Jigsaw Ransomware Deletes Your Files If You Don't Pay Or When You Reboot Your PC (bleepingcomputer.com) 108
An anonymous reader writes: Researchers found a new ransomware yesterday called Jigsaw which will first lock your files and ask for a 0.4 Bitcoin ($150 USD) payment. If users don't pay, every hour the ransomware deletes your files. If the user restarts their PC, the ransomware also deletes 1,000 more files. The good news is there's a free Decrypter available to unlock the ransomware. The Decrypter was built by Michael Gillespie, who announced yesterday on Softpedia the ID Ransomware service, which tells infected victims what kind of ransomware infection they have by allowing them to upload an encrypted file and the ransom note.
Turn back the clock (Score:3, Interesting)
I have to wonder what would happen if you just kept turning the clock back on your computer every 45 minutes... I guess it depends on how lazy the programmer was.
Anecdote: I recently had a WIndows Auto-update give me the choice between now and in 10 minutes for an update. I wanted to watch a movie online so I set the clock back serveral hours.
Re: (Score:3)
Well, no need for that, as you can just kill the processes directly. This is amateur hour stuff if it can be decrypted locally with a simple utility, and apparently doesn't take any steps to prevent its own process from being viewed and killed.
Sadly, it doesn't take a genius programmer to grab an existing exploit kit and throw together some half-assed shit like this that still does some real harm to people. As always, it's far easier to destroy than to create.
Re: (Score:1)
Funny how Windows users have such an obviously adversarial relationship with the OS (this isn't about good-vs-bad or proprietary-vs-closed; it's simply about us-vs-them) and yet they still use words like "give" and "choice" whenever they talk about how their boyfriend beat them up.
You people.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Don't reboot into the harddrive, but boot from a livecd, and try decrypting the contents from there.
User who know what a LiveCD is probably don't fall for such ransomware themselves.
At best, they are called by a friend or family member who did fall for it, but in that case, chances are said friend or family member already "cleanly" shut down their computer ("hey, I had documents open on which I worked all afternoon, I had to save them, didn't want to lose that work"), or even rebooted it once or twice ("if I call Peter right now, he'll again scold me for being so careless about opening attachments, bette
One missing detail (Score:1, Informative)
Re:One missing detail (Score:5, Insightful)
it's just making note of the fact that those of us who don't use Windows don't need to worry about it.
For now.
Re: (Score:2)
Re: (Score:3, Insightful)
If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!
If everyone used everything else, we'd only have women in tech articles to complain about
Re: (Score:1)
It's simpler than that:
If everyone used everything else, it would all be used up.
Re: (Score:2, Troll)
A great point to make.
Remember everyone: Windows is always bad. Don't worry about your poor security habits - you're probably fine.
Re: (Score:2)
"...you'll find that this is Windows specific"
Many of the ransomware schemes, especially the ones aimed ta corporate users, use social engineering to trick users into clicking on a software install request and then giving specific permission to run the program. These techniques are applicable on any platform.
Re: (Score:2)
That's very, very true. And, I'm sure that a similar piece of malware that was designed to run on Linux would work, although I'm not sure if it would have access to the system files. (That depends on how it was written and what other security measures were on the target system.) My point was simply that this specific example was written with Windows in mind, probably because the potential number of targets is so large.
Re: (Score:1)
That just isn't the case. Users don't have the rights to install and execute additional software on Linux or (real) BSD (not Mac). Windows, by comparison, doesn't have any proper, rigorously enforced, permissions structure, so it's trivially easy to install and execute malicious code - often without user intervention.
The actual reason that Windows is the only target for ransomware is that the attacks are possible and Windows (l)users are generally tech
Re: (Score:3)
That just isn't the case. Users don't have the rights to install and execute additional software on Linux or (real) BSD (not Mac).
WTF? Have you ever used Linux?
Here's a hint: type Alt-F2, type "bash" there, and open a shell. Now, type "vi kill_my_files.sh", then type "a rm -rf / :wq!". Then, type "chmod 755 kill_my_files.sh". There, you've now created "additional software"! Now, execute it by typing "./kill_my_files.sh". Voila! You've executed it! And your files are all gone too!
