Forgot your password?
typodupeerror
Crime The Almighty Buck

CryptoLocker Gang Earns $30 Million In Just 100 Days 202

Posted by timothy
from the only-need-to-win-a-few dept.
DavidGilbert99 writes "A report from Dell Secureworks earlier this week reported that up to 250,000 systems have been infected with the pernicious ransomware known as CryptoLocker. Digging a little deeper, David Gilbert at IBTimes UK found that the average ransom being paid was $300, and than on a very conservative basis just 0.4% of people paid the ransom. What does this all add up to? $30 million for the gang controlling CryptoLocker — and this could be 'many times bigger.'"
This discussion has been archived. No new comments can be posted.

CryptoLocker Gang Earns $30 Million In Just 100 Days

Comments Filter:
  • hey dummies (Score:5, Informative)

    by Anonymous Coward on Thursday December 19, 2013 @10:08AM (#45736097)

    The link is wrong

    • Re:hey dummies (Score:5, Informative)

      by bondsbw (888959) on Thursday December 19, 2013 @10:21AM (#45736269)

      And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

      • by girlintraining (1395911) on Thursday December 19, 2013 @10:34AM (#45736457)

        And so is the $30 million figure. 0.4% * 250,000 * $300 = $300,000.

        You can't expect journalists to have a grasp of basic math. Or the general public for that matter. Otherwise the headline "Company X settles 'largest lawsuit in history' at Y billion dollars" wouldn't have the impact it does after realizing Company X's revenue was Z trillion dollars. And who knows -- with the instability of bitcoin pricing, it might well be worth $30 million next week... -_-

      • Things Slashdot editors aren't so good with: Junior-high level math, URLs.

      • by Dynedain (141758)

        So the author confused .4% with 0.4 (aka 40%) to get the $30M figure. So much for editors in publishing.

  • Or was this meant to trick us into reading about Zuckerberg?
  • by wbr1 (2538558) on Thursday December 19, 2013 @10:09AM (#45736117)
    • by war4peace (1628283) on Thursday December 19, 2013 @11:25AM (#45737067)

      ...And it's a fun read, too:

      "English is not the CryptoLocker Group's first language" - apparently it's not IB Times's, either, as seen in the article: "CryptoLocker is not currently being sold to anyone other criminal gangs".
      "it was being distributed by the Gameover Zeus malware, in some cases via the renowned Cutwail bonnet."
      "malware is typical among cyber-criminals in Russia and easter Europe,"
      "this was quickly cut to 1 bitcoin, 0.5 bitcoin and at the time of publication, 0.5 bitcoin." - yes, there's a deep cut from 0.5 to 0.5, for sure. We should all rejoice!

  • Correct Link (Score:3, Informative)

    by DavidGilbert99 (2607235) on Thursday December 19, 2013 @10:14AM (#45736187)
    Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607 [ibtimes.co.uk]
    • Re:Correct Link (Score:4, Insightful)

      by bondsbw (888959) on Thursday December 19, 2013 @11:13AM (#45736941)

      Here is the correct link to the CryptoLocker story http://www.ibtimes.co.uk/cryptolocker-criminals-earn-30-million-100-days-1429607 [ibtimes.co.uk]

      DavidGilbert99, please fix your damn article. You wrote the article, you wrote the summary, both with attention-getting headlines. And they both passed different sets of editors (assuming the editors even exist) and they are both incorrect with the $30M figure.

      The only story behind this is how little they netted, not how much.

      • by bondsbw (888959)

        Ok, you fixed the numbers in the article but have decided that with a bit of fuzzy math it's alright to keep perpetuating the attention-grabbing headline.

      • DavidGilbert99, please fix your damn article. You wrote the article, you wrote the summary, both with attention-getting headlines. And they both passed different sets of editors (assuming the editors even exist) and they are both incorrect with the $30M figure.

        The article that got linked now correctly says $300,000.

