Ransomeware Customer Service

Seen something interesting in the news or on the intertubes? Discuss it here.

Moderators: Zamfir, Hawknc, Moderators General, Prelates

User avatar
sardia
Posts: 6563
Joined: Sat Apr 03, 2010 3:39 am UTC

Ransomeware Customer Service

Postby sardia » Sun Jan 04, 2015 5:36 pm UTC

http://www.nytimes.com/2015/01/04/opini ... acked.html
CryptoWall 2.0 is the latest immunoresistant strain of a larger body of viruses known as ransomware. The virus is thought to infiltrate your computer when you click on a legitimate-looking attachment or through existing malware lurking on your hard drive, and once unleashed it instantly encrypts all your files, barring access to a single photo or tax receipt. Everyone has the same questions when they first hear about CryptoWall:
Is there any other way to get rid of it besides paying the ransom? No — it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them.

Has anyone been hit by these yet? I know I've gotten sloppy and hit download on several files that were all fakes, but I've been lucky as they haven't been self executing. The gold star treatment is to reformat, and then copy your files back from an external hard drive. The real kicker is that it has to be disconnected lest the virus spread to your backup. I hate having to connect and reconnect my external, it shortens the lifespan of the cable, and its a hassle to dig down into the mess of cables to find the right one. I feel this will hit Apple fans hard, as Apple consumers are stereotyped as very tech un-savvy.

As for the customer service, if there's an issue, send the criminals a message using their messaging system. Be honest, and explain your attempts at payment.
"Of course, this advice arrives too late for my mom. And it appeared her payment had arrived too late as well: By the time I got home from Greenpoint, her CryptoWall ransom had been raised to $1,000, and the $500 in Bitcoins she had deposited had vanished. In a panic, she wrote to Mike Hoats asking for advice. What he told her sounded crazy to me. Use the CryptoWall message interface to tell the criminals exactly what happened. Be honest, in other words.
So she did. She explained that the virus had struck the same week that a major snowstorm hit Massachusetts and the Thanksgiving holiday shut down the banks. She told them about the unexpected Bitcoin shortfall and about dispatching her daughter to the Coin Cafe A.T.M. at the 11th hour. She swore she had really, really tried not to miss their deadline. And then a weird thing happened: Her decryption key arrived."

They have a reputation to uphold, and it's bad for business if people think they aren't reliable.

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Ransomeware Customer Service

Postby KnightExemplar » Sun Jan 04, 2015 6:54 pm UTC

They've been targeting businesses for over a year now, but I guess normal people are starting to get hit by the virus by now. Now that Bitcoin provides an (allegedly) anonymous way to wire money to them, the criminals are taking advantage of that.

FYI, Cryptolocker (the first virus I know of this type) was first spotted in Sept. 2013. According to Wikipedia, the FBI / Interpol have already shut down the original Cryptolocker botnet, but the clones and copycats (ie: CryptoWall, what your article is about) have begun. The "concept" of ransomware was born, and now criminals all over the world are copying the lead Cryptolocker has done.

FBI should obviously work to arrest the guys behind CryptoWall as well, but copycat crimes will continue as this is obviously a lucrative market.

Has anyone been hit by these yet? I know I've gotten sloppy and hit download on several files that were all fakes, but I've been lucky as they haven't been self executing. The gold star treatment is to reformat, and then copy your files back from an external hard drive. The real kicker is that it has to be disconnected lest the virus spread to your backup. I hate having to connect and reconnect my external, it shortens the lifespan of the cable, and its a hassle to dig down into the mess of cables to find the right one. I feel this will hit Apple fans hard, as Apple consumers are stereotyped as very tech un-savvy.


Apple is still in the minority. I've seen auto-executing viruses on Macs, but such viruses are rare because over 95% of people are using PCs. If your goal is to ransom as many people as possible, it still doesn't make business sense to target Apple. Again, these guys have been targeting businesses, whose data is far more valuable. Sure, it sucks to lose pictures of your family or your resume. But when a business is hit, they lose their tax documents, payroll information and the like. Its far more damaging.

That sort of stuff is more likely to be stored on PCs, as opposed to Macs. For now anyway.

They have a reputation to uphold, and it's bad for business if people think they aren't reliable.


Each virus is controlled by its own botnet. Your experience with ransomware will vary depending on the virus that hits you. :| :| The "fake-FBI fake-virus" that targets Macs OSX (with an lol Javascript page) only pretends to encrypt your data.