The only thing regu
Re: (Score:2)
Whoops, I forgot you have to type <ESC>, as so: "a rm -rf / <ESC> :wq!"
Straightforward (Score:2)
Here's a hint: type Alt-F2, type "bash" there, and open a shell. Now, type {...}
Such a simple and straightforward procedure !
I wonder why everybody is complaining about Linux being hard to adapt to...
Re: (Score:2)
-1 Stupid.
Why aren't you complaining about how Windows is "so hard to adapt to"? After all, to run Excel in Windows, you can type Win+R and type "excel" there.
Joke explained (Score:2)
I know that I shouldn't be explaining my joke, but I was sarcastically referring that your "in linux, it's also possible to do lots of dammage without being root" instructions are nearly as complicate as the copy-pasta troll that was once popular on /. about the difficulty to get Quake running with openGL in Linux.
(As opposed to Windows where such breakage happens almost entirely alone, without nearly any user intervention required).
Consider it as a variant of the "Does virus {NAME} runs under Wine? Nope? E
Re: (Score:2)
My point was simply that this specific example was written with Windows in mind, probably because the potential number of targets is so large.
Well, yeah. Macs were never virus proof there were just too few to bother targeting.
Re: (Score:2)
After deciding on different means, since a pull based backup isn't feasible without enterprise backup software, what I do is a dual stage process. First stage, is to have Veeam dump my Windows box to a NAS with RAID 1. Then, the NAS then backs the shares it has to an external HDD. This way, if something destroys a share from a PC, it can be reloaded from the external HDD.
Eventually, I plan to get another NAS whose sole function in life is to store backups (with RAID) from the "front-line" NAS models. S
The solution is pull based backups... (Score:2)
Some variants of ransomware erase backup drives and cloud backups/network shares.
The real way to solve the problem isn't just having more data for ransomware to encrypt or destroy. Work on pull based backups, such as Windows Home Servers, Microsoft DPM, NetBackup, or some other mechanism. Preferably something that can use SSH or an existing known good protocol for security. This way, one of the worst things that malware can do is output garbage and try to fill up the backup server's hard disks with stuff
Re:The solution is pull based backups... (Score:5, Insightful)
Some variants of ransomware erase backup drives and cloud backups/network shares.
If it can be overwritten or erased by the live system it's not a backup. RAID is not a backup strategy. Copying files to a share is not a backup strategy.
A duplicate drive sitting on a shelf is a backup strategy. A tape in a box in is a backup strategy. A cloud-based solution that requires some special admin task to delete old backups is a backup strategy.
real way to solve the problem isn't just having more data for ransomware to encrypt or destroy. Work on pull based backups
Indeed.
Re: (Score:2)
I run Linux, but a piece of ransomware was recently reported that used Java to allow itself to run on multiple platforms. As a result I've invested in an LTO drive since my current backup strategies are based around Dropbox and a monthly snapshot to external disks. Smart ransomware could start chewing up the data slowly and end up in the backups before it was detected.
LTO7 came out recently with a 15TB native capacity. This means that LTO5 drives can had relatively cheaply, which have a 1.5TB capacity pe
Re: (Score:2)
Oops, LTO7 is 15TB compressed, it's about 6TB raw.
.
Re: (Score:2)
I think that if the tape makers could make a LTO 7 capacity drive, but have it be able to work on USB 3 without excessive shoe-shining (perhaps adding a fairly large RAM or SSD buffer so a consumer-grade laptop that cannot really handle the sustained I/O of a tape drive would still be able to use the drive.)
This has been done before. I remember many SCSI drives for Macs, and UNIX workstations that just plugged in and worked. With today's technologies like LTFS, it would be even easier. Add WORM tapes (wh
Re: (Score:2)
However, the next best thing is probably burning data to Blu-Ray, and finalizing the media, so it cannot be written to after the backup is done.
That was my plan if the LTO plan fell through. However, even with BDXL it would take a lot of disks to back up the main data store.
