Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime Privacy Security

Many Australians Forced To Pay For "Unbreakable" Cryptolocker Ransomware 148

An anonymous reader writes: Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus [Cryptolocker]. The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam. The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers. Bad news for Australians: this is just one of many targetting the country.
This discussion has been archived. No new comments can be posted.

Many Australians Forced To Pay For "Unbreakable" Cryptolocker Ransomware

Comments Filter:
  • by dwywit ( 1109409 ) on Monday August 10, 2015 @02:26AM (#50282927)

    Gets Cryptolocker installed. Via Group Policy, it prevents, among other things, anything being executed from the user's temp directory/ies - which is where email attachments are placed for whatever operation they require - picture preview, etc. It's not a guarantee, but it presents a big obstacle to any attacker attempting to fool a user into executing their code simply by opening an email.

    Not affiliated, just a happy user.

    • by Billly Gates ( 198444 ) on Monday August 10, 2015 @02:48AM (#50282979) Journal

      It can still get on via angler malware kit. The type from yahoo.

      It is run only from ram making it impossible to block or detect.

    • Every customer of yours gets Cryptolocker installed? You must not have a lot of repeat customers!

      I'm guessing you meant to type something other than "Cryptolocker" there?

      I'm sort of curious how this ransomware is being executed by clicking on a single link in an e-mail, as is implied in the stories. Surely this can't be done without an exploit in a modern browser and OS, right?

      • by Z00L00K ( 682162 )

        I assume that it's Bitlocker, not Cryptolocker.

      • by dwywit ( 1109409 ) on Monday August 10, 2015 @03:47AM (#50283087)

        Oh, bloody hell.

        Cryptoprevent from FoolishIT

      • by dbIII ( 701233 ) on Monday August 10, 2015 @05:22AM (#50283297)

        I'm sort of curious how this ransomware is being executed by clicking on a single link in an e-mail

        How?
        "Outlook not so good."
        Actually it's the combination of MS Outlook and IE that have such a "feature" for convenience. All it takes is for IE to be directed to the site and it helpfully runs the malware - no questions asked.

        Some of the emails have been from the tax office (equivalent to IRS), some have been about package deliveries with a tracking link and others have been about speeding fines. They are aimed squarely to catch people who are not idiots, just not as paranoid about computers as is required these days.

        There have been a few articles about it over the last year apart from the article linked above.

        • Now that's just pathetic - modded down for pointing out the vector of infection by some fanboy that wants to pretend even MS products being discontinued are perfect.
          There is nothing inaccurate in the above post. Not liking reality is no reason to mod down a post describing reality.
        • I suspect you got downmodded because you're making a very extraordinary claim. You're telling me that Outlook or IE actually runs an executable with no additional warnings? I'm sorry, but unless you show me some proof of that, I find it incredibly hard to believe.

          Take a look at this simulation video showing the infection process [box.com]. How many steps did the user have to take to extract and then execute the Cryptolocker installer? They had to click on the attachment and save it to disk, unzip the contents, an

          • by dbIII ( 701233 )

            You're telling me that Outlook or IE actually runs an executable with no additional warnings? I'm sorry, but unless you show me some proof of that, I find it incredibly hard to believe.

            Wow!
            I'm not sure why you are commenting on this thread since you don't know of the most complained about problem with MS Outlook. I suggest you google it and whatever article on an antivirus site that turns up looks as if it's the most interesting. It's big business building a third party wrapper around MS Outlook to provid

          • by dbIII ( 701233 )

            or we'd all be swimming in malware by now

            Yes
            It's a malware swamp beyond the dreams of bad SF out there. Hundreds of new "owned" systems are trying to break into my network daily before being blacklisted, not to mention thousands of spam messages from spambots, and that's just one IP address on the net that the script kiddies don't know from any other. Systems that are actually being targeted have to deal with far more.