        It also shows the value of a solution like Time Machine, which keeps older versions of files around for a long time.

  • by Anonymous Coward

    Does CryptoLocker actually do what it says when a person pays? That's better than a lot of commercial software I've used. The gaming, media, and high-level engineering software industries are particularly bad on this point.

    • We got hit by CryptoLocker twice back in November (in one case, it wreaked havoc on network shares because the user had way more permissions than necessary due to office politics). We didn't pay the ransom, but we worked with a vendor who was very familiar with CryptoLocker. According to them, every time people paid, they got the key as promised.

      • by cjjjer (530715)
        So in other words you may have been working with the CryptoLocker gang? Would make sense that members pose as a vendor who can "fix" the issue. I am sure it would be just as lucrative...
        • That seems unlikely, as this vendor has a long-term support contract with us and gained nothing extra from giving us help with it. But make sure you know who you can trust ahead of time.

      • by ekgringo (693136) on Thursday December 19, 2013 @10:52AM (#45736699)
        We knew someone at a sister company that was infected with CryptoLocker. He had no backups (they have no IT infrastructure) so he paid the ransom to recover his files. It appeared to start decryption, but the machine was old and we had to let it run over the weekend to complete. Windows Security Essentials had to be disabled in order for the decryption to work, but it re-enabled itself and blocked the decryption. By the time Monday rolled around, the decryption sever had been shut down or his ransom window had expired and so he ended up losing his data anyway.
        • by i kan reed (749298) on Thursday December 19, 2013 @11:15AM (#45736971) Homepage Journal

          So, you made a donation to organized crime. How charitable.

          • by zeugma-amp (139862) on Thursday December 19, 2013 @11:58AM (#45737435) Homepage

            So, you made a donation to organized crime. How charitable.

            As did this police department ...

            US local police department pays CryptoLocker ransom [sophos.com]

            =snip=

            A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker [sophos.com] ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports [heraldnews.com].

            The police department spokesman claimed that the infection had been mopped up and their systems secured, with no personal information stolen.

            =end snip=

          • Look at it this way: So some thug walks up to you and blows your kneecap off, and then threatens to blow your head off next if you don't hand over some money. What are you doing to do? Not saying it's right, but should an entire business fall on the sword out of principle? They could be left bankrupt from the damage.

            • They should have proper backup procedures. Sadly, most don't back up at all. If they're hit with this thing, they have to weigh the negative of paying criminals against the value of the data to them. If it's important enough, they don't really have many options.
              • Proper backups may or may not protect against this. The encryption is non-obvious, so if its with important-to-archive files that you dont use daily, it is very possible that the backups with good copies of the data will have grandfathered out by the time you realize you were hit.

      • by wbr1 (2538558)
        No one can -fix- cryptolocker. It is pay and hope the key is delivered and works of have a recent backup. Otherwise you and all your attached storage are fucked.
      • A company with a proper data backup plan will not be seriously affected by this thing. Unfortunately, the vast majority of the small businesses I work with don't have a backup plan at all. Plugging in an external hard drive and setting up the backup software that came with it is NOT a sufficient backup plan, people! They unfortunately found this out the hard way and lost everything on one of their computers. Giving hundreds of dollars to a criminal enterprise was not an acceptable solution to the business o
        • A proper data backup plan will prevent crippling devastation, but to say "not seriously affected" is somewhat ignorant. On a large network, it can take significant time to restore all affected files - especially if you need to bring in your offsite backups like we did because it wasn't detected until that set had been moved to our other location. In the meantime, we had hundreds of users calling in and complaining they couldn't access many files. We didn't want to do a blanket restore because that would wip

          • Most of the people I work with are smaller corporations with less than 100GB of data, and the way I set them up guarantees that if the server hardware and filesystem aren't part of the problem, I can restore the data very quickly. Typically there are no network services at all other than Samba, so they don't even have databases to worry about. I can see how a larger or more active technical environment wouldn't be nearly so simple to recover though...my own office included. Having a 3TB mirror of everything
    • by lw54 (73409)

      I'm aware of several consulting clients who were hit by CryptoLocker to various degrees. Most restored their data from a previous backup. Two paid the ransom. Several waited too late to get us involved and were left without a backup and unable to pay the past due ransom.