Re: (Score:2)
The good thing about CD/DVD/BD technology is that making an autochanger for this technology isn't difficult. Before the move to the iPod, 400+ CD carousel autochangers were commonplace for a couple hundred dollars in people's houses. Each BDXL disk may not hold much, but ~40 TB per carousel isn't too bad, assuming 100 gigs per disk, and a 400 disk pack.
One little flaw (Score:2)
What does someone like me that never jumped on the Bitcoin hype do? Just write the computer off as a lost cause?
Re:One little flaw (Score:5, Insightful)
Re: (Score:2, Insightful)
all computers should be treated as a lost cause. To do anything else is foolish.
Re: (Score:3)
Do they give you instructions about where you can get bitcoin in less than an hour no matter where you live?
Re: (Score:2)
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
Re: (Score:2)
What does someone like me that never jumped on the Bitcoin hype do? Just write the computer off as a lost cause?
Same thing as someone with bitcoins? Format the PC, reinstall your software, and reload all your data from your backups.
You do have daily backups don't you?
I give it a month (Score:2)
Re: (Score:2)
Re: (Score:2)
Mmm, I'm wondering how long it'll take before some kind of malware keeps its keys in-memory, so when you shut down the PC or kill the process the entire HD gets un-decryptable...
Saw? (Score:1)
Is this ransomware named after the antagonist in the movie "Saw"?
If so, maybe we're seeing a new trend of naming viruses after movie villains, and they might even share some characteristics!
I'm hanging out for the Mugatu virus.
Re: (Score:2)
Bitcoin... That's sounds an awful lot like cash. Cash is by far the preferred choice of payment by criminals worldwide should we ban that too?
Re: (Score:3)
"Cash is by far the preferred choice of payment by criminals worldwide should we ban that too?"
Has there ever been a single instance in the wild of ransomware for cash? Kidnapping for ransom died out in the US because of the increasing difficulty of making a cash drop. I predict that we are about to see kidnapping come back into style, for Bitcoin.
Re: (Score:1)
It's called a mugging "Give me cash or I delete your kidney"
Re: (Score:1)
Mugging is an extremely dangerous business. Ransomware is mostly safe.
Re: (Score:2)
Cash is by far the preferred choice of payment by criminals worldwide should we ban that too?
At some point, that will probably happen.
Re: (Score:3)
TPTB are working on it right now. Mario Draghi of the ECB is advocating the discontinuation of the 500 Euro note and economists like Larry Summers in the USA want to ban the $100 bill. There is also talk of banning all large cash transactions. Government obviously wants to track ALL of your financial activity.
The bankers want to ban cash so they can set a negative interest rate. People will have to pay to keep their money in a bank, and without cash, there will be no recourse. They also want deposits t
Poor fucking users (Score:5, Insightful)
Some people are true assholes, poor fucking users who run into this. Imagine what will happen in the future, with self driving cars and somebody figuring out a way to take over and not let you out of the car until you pay, but if you don't pay within a time limit they will crash your car, drive it off a cliff or something...
Security needs to become part of culture, but with people sharing every bit of their lives on sites like FB, etc., with people not caring about NSA stealing their data... I don't know, there will be deaths because of this eventually. System security has to become central when relying on more and more computers and robots, drones, it has to be done.
Re: (Score:3)
The bigger the crime, the more resources will be thrown by companies, individuals, police, government to stop it. Many "smart" criminals will avoid killing as it draws a lot of heat. E.g. if your in a big city and someone steals your phone, good luck getting the cops to do more than note it down. However, if someone steals a phone and kills the victim, you can expect a full crime scene, and lab work to be done.
Hacking cars with the intent to hurt (or make it appear so) will get the interest of the US govern
Re: (Score:2)
A quick lesson in the hopes of saving you from embarrassing yourself: Muslims have their own opinions, in precisely the same way non-Muslims do. Logic is your friend.
Re: (Score:1)
you're
Re: (Score:2)
Why do so many Slashdot users defend ransomware criminals?
Maybe because they only attack Windows users? Just consider it as cheap education...