          • by dbIII ( 701233 )
            I saved you the trouble of googling - move down to the heading "Be Careful of Links" to see where the problem still lies:
            http://www.howtogeek.com/13554... [howtogeek.com]

            Clicking on the wrong link will helpfully open IE which will then helpfully run the script that installs and runs cryptolocker - hence the problem discussed here!
            In news reports it has been links that are supposed to be about speeding fines, parcel tracking and tax refunds. I've seen a couple where the link said "here is your invoice", and the sort of
    • by Lumpy ( 12016 )

      Which blows my mind that windows allows to begin with.

    • Comment removed (Score:4, Informative)

      by account_deleted ( 4530225 ) on Monday August 10, 2015 @06:39AM (#50283475)
      Comment removed based on user account deletion
  • Like the movie Ransom [imdb.com] with Mel Gibson.

    But having backup of your files is always a good idea.

    • by jez9999 ( 618189 )

      DUMB.

    • by moeinvt ( 851793 )

      So, make a public announcement offering double the number of bitcoins the extortionist is demanding as a reward for the person's capture?

      • by Jeremi ( 14640 )

        So, make a public announcement offering double the number of bitcoins the extortionist is demanding as a reward for the person's capture?

        "The extortionist" is usually an entire gang of people, not just one person. I don't know how many bitcoins you'd have to offer to get someone to capture the Russian Mafia, and I can't imagine that gambit ending well in any case.

  • Quick, you should pass a law for all that non taxable revenue....
    • by Z00L00K ( 682162 )

      How do you know that it's not taxable? The problem is to figure out where the taxes should have been paid.

      • by Rei ( 128717 )

        One can be pretty confident that the answer is "Russia".

        And they've probably already IDed some if not all of the people involved, but there's no way they'd serve Russia with a warrant for their arrest (Russia would never hand them over) rather than keeping sealed charges on them and waiting for them to slip up and travel internationally.

        • by ruir ( 2709173 )
          Id love you to explain how they have IDed them with virus-like propagation and bitcoin payments...
      • by ruir ( 2709173 )
        I am just being ironic about australia being a hole where everything technology based and made being restricted and ridiculous expensive due to taxes.
  • Maybe they learn something from this... If not, there is allways the next time!

  • Private Number: "Hello I am from Telstra Internet Services and you have a problem with your computer"
    Me: F**k o** you scamming c***
    *End Call*

    Been getting those at least once a month now.
    • by MrNaz ( 730548 )

      Do a reverse fish. Tell them that you'll give them anything they want, but you've run out of prepaid broadband credit. They need to send you $30 so you can buy another voucher.

      • They do hundreds a day and have a script - your reverse pfish is not in the script to deal with so even if they are gullible enough it's not going to happen.
        The best I've done is ask one Indian lady on the line why she's working for such criminals despite having perfect English - that got a bit of an offscript response. I no longer have a phone on my landline so no longer have to put up with those scammers.
    • Re: (Score:3, Funny)

      by dwywit ( 1109409 )

      Oh, surely you can do better than that?

      "which computer? I have seven"
      "all of them sir"
      "even the ones not connected to the internet? which one do you want me to turn on?"
      "any computer, sir"
      "so, what are the error messages?"

      and so on. Had one of them on the line for almost 20 minutes. In the end he screamed obscenities at me and HE hung up. I told one girl her mother would be ashamed of her, I told another one I couldn't get to the computer because I had a broken leg. Even told another that the call would be

  • 1) Make sure users, especially Windows users, are well educated enough to not run things or accept things that pop up in the browser or is sent in an email.

    2) Make sure that all users have Adblockers, No-Script etc installed by default. It is more trouble initially, but it gives you a chance to stop and think, and after a while you will have trained yourself and your browser to allow you to do your work with a minimum of pain.

    3) Always run Windows in a VM under Linux - and make regular, dated backups of the

    • ...we start lists at zero around here.

      0 - Prevention is preferable to cure, avoid giving your PC the power to crash your life in the first place.
    • by dbIII ( 701233 )

      1) Make sure users, especially Windows users, are well educated enough to not run things or accept things that pop up in the browser or is sent in an email.