  • by Anonymous Coward on Thursday December 19, 2013 @10:18AM (#45736237)

    You're in every goddamn device on the planet but you can't shut this sort of shit down?

    Another reason to execute y'all for treason.

    • by Anonymous Coward on Thursday December 19, 2013 @10:31AM (#45736415)

      oh, you've just made cold fjord sad, you insensitive clod

  • by Erikderzweite (1146485) on Thursday December 19, 2013 @10:23AM (#45736299)

    Just look at those guys: they don't need to take our freedoms with draconian DRMs and bought legislation. Their programs can be freely copied, in fact, their whole business model depends on the software being copied at no cost!

    What do they earn their money with, you ask? With high-quality cryptographic security service! Truly, a business model of the future.

    They are not blaming pesky pirates for their losses, they don't whine that someone uses their work without permission. They work harder, are creative and produce high-quality product. And that is their key to success!

    • by tibit (1762298)

      That's what makes it even sadder. True but oh so sad...

    • by wvmarle (1070040)

      I would say this malware IS DRM. Because what it does is it encrypts the content, and then demands money to have it decrypted. Sounds very much like your average DRM scheme.

      A key difference appears to be that this one actually works - at least there is no mention in the article of it having been broken yet.

      • Nah, it's just regular cryptography. The definition of DRM requires that the owner of the data and the attacker be the same entity.

        • The definition of DRM requires that the owner of the data and the attacker be the same entity.

          If CryptoLocker has a chance to run, then the attacker has pretty much owned the machine.

        • Nah, it's just regular cryptography. The definition of DRM requires that the owner of the data and the attacker be the same entity.

          DRM = Digital Rights Management. If I download videos or audiobooks with DRM, I have rights to use them, and the DRM controls these rights. My rights, not the rights of the movie or book company. So does this software. It controls _my_ rights to access the data. The only difference is that one makes sure I don't exceed my rights, while the other makes sure I can't execute my rights without paying ransom.

          • The only difference is that one makes sure I don't exceed my rights, while the other makes sure I can't execute my rights without paying ransom.

            Both DRM and cryptolocker encrypt your data with a key you don't know.

            The difference is that DRM attempts to let you use that key (to decrypt your data under the conditions that the DRM-imposer "allows") while simultaneously hiding the key from you (so that you can't decrypt your data under other conditions).

            Cryptolocker, on the other hand, just gives you the key (

    • by mlts (1038732)

      Don't forget highly reliable, dependable software coupled with (as per previous postings) top tier customer support.

  • by RichMan (8097) on Thursday December 19, 2013 @10:24AM (#45736319)

    Where are the vaunted security agencies in providing protection for citizens? Should not the government have a hand in protecting its citizens?

    • Get this labeled as "cyber-terrorism" (which is basically is) and they'll be all over it.

      • by KiloByte (825081)

        You got it wrong: the NSA does cyber-terrorism, it doesn't fight it. Just like the PATRIOTUSA act was 100% promoting terrorism (spreading fear for political gain) rather than combatting it.

  • by girlintraining (1395911) on Thursday December 19, 2013 @10:37AM (#45736501)

    "So, do you have a current backup?"
    -- Every tech support number you'll call, anywhere. Ever.

    And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it to your computer?

    • by thebes (663586) on Thursday December 19, 2013 @10:46AM (#45736609)

      And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive".

      And how many people that do use an external drive actually unplug it after the fact?

      • by tepples (727027)

        And how many people that do use an external drive actually unplug it after the fact?

        Anyone who uses an external USB flash drive, for one.

