back to article Ransomware Trojan is back and badder than ever

A ransomware Trojan threat is back – in an even more noxious form – two years after it last appeared. A new variant of the GpCode ransomware encrypts user files on infected Windows PCs using theAES 256 and RSA 1024 encryption algorithms. The malware only encrypts the start of media or Office files, but that's enough to make …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    Come on

    Props where it's due, that's some pretty cool remote coding there!

    These waste of space scumbags can achieve this, yet OSX, Windows, Linux, MSOffice, OpenOffice, Oracle, SQLServer, MySQL, etc, still have silly obvious problems that never seem to get fixed!

    1. The BigYin

      So...

      ...how much time have YOU devoted to fixing and testing the bugs that you complain about?

      Put up or shut up.

      1. Anonymous Coward
        Flame

        @Big Yin

        He's pointing out that these are talented people and their skills would be better used elsewhere.

        As for the coding, not everyone is a programmer, so shut up.

        Did you build your car? No? Then don't complain about anything about it, same goes for your TV, fridge, carpets,house, in fact ANYTHING you own that YOU personally didn't make, don't EVER complain about.

        You are the sort of arse that make Linux for geeks.

        "Ooo so what, you can't write your own driver for your HP printer. Well that's your problem."

        1. The BigYin

          @Lost

          "Did you build your car? No? Then don't complain about anything about it, fridge, carpets,house, in fact ANYTHING you own that YOU personally didn't make, don't EVER complain about."

          I don't, I pay a guy (or gal) to fix them for me. Or I buy an alternative. Same with software. I can either fund (or part fund) the fix, find an alternative or get involved with fixing it.

          There is a great malaise today where people expect every little thing to be sorted for them by some mythical higher power, or for every little thing to be perfect from the get go.

          Standing on the sidelines and moaning isn't going to get anyone anywhere. In any aspect of life.

          It's put up or shut up.

      2. Anonymous Coward
        Megaphone

        @ The BigYin

        "..how much time have YOU devoted to fixing and testing the bugs that you complain about? Put up or shut up."

        "Doctor, doctor, my ears are bleeding"

        Doctor: "Actually I think you will find that *I* have a medical degree and *YOU* don't"

        "So are you going to help me?"

        Doctor: "No. Put up or shut up"

        1. The BigYin
          FAIL

          @AC

          Ah yes...this will be a doctor who lives on thin air than and does not expect any remuneration for their time. My, my, my.

          So I do "put up" for the doctor. It's called "paying the bill".

          1. Anonymous Coward
            Alert

            @The BigYin

            The BigYin wrote -----

            Ah yes...this will be a doctor who lives on thin air than and does not expect any remuneration for their time. My, my, my.

            So I do "put up" for the doctor. It's called "paying the bill".

            -----

            We pay our bills too. We've put up. Looks like it's your turn to shut up.

      3. Arbuthnot Darjeeling
        Happy

        This is an example of the argument

        'my solicitor/builder/car mechanic/security programmer is useless'

        - could you do a better job? No? So don't complain.

        What you overlook in your anxiety to dismiss criticism is the customer's obvious assertion-

        'but it's because I'm not a solicitor/builder/car mechanic/security programmer that I hired him.

        'I may not be a solicitor/builder/car mechanic/security programmer but I can tell a rubbish job when I see one.

        And I see one.

  2. Wize

    Has anyone sent money to these places?

    And have any of them returned an unlock key?

    Not that I'd ever let them sniff my credit card, but can't the money transfer be tracked and help find the people involved?

    1. Nigel 11
      Linux

      Consumer Credit Act to the rescue?

      I'm thinking interesting things about the consumer credit act at this point. If you *did* pay up, you could then hold the credit card company liable for the consequences of the non-delivery of the unscramble key and the consequential losses. Because they are jointly liable in law (with a blackmailer!), and it's already been proved in court that the CCA joint liability extends overseas.

      I think someone suing their bank for the cost of all consequential damages ought at least result in some heavy pressure being exerted to find the culprits!

      1. Oliver Mayes

        re: Consumer Credit Act to the rescue?

        "I think someone suing their bank for the cost of all consequential damages ought at least result in some heavy pressure being exerted to find the culprits!"

        Incorrect methinks, the banks would just add a paragraph to their t's and c's placing all responsibility for the transactions on the customer and increasing their fees at the same time to offset any potential loss they might suffer from the bad publicity.

      2. Graham Marsden
        Thumb Down

        @Consumer Credit Act to the rescue?

        Unfortunately, as with services like PayPal etc, the Card Companies will argue that they held up their end of the deal when they delivered your money to the payment system and anything that happens after that is not their problem :-(

        1. Graham Marsden
          Boffin

          Re: @Consumer Credit Act to the rescue?

          I don't know who has downvoted me, however if it is because I said that the CCA doesn't apply to PayPal, I quote Which? Magazine who point out that: "Section 75 of the Consumer Credit Act doesn't apply to Paypal transactions."

          See http://www.which.co.uk/consumer-rights/online-shopping/paypal---your-rights/paypal-protection-problems/ for details.

          1. Ben Tasker

            Interesting Point

            Actually, not that interesting;

            In other countries, the equivalent of the CCA may apply. In blighty though (amongst other countries) PayPal haven't completed the necessary registration (they have a choice for reasons Ive forgotten). Fuckers aren't even regulated by the FSA!

            Re Credit Cards. If the crooks didn't deliver the code, you could claim back from the bank. Doesn't apply to debit cards though, it's because the Law takes a strange view of the transactions;

            In your eyes;

            Man Sells Dog

            You pay him by credit card

            Done

            In the eyes of the law

            Man sells dog

            Credit card company buys dog at your request (placed by presenting the card)

            You buy dog from CC company (with interest!)