      "I know I'm not supposed to do it, but I was expecting a ..."
      We can't really blame the users for this one and education hasn't fixed the problem. The malware swamp we are sinking into would not be happening if the software environment was not such a mess.

      3) Always run Windows in a VM under Linux

      One thing that is getting victims is encryption of files o

    • by donaldm ( 919619 )

      1) Make sure users, especially Windows users, are well educated enough to not run things or accept things that pop up in the browser or is sent in an email.

      You do realise that trying to educate most MS Windows users is like trying to drain a lake with a colander.

      2) Make sure that all users have Adblockers, No-Script etc installed by default. It is more trouble initially, but it gives you a chance to stop and think, and after a while you will have trained yourself and your browser to allow you to do your work with a minimum of pain.

      Well I suppose if you are the System Admin but that would be a really thankless job.

      3) Always run Windows in a VM under Linux - and make regular, dated backups of the Windows disk images (the VM disk images!). If shit happens, you can quickly go back to a version that works.

      Honestly lets be real here. How many MS Windows users would even know how to install a Linux distribution much less run a virtual machine with MS Windows running in it and as for making backups of the virtual images - err lets not go down that path. In fact how many people actually know how to install MS Widows from scr

    • 1) The attacker gets numerous attempts to fool the user, and only has to win once. By chance the attackers are likely to hit on something that will fool some users sometime.

      2) NoScript is a pain to use properly. I have it, but I couldn't recommend it to unsophisticated users. They're going to get into a reflex of "allow all on page", and eventually will switch to allowing everything, because "temporarily allow on on page" does not always work.

      3) Does all software run satisfactorily in a VM? Is it

  • Backup in depth:
    'real time' (ie Apple's time machine)
    + Daily
    + Weekly (put aside)
    + Monthly (stored offsite)
    + Yearly (stored off-offsite)

  • Scam? (Score:5, Insightful)

    by Kjella ( 173770 ) on Monday August 10, 2015 @04:11AM (#50283127) Homepage

    Scam would imply this is some kind of fraud or swindle, like a con artist trying to trick you. This is plain extortion, they've kidnapped your data and is holding it ransom. If bad things really do happen if you don't pay, it's not a scam any more than being robbed at gunpoint is.

    • Scam would be if they didn't unlock it when you pay.

    • by Ihlosi ( 895663 )
      Scam would imply this is some kind of fraud or swindle, like a con artist trying to trick you.

      Yes. They're tricking you into going to their landing page. Otherwise, you would voluntarily access a page that solely exists to unleash an exploit kit on whoever accesses it.

  • I hope that the ATO is getting their fair of the GST on these ransomware demands.... The lack of tax on overseas purchases are taking our jeeerbs!
    • by dwywit ( 1109409 )

      We just found Gerry Harvey's /. handle.

      Seriously, they want to drop the threshold to AUD$20? I thought it was uneconomic to collect the tax below purchases of AUD$100?

      I'll just buy books one at a time. Makes no difference to me, the book depository has free shipping.

      • Seriously, they want to drop the threshold to AUD$20? I thought it was uneconomic to collect the tax below purchases of AUD$100?

        mmm, thats the situation we have in the UK (and I belive the EU in general) and it sucks. Order a £16 (inc delivery) item from outside the EU, pay £3.20 VAT and pay ~£10 handling charge for collecting the VAT.

  • by Gumbercules!! ( 1158841 ) on Monday August 10, 2015 @04:43AM (#50283187)
    I know someone who personally accounts for 4 of those installations. On the same computer. Because she's fallen for the same frikkin scam four times. Every time I ask her "why did you open an email claiming to be from the IRS, when we don't have an IRS in Australia", she tells me "because it sounded real". You should see the grammar in these scam emails, too: they're written like "please effective the transactionments with the rapid or we can has your cheeseburgers". Yet she's still fallen for it. Four. Times.