        • Clearly you dont work with many end users. Most that I know DO leave them plugged in; for those that dont, it tends to screw any automatic backup system they might have.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      your forgetting that almost no one changes their own oil any more, people are just too lazy and that's the only answer. that is why certain companies have stopped including dip sticks with their engines and instead require you to go to a service center to check your oil levels. one failed sensor and your engine is toast..

      and you expect people to perform their own backups? your analogy is correct but you miss the fact that you are not the average person as you have the common sense not to run your car for 15

      • for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster

        I don't agree. A toaster can be abused and run into the ground without hurting your wallet too much. People tend to sit up and take notice when you start talking about dropping half their yearly net income on something. Now, that doesn't mean they have common sense -- plenty of people have all the sense of a turnip, but to suggest they put a car in the same category as a toaster is absurd.

        As for those sensors... no, it takes more than one failed sensor to blow up your engine. There is an oil pressure sensor

        • Engines that are low on oil tend to run hot, and they tend to run hard. They don't accelerate, they feel like they're losing power, and dear god do they make noise as they die. All that overheating metal is going rat-a-tak-tak and war-warrrrr-waaaaahhhhhrrrrr.... as it dies, smoking and belching steam.

          Sadly you have just described all of the vehicles my mother and step father have owned over the last 25 years. Far too many people treat things like they are disposable, even big ticket things like vehicles, so not taking care of relatively inexpensive things like a computer doesn't surprise me much at all.

          • Heard from an old lady who just ruined her new car:

            I know I had oil, every time I started my car a light came on and told me I had oil.

    • by wbr1 (2538558) on Thursday December 19, 2013 @11:05AM (#45736841)
      Unfortunately, an external drive backup using your scheme is of little to no use against this threat. It will encrypt all attached drives, network, USB or otherwise, so long as the user has permissions. It will start with commonly needed file extensions first.

      Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.

      • Can it encrypt files on a different type of system? If you backup from a PC to a linux server, if the PC is infected can it corrupt the files on the linux machine. (sorry if this is an ignorant question)

        I generally have one addition layer of protection - the linux server has a backup that only has root write permissions, so the windows machines can't write to the backup disks (though I assume this can be hacked as well). Then I have offsite backups, but they are only updated monthly.

        • by wbr1 (2538558)
          File system and location matter not. If it is seen as a drive letter or sub folder in windows on the infected machine, and it has write/modify access, you are done.
        • For small business Linux storage servers, I personally use rsync to maintain a mirror of a Linux server's shared folder repository and copy out mirrored files that change to a rolling backup snapshot structure which is also shared out as read-only. If something encrypts all their documents, they have 60 days worth of backup snapshots and one of those will be massive from the huge number of files changing out when cron fires off rsync. Recovery is so simple, too.

          rsync -av $BACKUP/backup.$AGE_IN_DAYS/ $SAM
      • by mlts (1038732)

        This may be archaic, but this is one application where tape backups can come in handy. Once data is stashed on a tape and the tape dismounted, it is out of reach to malware looking for anything online to disrupt. WORM tapes even more so, since once the session is closed, it is there for good, so malware can't erase the data that is previously written.

        Maybe one idea that might help with this is an external hard drive with a large UDF filesystem. Files can be easily copied to it, but once written, they can

      • So, that means it would also f**k up my Dropbox stuff?

      • by Solandri (704621)

        Unless your backup is not visible to the virus, you are toast. This is a situation where unattached, or off-site backups and cloud solutions win. A simple user with an always attached USB drive will still be toast.

        An always-attached USB drive is not a backup. It's just additional storage where you happen to be keeping a copy of your files.

        The whole point of a backup is that you have a safe copy of your files should you accidentally delete the wrong thing, a lightning bolt fries your equipment, burglars

    • by swb (14022)

      And you also need enough of the right kind of backups.