Re: (Score:1)
I didn't shift responsibility to businesses, where did you read that? I said that all people need to understand that system security should be part of the core functionality, the push for security has to come from all sides, it cannot be only businesses if the users don't care and it cannot be just users if businesses are not listening.
payback (Score:5, Funny)
Re: (Score:1)
I'm not a violent man but I get this sentiment. A year ago, my son innocently downloaded a (bogus) Java update and we were infected with a ransomware that encrypted all the files on the drive (we didn't pay btw). I was livid. The worst loss was all the special school work he had been doing that day and the day before. There was no backup of that and that stuff was a total loss (fortunately the teacher understood and was kind). I felt for my son who had spent hours and hours on the project. If you
Re: (Score:1)
Vengeance is not the answer. As a parent, you should know that.
Vengeance is simply social feedback, cause and effect. When appropriate consequence is removed from actions people will continue to be monsters and become even worse. IF you were a parent of an infant/young child at any point you should definitely KNOW this.
Humans are NOT rational creatures, we are emotional predators who are capable of learning reason to some degree but usually only to use it to serve our emotional selfish desires. Yes, some people are less predator and more rational than others, I like to
Re: (Score:2)
Actually, it is. It's part of a feedback cycle, and it keeps people from acting badly. If you do something to harm someone else, they (or their friends, family, etc., or these days the government on their behalf) will come find you, and then punish you to make an example out of you. In the future, people contemplating that action will think twice about it because they want to avoid that fate, and the person who did it the first time won't do it again.
Re: (Score:2)
no no no
what any God Father knows is you don't do the deed yourself you simply make it know that it would be nice if X happened to Y.
and what you do is remove the bits needed to pass on their genes and "pleasure" a woman.
oh and on a more serious note Ninite Pro is cheap at US$20.00 a month and you can take care of your whole Family in the process.
Re: (Score:2)
Now I do admit that I've never been strung up by my balls, but I'd imagine that if you strung them up tight enough, long enough, you'd still accomplish the same goal of preventing them from passing on their genetic material and pleasing a woman.
Re: (Score:1)
A good suggestion I heard lately is that we should hunt these arseholes down, along with any other scammers and parasites trying to trick hard working people out of their money, and terrorists, put them at the bottom of a nice deep salt or phosphate mine, and enrol them on therapeutic drugs trials for the rest of their miserable lives. That way they can pay back some of the misery they have brought on society.
Choice of OS (Score:1)
Re: (Score:1)
This might be a good time for Windows users to discover an open source operating system. I use OpenBSD on all of my systems and I am not vulnerable to shit like this.
This might be a good time for Windows users to discover an operating system that nobody uses and doesn't get attention from exploiters. -fixed that for you.
Re: (Score:1)
This might be a good time for Windows users to discover an operating system that nobody uses and doesn't get attention from exploiters. -fixed that for you.
Windows is just a poor proprietary client for a Linux world
Re: (Score:2)
There could be a little truth in that, but no OS make the same mistake of letting the sender of a file decides what is executable or not (sender call it .exe or .scr and it is executable). Only Windows allow the sender to define what icon will be show for a file (sender embed a Word document icon to an executable and that is shown).
There are many ways to make phishing at non Windows users, but then some kind of vulnerability must be used (when opening a document), not a simple stupid trick of sending an exe
Re: (Score:2)
Not really. In Linux it's pretty easy to get a random user to run a random script. You just have to tell the user why'd they want to.
Wasn't there recently a case where a botnet was shut down of Linux users? Sure it was only 2000 machines, but still - 2000 pe
Re: (Score:2)
The Decrypter might recover files that weren't on the last known good backup (which, for the average Windows user, probably is the reinstall media). Save them on something, then do a full install.
Re: (Score:2)
This is exactly why I run an autobackup of all my files to separate backup files every single night. The most I would ever lose is 24 hours of data.
This is 2016, folks. Ransomware shouldn't even be a blip on anyone radar by now.
Given that modern ransomware actively seeks out file shares and removable disks to prevent this kind of easy recovery, I'm curious to know what backup mechanism you're using. And also how far back that backup goes. Another strategy these things use (or could potentially use) is to encrypt things slowly over a long period of time so the backups are chewed up as well unless you're regularly taking snapshots onto read-only media or some kind of versioned filesystem.