CryptoLocker Gang Earns $30 Million In Just 100 Days

DavidGilbert99 writes "A report from Dell Secureworks earlier this week reported that up to 250,000 systems have been infected with the pernicious ransomware known as CryptoLocker. Digging a little deeper, David Gilbert at IBTimes UK found that the average ransom being paid was $300, and than on a very conservative basis just 0.4% of people paid the ransom. What does this all add up to? $30 million for the gang controlling CryptoLocker — and this could be 'many times bigger.'"

See? Business model entirely without DRM.

[Erikderzweite]

Just look at those guys: they don't need to take our freedoms with draconian DRMs and bought legislation. Their programs can be freely copied, in fact, their whole business model depends on the software being copied at no cost!

What do they earn their money with, you ask? With high-quality cryptographic security service! Truly, a business model of the future.

They are not blaming pesky pirates for their losses, they don't whine that someone uses their work without permission. They work harder, are creative and produce high-quality product. And that is their key to success!

Math?

[nmoore]

250,000 * .004 * $300 = $300,000, not $30 million. I think someone confused 0.4% with 40%.

Re:Better Than Commercial Software?

[ekgringo]

We knew someone at a sister company that was infected with CryptoLocker. He had no backups (they have no IT infrastructure) so he paid the ransom to recover his files. It appeared to start decryption, but the machine was old and we had to let it run over the weekend to complete. Windows Security Essentials had to be disabled in order for the decryption to work, but it re-enabled itself and blocked the decryption. By the time Monday rolled around, the decryption sever had been shut down or his ransom window had expired and so he ended up losing his data anyway.

Re:Said every IT person. Ever.

[Anonymous Coward]

your forgetting that almost no one changes their own oil any more, people are just too lazy and that's the only answer. that is why certain companies have stopped including dip sticks with their engines and instead require you to go to a service center to check your oil levels. one failed sensor and your engine is toast..

and you expect people to perform their own backups? your analogy is correct but you miss the fact that you are not the average person as you have the common sense not to run your car for 15,000 miles with out thinking to change your oil. for the vast majority of people an automobile is an appliance, one that they care for about as much as their toaster

Re:Justice

[mlts]

IMHO, CryptoLocker is just the first shot across the bow.

Long term, maybe it will be a good thing, similar to the old PC days where BIOS killing viruses finally got people to actually care about average security or else keep buying new computers.

Of course, malware like this pretty much trashes almost every single backup system known to man. The enterprise is less affected because of programs like NetBackup that pull data, so malicious software is unable to touch previous backups. However, the main form of backups people do (if they bother to do anything) is copying to a secondary hard disk, which allows the backups to be accessed by malware and destroyed. Services like Mozy sort of help, but they might not keep a previous version of a file that hasn't been corrupted by ransomware, especially if the software is relatively slow and encrypts files over a long period of time to escape detection.

What I am waiting to see is Cryptolocker's descendant. This software will install itself through a hole in a Web browser or add-ons. It will install a low level Windows driver. It will then generate a private key and keep it local to the machine, sending a backup to the ransomware's servers. The software will gradually encrypt files over time. However, when an encrypted file is accessed, it will decrypt it on the fly... for a time.

Then, once it completes encrypting files, it will stop decrypting on the fly, purges the private keys it used, then demand ransom. Since this was done over a period of weeks to months, even backups stored on Mozy or other places will be locked out.

Re:Better Than Commercial Software?

[zeugma-amp]

So, you made a donation to organized crime. How charitable.

As did this police department ...

US local police department pays CryptoLocker ransom [sophos.com]

=snip=

A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker [sophos.com] ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports [heraldnews.com].

The police department spokesman claimed that the infection had been mopped up and their systems secured, with no personal information stolen.

=end snip=

Re:Alright NSA, why is this going on?

[Anonymous Coward]

cold fjord is to Slashdot what Jeffrey Toobin is to the mainstream media, a fucking government shill that spills lots of lies and distortions.
So when one talks about executing his buddies for treason, it can only get on his sensibilities.

Brain-dead default: the gift that keeps on giving

[istartedi]

Microsoft's brain-dead default of "hide file extensions" is cited in the article as part of the social engineering aspect that gets users to click on the files. It's the gift that keeps on giving... to black hats.

Hiding the file extension does NOTHING to make things easier on the user or make the UI any cleaner. It's not like we have 40 column displays where the file extension is "too long" and going to take away "screen real estate".

This has been going on literally for DECADES NOW. How can Microsoft be so blind? Whenever I get a new Windows box, it's the first thing I disable because if I don't, I'll just end up creating files with names like, "DailyLog.txt.txt".

Whoever is at MS, insisting that this remain the default needs to be hauled out, shot, drawn, quartered, and the pieces sent to be displayed in the lobbies of their 4 largest offices.