      Basic drag-and-drop copy backups for desktop users where they keep the backup device connected and online for convenience or scheduling would be of limited value due to the fact that they do could be crypto-lockered. Your backup needs to be of a type that can't be compromised by cryptolocker, either in a format it doesn't attack or on a system/media that is isolated from a desktop infection.

      Further, you need enough retention in your backup so that you

    • by tlhIngan (30335)

      And yet, the single most basic thing you can do to protect your data gets overlooked by hundreds of millions of people, because it's just too burdensome to drag and drop from "My documents" to "My external drive". Viruses, malware, and crap like this would have gone the way of the dodo bird if people would just follow the most basic. advice. ever. regarding the maintenance of their computer. You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you? So why do you do it t

      • by mlts (1038732)

        The only non-enterprise backup utility that can do this client-server motif these days is Retrospect. However, the licensing fees for the server version are atrocious. It works OK with disks, but apparently with optical media like Blu-Rays, it has a very limited hardware list, and anything not on the list will not be allowed to even read backups.

        Of course, there is always NetBackup, but the ticket for entry into that ballgame will be six digits.

    • drag and drop from "My documents" to "My external drive".

      Reality check: That backup system almost never works; users as a practical matter tend not to remember to do something like that, because its tedious and takes forever and requires you to do it by hand.

      Suggest an automated backup solution that they can periodically check, or stop yelling at them because you failed to provide a decent solution. Crashplan is a rather good one that I recommend, because it starts reliably blasting emails out when backups dont happen, and it does "incrementals forever" in a wa

    • You wouldn't run your car out of oil after neglecting to change it for 15,000 miles, would you?

      You have obviously never met my mother.

  • by istartedi (132515) on Thursday December 19, 2013 @01:06PM (#45738163) Journal

    Microsoft's brain-dead default of "hide file extensions" is cited in the article as part of the social engineering aspect that gets users to click on the files. It's the gift that keeps on giving... to black hats.

    Hiding the file extension does NOTHING to make things easier on the user or make the UI any cleaner. It's not like we have 40 column displays where the file extension is "too long" and going to take away "screen real estate".

    This has been going on literally for DECADES NOW. How can Microsoft be so blind? Whenever I get a new Windows box, it's the first thing I disable because if I don't, I'll just end up creating files with names like, "DailyLog.txt.txt".

    Whoever is at MS, insisting that this remain the default needs to be hauled out, shot, drawn, quartered, and the pieces sent to be displayed in the lobbies of their 4 largest offices.

  • by weeboo0104 (644849) on Thursday December 19, 2013 @01:49PM (#45738561) Journal

    I believe I got hit by this about a week ago when I clicked on an advert linked on Chicago Tribune's website.

    A fullscreen message appeared saying my computer had been encrypted and I had to pay $300 to decrypt it. I pulled my network cable out and had to power off my PC because the keyboard would not work. I was able to boot back up, but when I logged in both regularly and in Safe-Mode, a full white screen saying "please connect to the Internet" appeared and I couldn't use the keyboard again.

    I pressed F8 on boot and booted into Safe-Mode Command line only. Once I logged in and saw the command line, I typed rstrui.exe (windows System Recovery) and using the Restore Wizard, restored to a checkpoint from a day earlier. I restarted my PC again and let it boot normally and once I was able to log in without seeing the message, reconnected my network cable.

    My PC was never encrypted. The message only said it was. The clincher was before I booted Windows in Safe-Mode, I used a Knoppix DVD to mount the Windows partition and copy off my personal data before I started the recovery process. The data was perfectly readable and not encrypted.

    • So I've got to ask... why were you clicking on advertisements?!
    • I did the same thing to fix a friend's laptop. It was windows 8 though and giving me shit so I ultimately had to just rip the drive out and mount to another system. It was a pain in the ass but still recoverable.

"Why can't we ever attempt to solve a problem in this country without having a 'War' on it?" -- Rich Thomson, talk.politics.misc

Working...