Inside a Ransomware Money Machine

tsu doh nimh writes "The FBI is warning that it's getting inundated with complaints from people taken in by ransomware scams that spoof the FBI and try to scare people into paying 'fines' in lieu of going to jail for having downloaded kiddie porn or pirated content. KrebsOnSecurity.com looks inside a few of the scams in the FBI alert, and it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while."

Re:Scams

[h4rr4r]

Yes, me. I got one of these emails, but since I know that is not how the FBI operates I deleted it.

Hah!

[Anonymous Coward]

My buddy got one of those from watching waaaaayy too much porn, and actually called the FBI who told him it was a virus.

What it does is lock your screen with an FBI logo and official-looking message, even displaying the output from the webcam if there is one, saying that unless the mark pays $200 or so using a Bitcoin-like form of payment one can get at convenient stores, the user will be arrested for downloading CP and/or "copyrighted material." Certain keys are locked, obviously, so you can't do the 3-finger salute and kill it with the task manager.

A boot into safe mode and a little MsConfig was enough to fix, though not remove, the malware.

-- Ethanol-fueled

funny thing about that law

[RobertLTux]

once you have the mattress home it is legal for you to remove the tag but after that you can't resell the mattress.

Re:This has gotten out of hand.

[viking099]

Back when I was working the computer labs at my university, we used a product by Centurion [centuriontech.com] to secure our workstations.

We would build an image, then lock down this little device installed in the case.

The computer user never even notices it, and they can write to temp folders and change settings, and everything.

When the computer is then rebooted, this device just reloads the OS from the "locked" partition, and it's just like it ever was.

Day to day it was great, but applying updates was a pain because you had to visit each system and unlock it manually. This was 15 years or so ago, so I'm sure they have a better system in place now, but it worked pretty well for our group and the hundreds of computers we maintained.

Re:Hah!

[hillbluffer]

Here's how to get totally rid of it http://goo.gl/Av1Pm [goo.gl] Short answer is, keep your anti-virus up to date!

Re:Hah!

[Anonymous Coward]

My buddy got one of those from watching waaaaayy too much porn

No, your buddy got it from downloading and executing malware. You can look at an unlimited amount of porn, but if your policy is that you don't run code that you have reason to trust, then you can't get infections. Porn is still as safe as it has always been.

Re:This has gotten out of hand.

[g1zmo]

At my last job in a university library, they used the same approach (but different product [wikipedia.org]) for keeping the public PC stations locked down.