    Fortunately, I back that site up effectively.
    • by MrNaz ( 730548 ) on Monday August 10, 2015 @04:58AM (#50283235) Homepage

      Have you considered replacing her computer with one of those Fisher Price toy computers that just makes beeping noises when you press the keys? From what you say, it doesn't seem like she'd notice.

      • Yeah it's not a stupid idea, either. From what I can tell, her job description is mostly to make up work to do to keep herself busy.
      • by dbIII ( 701233 )

        Have you considered replacing her computer with one of those Fisher Price toy computers that just makes beeping noises when you press the keys? From what you say, it doesn't seem like she'd notice.

        That's the problem - after 2000 we replaced the real computers with Fisher Price toys with some insecure shit from Microsoft on it.
        Outlook not so good.

      • Obligatory Dilbert:

        http://dilbert.com/strip/1995-... [dilbert.com]

      • by ebvwfbw ( 864834 )

        I remember when this came out. http://dilbert.com/search_resu... [dilbert.com]

    • by dwywit ( 1109409 )

      I hope your service fee increases by the square of the number of incidents?

      On a related note, I have to thank Microsoft for Windows 10. I think it'll make me rich. I've bumped my hourly rate by 10% for Win 10 service calls.

  • Comment removed based on user account deletion
  • Sue Microsoft for making shitty software.
    • It's not Microsoft's fault. Pretty much any operating system can have this problem. There's a version of Cryptolocker that attacks Mac OSX machines as well. Unless you want to be stuck inside something like iOS, where you can only run an approved list of programs, then you're going to end up with people who run anything and everything causing security problems for themselves.

  • by iMouse ( 963104 ) on Monday August 10, 2015 @08:03AM (#50283719)

    CryptoWall/CTB-Locker/Cryptolocker (or whatever the variant's name is this month) seems to have difficulty with or is rather slow at getting to data stored in the container for the Volume Snapshot Service. For businesses that do not allow their users to run as administrators (or have them elevate from a privileged account), they can typically restore a reasonably recent snapshot of data folder by folder using the Previous Versions option.

    If the user is an admin, I've found that the window for recovery using VSS is smaller, but certainly better than nothing. Network shares should be restored from backups or VSS from the server (if Windows). I haven't figured out what to do with flash drives quite yet....even most data recovery software doesn't find much since the files are never really erased, just overwritten with encrypted copies.

  • It seems like it shouldn't be too hard to MD5 / SHA / whatever hash every file of the types that are targeted - a la tripwire.

    Do such solutions exist for the various targeted OSs?

  • Kinda like suddenly running into the middle of a busy road and getting hit by a car. Even though pedestrians have the right of way, any court of law would blame the pedestrian.

    So there is a much better, more secure, more useable and more professional product out there than Microsoft Windows, and its even free (Gnu/Linux), yet many dumbasses still choose to buy and use Windows instead and also not even back up their files, even though Windows has a decades long history of being easily hacked and Microsoft ha

    • Even though pedestrians have the right of way, any court of law would blame the pedestrian.

      Wrong. The pedestrian has the right of way, therefor the driver by law is automatically at fault.
      • by JustNiz ( 692889 )

        so if someome just steps off the pavement right infront of a car, close enough that the driver had no possibility of avoiding him, then its still the drivers fault?

        • IANAL, but my guess is that that would be considered extenuating circumstances as far as legal action is concerned, but it would still go on the driver's insurance.
  • Sociological issues aside, getting bit by one of these scams is functionally equivalent to having your hard drive become corrupted, and the obvious solution is the same -- restore your data from backup.

    The thing that motivates people to pay $$$ to the scammers (and thus motivates the scammers to keep causing trouble) is that too many people don't back up their data, and thus it costs them less to pay off the scammers than it would to reconstruct whatever was on their hard drive.

    Given the low cost of hard dr

  • Australians are known for that.

To stay youthful, stay useful.

Working...