Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption Privacy Security Network Networking Open Source Operating Systems Programming Software News Build

Jigsaw Ransomware Deletes Your Files If You Don't Pay Or When You Reboot Your PC (bleepingcomputer.com) 108

An anonymous reader writes: Researchers found a new ransomware yesterday called Jigsaw which will first lock your files and ask for a 0.4 Bitcoin ($150 USD) payment. If users don't pay, every hour the ransomware deletes your files. If the user restarts their PC, the ransomware also deletes 1,000 more files. The good news is there's a free Decrypter available to unlock the ransomware. The Decrypter was built by Michael Gillespie, who announced yesterday on Softpedia the ID Ransomware service, which tells infected victims what kind of ransomware infection they have by allowing them to upload an encrypted file and the ransom note.
This discussion has been archived. No new comments can be posted.

Jigsaw Ransomware Deletes Your Files If You Don't Pay Or When You Reboot Your PC

Comments Filter:
  • Turn back the clock (Score:3, Interesting)

    by Anonymous Coward on Tuesday April 12, 2016 @06:15PM (#51895819)

    I have to wonder what would happen if you just kept turning the clock back on your computer every 45 minutes... I guess it depends on how lazy the programmer was.

    Anecdote: I recently had a WIndows Auto-update give me the choice between now and in 10 minutes for an update. I wanted to watch a movie online so I set the clock back serveral hours.

    • Well, no need for that, as you can just kill the processes directly. This is amateur hour stuff if it can be decrypted locally with a simple utility, and apparently doesn't take any steps to prevent its own process from being viewed and killed.

      Sadly, it doesn't take a genius programmer to grab an existing exploit kit and throw together some half-assed shit like this that still does some real harm to people. As always, it's far easier to destroy than to create.

    • by Anonymous Coward

      give me the choice between now and in 10 minutes for an update.

      Funny how Windows users have such an obviously adversarial relationship with the OS (this isn't about good-vs-bad or proprietary-vs-closed; it's simply about us-vs-them) and yet they still use words like "give" and "choice" whenever they talk about how their boyfriend beat them up.

      You people.

      • by jetkust ( 596906 )
        So you're saying you're NOT supposed to have to trick an operating system into allowing you to use it?
    • Comment removed based on user account deletion
      • Don't reboot into the harddrive, but boot from a livecd, and try decrypting the contents from there.

        User who know what a LiveCD is probably don't fall for such ransomware themselves.

        At best, they are called by a friend or family member who did fall for it, but in that case, chances are said friend or family member already "cleanly" shut down their computer ("hey, I had documents open on which I worked all afternoon, I had to save them, didn't want to lose that work"), or even rebooted it once or twice ("if I call Peter right now, he'll again scold me for being so careless about opening attachments, bette

  • It's not mentioned in the summary, but if you take the time to RTFA (Yes, I know this is Slashdot, but still...) you'll find that this is Windows specific. That's not to say that an infection can't be devastating, or that people using Windows deserve what they get, it's just making note of the fact that those of us who don't use Windows don't need to worry about it.
    • by Anonymous Coward on Tuesday April 12, 2016 @06:24PM (#51895899)

      it's just making note of the fact that those of us who don't use Windows don't need to worry about it.

      For now.

    • Windows is targeted because that is what everyone uses. If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!
      • Re: (Score:3, Insightful)

        by drinkypoo ( 153816 )

        If everyone used something else, that is what hackers would target, because that is where they can exploit the most users!

        If everyone used everything else, we'd only have women in tech articles to complain about

    • Re: (Score:2, Troll)

      by caino59 ( 313096 )

      A great point to make.
      Remember everyone: Windows is always bad. Don't worry about your poor security habits - you're probably fine.

    • "...you'll find that this is Windows specific"

      Many of the ransomware schemes, especially the ones aimed ta corporate users, use social engineering to trick users into clicking on a software install request and then giving specific permission to run the program. These techniques are applicable on any platform.

      • These techniques are applicable on any platform.

        That's very, very true. And, I'm sure that a similar piece of malware that was designed to run on Linux would work, although I'm not sure if it would have access to the system files. (That depends on how it was written and what other security measures were on the target system.) My point was simply that this specific example was written with Windows in mind, probably because the potential number of targets is so large.
        • My point was simply that this specific example was written with Windows in mind, probably because the potential number of targets is so large.

          Well, yeah. Macs were never virus proof there were just too few to bother targeting.

  • What does someone like me that never jumped on the Bitcoin hype do? Just write the computer off as a lost cause?

  • Before they start preventing downloads/disabling USB and allowing access to any website other than Bitcoin buying and their payment page.
    • by wbr1 ( 2538558 )
      That would be useless. Any tech worth his salt is going to pull the drive from its running environment first thing for any ransomware infection. Either by booting to a USB environment (good luck disabling that), or physical removal. Hell in our shop I have a custom built storage server simply to image any jobs that come in the shop, ransomware included. The only exception are drives that have failed to badly to image.
      • Mmm, I'm wondering how long it'll take before some kind of malware keeps its keys in-memory, so when you shut down the PC or kill the process the entire HD gets un-decryptable...

