1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to the new DBSTalk community platform. We have recently migrated to a community platform called Xenfono and hope you will find this change to your liking. There are some differences, but for the most part, if you just post and read, that will all be the same. If you have questions, please post them in the Forum Support area. Thanks!

New Internet Scam - ‘Ransomware’ Locks Computers, Demands Payment

Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by Nick, Aug 27, 2012.

  1. Nick

    Nick Retired, part-time PITA DBSTalk Club

    21,812
    180
    Apr 23, 2002
    The...
    New “drive-by” virus on the Internet carries fake threat and fine —purportedly from the FBI.

    From www.FBI.gov:
    Image of fake FBI notice here
     
  2. dpeters11

    dpeters11 Hall Of Fame

    16,184
    483
    May 30, 2007
    Cincinnati
    It looks like this uses things like the BlackHole exploit pack. Of course this just adds to the need to keep things up to date. Windows patches, Java, Acrobat and Flash etc etc.

    Secunia has a nifty program called PSI, which looks at all the programs on a system and identifies the ones that are out of date. It really helps keep up on security updates.
     
  3. AntAltMike

    AntAltMike Hall Of Fame

    3,769
    107
    Nov 20, 2004
    College...
    Aw, shucks, my computer screens have been displaying warnings like that for years. They even use the same language that's been on the arrest warrants.
     
  4. billsharpe

    billsharpe Hall Of Fame

    2,640
    63
    Jan 25, 2007
    Southern...
    The clue here is "ransomware lures the victim to a site."

    The lockup is not automatic.

    People need to pay attention.

    Thanks for the warning, though...
     
  5. SayWhat?

    SayWhat? Know Nothing

    6,255
    133
    Jun 6, 2009
    http://www.zdnet.com/ransomware-cybercrime-gang-broken-by-spanish-police-7000011302/
     
  6. dpeters11

    dpeters11 Hall Of Fame

    16,184
    483
    May 30, 2007
    Cincinnati
    Not saying that these shouldn't be prosecuted, but of course someone else just pops up. From watching the Tech Guy a weekend or two ago, people were still getting hit with this type of thing very recently.
     
  7. SayWhat?

    SayWhat? Know Nothing

    6,255
    133
    Jun 6, 2009
    No doubt the bots are still active some where.

    They'll have to kill those and distribute the unlock keys so people can clean their machines.
     
  8. ghontz1

    ghontz1 AllStar

    59
    0
    Mar 25, 2010
    Boot up in safe mode and use system restore. Worked for me after one of my nephews somehow caused my PC. to become infected. Make sure to run malwarebytes and scan for viruses after you do system restore to make sure it's gone for good.
     
  9. wingrider01

    wingrider01 Hall Of Fame

    1,764
    2
    Sep 9, 2005
    why prosecute - I here that tehre are plenty of open suites at GTMO
     
  10. wilbur_the_goose

    wilbur_the_goose Hall Of Fame

    4,476
    49
    Aug 16, 2006
    They're becoming more sophisticated. New variants encrypt the victim's hard drive and you don't get the encryption key without payment.

    Booting into safe mode won't do squat for this attack vector.
     
  11. houskamp

    houskamp New Member

    8,636
    3
    Sep 14, 2006
    fdisk always works ;)
     
  12. wingrider01

    wingrider01 Hall Of Fame

    1,764
    2
    Sep 9, 2005
    move all user profiles, public profiles off the c drive to another drive, image the boot drive then if anything happens pull the drive and put a new one in, then restore the image.
     
  13. Marlin Guy

    Marlin Guy Hall Of Fame

    2,129
    7
    Apr 8, 2009
    I've seen them change attributes and make the files hidden, but I have not seen a single one that encrypted the users' data.

    Show me
     
  14. dpeters11

    dpeters11 Hall Of Fame

    16,184
    483
    May 30, 2007
    Cincinnati
  15. Marlin Guy

    Marlin Guy Hall Of Fame

    2,129
    7
    Apr 8, 2009
    First article is 3 years old and the second one is 5 years old. :nono:

    Ransomware attacks are prevalent and some are sophisticated, but the vast majority of them simply try to trick the user into paying a fee to remove viruses that were never there to begin with.

    I've been cleaning them up for years, and I've never seen one from which I couldn't retrieve the customer's files.
     
  16. SayWhat?

    SayWhat? Know Nothing

    6,255
    133
    Jun 6, 2009
    http://threatpost.com/en_us/blogs/new-ransomware-encrypts-victim-data-013013
     
  17. SayWhat?

    SayWhat? Know Nothing

    6,255
    133
    Jun 6, 2009
    http://www.infosecurity-magazine.com/view/30443/ransomware-threat-on-the-increase/


    Also see: http://blogs.avg.com/news-threats/attention-data-hardrive-encrypted/
     
  18. dpeters11

    dpeters11 Hall Of Fame

    16,184
    483
    May 30, 2007
    Cincinnati
    Ok, agreed those are a few years old, but does show that the issue did exist then, and there is no evidence that they don't do it anymore. It might be more targeted, in a spearfishing attack.
     
  19. wilbur_the_goose

    wilbur_the_goose Hall Of Fame

    4,476
    49
    Aug 16, 2006
    Encryption Ransomware:
    "Pay up or we’ll notify the police!

    Variants of this malware are infecting computers in Europe and they are devilishly sophisticated. They encrypt all the files on the hard drive. This prevents the owner from accessing them until the ransom is paid to get the decryption key.

    “The bad guys have improved the nastiness of this attack,” said Chester Wisniewski, a senior security advisor at SophosLabs. “They basically steal all of your documents and lock them in a vault. And only they have the key.”

    From http://www.nbcnews.com/business/latest-ransomware-attacks-are-scarily-sophisticated-969766
    -----------
    Obviously, there's no "vault". They attackers are the only ones with an encryption key.

    Earlier variants used symmetric encryption, which is relatively easy to break. These use asymmetric encryption, which uses a public/private keypair. These are a helluva lot more difficult to break - actually impossible using the technology that most of us can get our hands on
     
  20. dpeters11

    dpeters11 Hall Of Fame

    16,184
    483
    May 30, 2007
    Cincinnati
    Looks like today's "Security Now" podcast with Leo Laporte and Steve Gibson is one where they talk to Brian Krebs, and partially deals with ransom ware. Krebs has been able to infiltrate this underground.
     

Share This Page