source to destination. ...if the baddies are clever, and I imagine they are.

As for the "going back to reset" part, there are ways of doing that without being traceable too, but I don't know if the baddies availed themselves of them in this case.

As a general rule: if you know what you're doing, and you're willing to tolerate a lot of inconvenience, you can always stay 100% anonymous on the Internet. At least for now, while private data exist. If world governments pass laws that allow them to legally look at any data on any node at any time (and they'd certainly love to), then anonymity on the Internet would disappear even for the most cautious.

[Deleted]

I wouldn't pay.

The only thing I care about that wouldn't be recoverable is the books I'm writing and my screensaver/wallpaper images... all of which are backed up in several places.

I'd just replace the internal HD with a spare, then low-level format the "old" HD as a background task, followed by reinstalling the operating system... and start over.



ETA: the books... I MAY lose a day or two or three worth of writing because I don't back them up DAILY... but regularly enough that I could make my way back from any loss.

[Virgil Showlion]

May 15, 2017 20:19:03 GMT -5 @richardintn said:

I wouldn't pay.

The only thing I care about that wouldn't be recoverable is the books I'm writing and my screensaver/wallpaper images... all of which are backed up in several places.

I'd just replace the internal HD with a spare, then low-level format the "old" HD as a background task, followed by reinstalling the operating system... and start over.



ETA: the books... I MAY lose a day or two or three worth of writing because I don't back them up DAILY... but regularly enough that I could make my way back from any loss.

Good man.

[mmhmm]

Anything that matters to me, and which I cannot retrieve, is backed up. I certainly wouldn't pay someone in a scenario like this. Worst comes to worst, a new computer isn't all that expensive.

[Tennesseer]

The news this morning was reporting that those who paid the $300 have not been sent the 'key' to unlock their computers.  So that have been 'had' twice.

[ArchietheDragon]

NPR had a story this morning about how good the customer service was from the hijackers. With many walking the victim through step by step procedures with how to use the key to get their data unlocked. They even quipped about how the cable company could take lessons in providing customer service from them.

[mmhmm]

I'm told the latest version of this little nasty has no kill key.

[Deleted]

The "anything important" computer is air gapped.  What ransomware?

[Virgil Showlion]

May 18, 2017 12:19:43 GMT -5 @jma23 said:

The "anything important" computer is air gapped.  What ransomware?

Just make sure it never stops being air gapped, because you won't have been applying patches for the 1,001 security vulnerabilities detected over its lifetime and it will be a potential sitting duck if and when it ever connects to the Internet.

[mmhmm]

Interesting research on air-gapping:


Full article

[Deleted]

May 18, 2017 13:09:43 GMT -5 Virgil Showlion said:

May 18, 2017 12:19:43 GMT -5 @jma23 said:

The "anything important" computer is air gapped.  What ransomware?

Just make sure it never stops being air gapped, because you won't have been applying patches for the 1,001 security vulnerabilities detected over its lifetime and it will be a potential sitting duck if and when it ever connects to the Internet.

Thanks.  It will never be on the internet.  Everything is also backed up on a hard drive in case of hardware failure or a fire etc.  I do it twice a year and keep the hard drive at a bank safety deposit box.

[Virgil Showlion]

May 19, 2017 11:07:16 GMT -5 @jma23 said:

May 18, 2017 13:09:43 GMT -5 Virgil Showlion said:

Just make sure it never stops being air gapped, because you won't have been applying patches for the 1,001 security vulnerabilities detected over its lifetime and it will be a potential sitting duck if and when it ever connects to the Internet.

Thanks.  It will never be on the internet.  Everything is also backed up on a hard drive in case of hardware failure or a fire etc.  I do it twice a year and keep the hard drive at a bank safety deposit box.

Hard core.

[Artemis Windsong]

I have gotten the screaming computer hijacking a couple of times.  I just restart the computer.  I hung up on the dire robocall.  I used to worry about losing my resume.  Now I'm retired and don't plan on working again. 

We are not diligent about backing up.  I would not pay.  I'd buy a new computer.

These crooks have businesses by the short hairs.  It's easier to pay up but as several have said they get nothing for it.  Double cross SNAFU.

H. says it's Microsofts failures.