  • Is this ransomware named after the antagonist in the movie "Saw"?

    If so, maybe we're seeing a new trend of naming viruses after movie villains, and they might even share some characteristics!

    I'm hanging out for the Mugatu virus.

  • Poor fucking users (Score:5, Insightful)

    by roman_mir ( 125474 ) on Tuesday April 12, 2016 @06:46PM (#51896055) Homepage Journal

    Some people are true assholes, poor fucking users who run into this. Imagine what will happen in the future, with self driving cars and somebody figuring out a way to take over and not let you out of the car until you pay, but if you don't pay within a time limit they will crash your car, drive it off a cliff or something...

    Security needs to become part of culture, but with people sharing every bit of their lives on sites like FB, etc., with people not caring about NSA stealing their data... I don't know, there will be deaths because of this eventually. System security has to become central when relying on more and more computers and robots, drones, it has to be done.

    • The bigger the crime, the more resources will be thrown by companies, individuals, police, government to stop it. Many "smart" criminals will avoid killing as it draws a lot of heat. E.g. if your in a big city and someone steals your phone, good luck getting the cops to do more than note it down. However, if someone steals a phone and kills the victim, you can expect a full crime scene, and lab work to be done.

      Hacking cars with the intent to hurt (or make it appear so) will get the interest of the US govern

  • payback (Score:5, Funny)

    by supernova87a ( 532540 ) <kepler1@NoSpaM.hotmail.com> on Tuesday April 12, 2016 @06:49PM (#51896079)
    When someone finally finds the people who write and extort with this kind of ransomware, they should slowly and painfully delete body parts one by one until they pay up...
    • by Anonymous Coward

      I'm not a violent man but I get this sentiment. A year ago, my son innocently downloaded a (bogus) Java update and we were infected with a ransomware that encrypted all the files on the drive (we didn't pay btw). I was livid. The worst loss was all the special school work he had been doing that day and the day before. There was no backup of that and that stuff was a total loss (fortunately the teacher understood and was kind). I felt for my son who had spent hours and hours on the project. If you

      • no no no

        what any God Father knows is you don't do the deed yourself you simply make it know that it would be nice if X happened to Y.

        and what you do is remove the bits needed to pass on their genes and "pleasure" a woman.

        oh and on a more serious note Ninite Pro is cheap at US$20.00 a month and you can take care of your whole Family in the process.

        • by cdrudge ( 68377 )

          If you had given me the address of the hackers on that day, I would have hunted them down and strung them up in the public square by their balls.

          and what you do is remove the bits needed to pass on their genes and "pleasure" a woman.

          Now I do admit that I've never been strung up by my balls, but I'd imagine that if you strung them up tight enough, long enough, you'd still accomplish the same goal of preventing them from passing on their genetic material and pleasing a woman.

    • A good suggestion I heard lately is that we should hunt these arseholes down, along with any other scammers and parasites trying to trick hard working people out of their money, and terrorists, put them at the bottom of a nice deep salt or phosphate mine, and enrol them on therapeutic drugs trials for the rest of their miserable lives. That way they can pay back some of the misery they have brought on society.

  • This might be a good time for Windows users to discover an open source operating system. I use OpenBSD on all of my systems and I am not vulnerable to shit like this.
    • This might be a good time for Windows users to discover an open source operating system. I use OpenBSD on all of my systems and I am not vulnerable to shit like this.

      This might be a good time for Windows users to discover an operating system that nobody uses and doesn't get attention from exploiters. -fixed that for you.

      • This might be a good time for Windows users to discover an operating system that nobody uses and doesn't get attention from exploiters. -fixed that for you.

        ...and the reason that Windows is targeted is simply because this type of attack is possible not because of its' seeming ubiquity. Also, the "operating system that nobody uses" is actually the OS that runs the internet, powers your phone, runs your TV, router and even your washing machine.

        Windows is just a poor proprietary client for a Linux world

      • by robmv ( 855035 )

        There could be a little truth in that, but no OS make the same mistake of letting the sender of a file decides what is executable or not (sender call it .exe or .scr and it is executable). Only Windows allow the sender to define what icon will be show for a file (sender embed a Word document icon to an executable and that is shown).

        There are many ways to make phishing at non Windows users, but then some kind of vulnerability must be used (when opening a document), not a simple stupid trick of sending an exe

        • by tlhIngan ( 30335 )

          There are many ways to make phishing at non Windows users, but then some kind of vulnerability must be used (when opening a document), not a simple stupid trick of sending an executable and people confusing it for other thing. I think the most common one

          Not really. In Linux it's pretty easy to get a random user to run a random script. You just have to tell the user why'd they want to.

          Wasn't there recently a case where a botnet was shut down of Linux users? Sure it was only 2000 machines, but still - 2000 pe

You know you've landed gear-up when it takes full power to taxi.

Working...