They didn't even bother writing the "virus" part of the virus. They just pretend that they're one, and manage to get tons of money anyway. "Removal" of this fake virus is as simple as clicking on the "Leave Page" button 150 times and then resetting your browser settings. Its not even an infinite loop, its about as cheap of a trick as you can get.
First Strike +1/+1 and Indestructible.

User avatar
Djehutynakht
Posts: 1546
Joined: Thu Feb 10, 2011 1:37 am UTC

Re: Ransomeware Customer Service

Postby Djehutynakht » Mon Jan 05, 2015 5:03 am UTC

Even though I know there are much worse types of criminals (like murderers), for whatever reasons, people who spread viruses pretty much make me angrier than any other type of criminal.

They must be crushed.

cphite
Posts: 1296
Joined: Wed Mar 30, 2011 5:27 pm UTC

Re: Ransomeware Customer Service

Postby cphite » Mon Jan 05, 2015 4:22 pm UTC

The real key is having good backups... Back your important files up to a device that requires a password to connect; either a local NAS or cloud service, something like that. The important thing is that it asks for authentication every time; alternatively, use an external drive that you disconnect when not in use. In fact, it's a good idea to have both. There are plenty of relatively cheap external HDDs available, and USB sticks are even cheaper.

Also, consider turning on file history if you're using Windows 8 and above; there is a good chance that even if you're infected, if you can stop the malware and disable it, you can recover the files it encrypted by restoring a previous version. There are third party tools that do the same thing.

Finally, keep an alternate OS handy. For example, a bootable USB stick with Linux, just in case you need to get on the machine.

User avatar
freezeblade
Posts: 1314
Joined: Fri Aug 24, 2012 5:11 pm UTC
Location: Oakland

Re: Ransomeware Customer Service

Postby freezeblade » Mon Jan 05, 2015 5:25 pm UTC

Hm. I could have been hit by a varient of this sort of virus, and missed the ransom note or something. Made it's way into my document files and corruped the whole lot. The files are all still there, they just won't open (gives a "this file is corrupt" message). Shit sucks man, some of it was backed up, some wasn't. I'm usually pretty tight on security, so it was pretty frustrating.
Belial wrote:I am not even in the same country code as "the mood for this shit."

HungryHobo
Posts: 1708
Joined: Wed Oct 20, 2010 9:01 am UTC

Re: Ransomeware Customer Service

Postby HungryHobo » Mon Jan 05, 2015 5:40 pm UTC

My housemate was hit by the "FBI" ransomware, her phone was locked up but the android version can be dealt with by booting into safe mode and stripping the app of it's admin rights.
Give a man a fish, he owes you one fish. Teach a man to fish, you give up your monopoly on fisheries.

User avatar
BlackSails
Posts: 5315
Joined: Thu Dec 20, 2007 5:48 am UTC

Re: Ransomeware Customer Service

Postby BlackSails » Mon Jan 05, 2015 7:24 pm UTC

Its funny when criminals have better customer service than large corporations (comcast im looking at you)

User avatar
Xenomortis
Not actually a special flower.
Posts: 1426
Joined: Thu Oct 11, 2012 8:47 am UTC

Re: Ransomeware Customer Service

Postby Xenomortis » Mon Jan 05, 2015 9:27 pm UTC

When you sell a product, you make your money at the point of sale.
When you distribute ransomware, you make your money when the support call comes in.

So whilst it may be amusing, it's not actually surprising. :(
Image

speising
Posts: 2288
Joined: Mon Sep 03, 2012 4:54 pm UTC
Location: wien

Re: Ransomeware Customer Service

Postby speising » Mon Jan 05, 2015 11:20 pm UTC

thank god they are still lazy. back in the university in the 90's we discussed really nasty viruses that encrypt your files, but transparently decrypt them ... for a few weeks. until all your multi generation backups are corrupted, too.

User avatar
Vahir
Posts: 456
Joined: Wed Aug 29, 2012 7:20 pm UTC
Location: Ontario, Canada

Re: Ransomeware Customer Service

Postby Vahir » Mon Jan 05, 2015 11:37 pm UTC

People who make viruses are right next to people who abuse animals in my book. They need to bring back the crucifixion penalty for these people.


Return to “News & Articles”

Who is online

Users browsing this forum: No registered users and 31 guests