            Which is why you can claim back from the CC co if the item is misdescribed, doesn't arrive etc. AFAIK there's no loophole they can use to avoid it in 99% of cases

      3. I'm Brian and so's my wife

        @Consumer Credit Act

        I think it's got to be £100 or more.

        1. Nigel 11
          Thumb Down

          Consumer Credit Act

          Yes, it does have to be over £100 (and under £30K)

          As for terms and conditions, they can't do that. The Consumer Credit Act is the law of the land, and any term or condition that attempts to usurp your legal rights is invalid. They sometimes try, on the basis that most of their customers won't know that such a condition isn't worth the paper it is written on. They also try random misinformation, misdirection, losing your letters, and any other trick that they think might make you give up. One has to persist.

    2. Joe 35
      Stop

      Money transfer tracking - unlikely.

      "can't the money transfer be tracked and help find the people involved?"

      I doubt it because the money transfer will no doubt go to one of the other gullible fools who answers an advert for "working at home" which involves taking payments into your bank account and then sending it on elsewhere for a small payment each time. With a chain of these pr*ts left to pick up the pieces when or if the rozzers do turn up.

  3. The BigYin

    Readers?

    "A malicious PDF is reportedly used to download and install the ransomware"

    So it is just Adobe Reader that is exploited, or are other readers affected too?

    Still, as only the last 24 hours worth of personal data should have been affected (and it doesn't change that often). It would mean wiping, re-installing and then recovering data from the off-site back-ups (I presume the back-up drives would have been jiggered). Annoying, yes. Devastating, no.

    Everyone has off-site back-ups for their home PCs, don't they?

    Why are you giggling?

  4. Tasogare

    I'm wondering just what happens if someone decides to cough up.

    Either the bad guys do indeed provide the key in exchange for the money, or they don't bother. It seems a relevant choice to me. If the plan from the start is to just lie, they don't really need to encrypt files -- overwriting them with garbage and *claiming* they're encrypted would work just as well. And they can just disappear when they have the money, or keep trying to suck more out Nigeria-style.

    OTOH, being "honest" about their intentions might encourage people to pay up more often, and encryption software can probably be bolted on to the malware without that much extra effort.

  5. Anonymous Coward
    Anonymous Coward

    and not just backup the data

    but keep the backup drive offline at any time when it is not needed for running a backup or recovery.

    How many people have their data "backed up" to a drive that is permanently connected to the host machine/network and therefore just as vulnerable to malware as the original data?

    Does this malware go after network shares? It would certainly be possible.

    1. copsewood

      partitioning

      Chances are that if you know enough to partition your backup storage into a different enough security context from the production environment, the production data will be on a system where the person administrating it has also achieved some partitioning between trusted and untrusted executable content.

      People without the knowledge to automate backups probably won't have recent backups anyway. People with the knowledge to automate backups are likely to have thought about security context partitioning between the backup and production systems and trusted and untrusted executables.

  6. Michael C

    many ways to avoid this

    1) uninstall all Adobe products, as you should have long ago...

    2) Back up your data regularly, and not just by copying to an external HDD (where the same virus can easily find the same files and encrypt them there too) Use a real backup application that actually creates backup files, or an online backup service like Carbonite or BackBlaze (and not the one in Windows Vista or 7, it's bugged, and has been since it's inception).

    3) Don't use IE, and use noScript or similar blocking technology to prevent anything more than simple HTML code from displaying.

    4) Actually use an AV product with adware/spyware tools. I'd stay away from Symantec of McAfee retail products (though McAfee ePO is not bad), but many other products are highly rated.

    5) never click on a link in an e-mail unless you know who and WHY they're sending you a link (aka you were expecting it).

    6) don't store personal information that can be used against you on your PC at all unless those files are encrypted (and only do so if you HAVE to.)

    1. Anonymous Coward
      Anonymous Coward

      re: many ways to avoid this

      "Use a real backup application that actually creates backup files"

      What is a "real" backup program? And what are the backup programs you allude to that don't create backup files?

      Surely the choice of how to package your backup files (encryption?/compression?/file containers?) is going to be different based on your specific needs and expectations. To claim that there is one right way would be silly.

    2. Anonymous Coward
      FAIL

      Another way...

      ...is to buy a Mac.

      Just sayin'

  7. DKJ90
    Unhappy

    Seen firsthand

    It is an advert for regular backups of data. Doesn't affect network drives, well it didn't on the laptop I have here.

    I think the infection came from updatessoftms.ru so if you have a corp. firewall block it, although being rogues I doubt it will be limited to the one site. It was that site forward slash random 15 chars.pdf

    There are ways to plug adobe vulnerabilites. http://ctaspley.wordpress.com/2010/08/24/protect-your-pc-against-adobe-pdf-reader-security-flaws/

    When it launched the PDF if ran some java which was picked up by trend but didn't stop his infection.

    1. Anonymous Coward
      FAIL

      Are you telling us

      someone actually allows Javascript in Adobe Reader ? I guess no further insults are necessary.

  8. Tigra 07
    Grenade

    No tit required

    Sadly the people who never back up anything, download any old crap without scanning it, and dont have antivirus are always the people in botnets and getting infected by worms like this.

    If it takes something like this worm to teach a few people about antivirus, safe surfing and safe download habits then it's worth it.

    Bring on the worms!

    1. kain preacher

      Tigra 07

      But they don't learn. They do silly stuff and call up their ISP to fix their PC. The theory is the internet broke my PC and you're my ISP so you need to fix it .

  9. Nigel R

    unintended consequence

    So I did my backup... and found I'd overwritten all my backup files with identically named encrypted ones that can only be opened if I pay the kidnappers. That's the LAST time I take advice from The Reg comments threads!

This topic is closed for new posts.

Other stories you might like