back to article New ransomware strain forces hapless users into becoming Bitcoin miners

Scammers are punting a strain of ransomware that puts compromised PCs to work mining Bitcoins after blocking all other activity on infected Windows computers. A new variant of the Reveton ransomware, spotted by researchers at Malwarebytes, locks a user out of their computer before running a Bitcoin miner. This means the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    There's a potential here for governments to demand a Computer User license. We have one for the telly now. Think of it like a drivers license. You have to show competency to get a license and it gets revoked if you abuse it. Might be a good way to keep the mouth breahters off computers and free up a bit of bandwidth.

    Might even shut up Clarkson as an added bonus.

    1. Graham Dawson Silver badge

      Because punishing people for a crime committed _against_ them is the most logical way to deal with this.

      Idiot.

      1. Robert Helpmann??
        Childcatcher

        Crime and Punishment

        Because punishing people for a crime committed _against_ them is the most logical way to deal with this.

        Let me preface this by mentioning that I am an American. Something like this came up in another forum, but isn't it the case that "In the UK, possession of child porn is a strict liability offence, so it doesn't matter if the host is genuinely unaware, they're still guilty." I would think that fits the punishing the victim model pretty well.

        To play the devil's advocate a bit, while licensing seems a bit extreme, we do have laws concerning computer usage. In fact, some aspects of computer usage, equipment, and software are military considerations. It would seem to make sense to at least invest in public education a bit more than I have seen in the US. Public service announcements anyone?

        1. Trevor_Pott Gold badge

          Re: Crime and Punishment

          You can't legislate away stupid.

    2. Anonymous Coward
      Anonymous Coward

      And it'd be sweet justice if the person who is charged with the task of issuing your license has a view of computing so narrow it makes the platter-head spacing on modern hard drives look like the grand canyon.

      Yes, there are people out there who think all "PC"s run Microsoft Windows, use Microsoft Office as an office suite, only know of "that blue E icon" as their web browser … and if your computer doesn't meet those specs, it must be a Mac, even if it has "Toshiba" or some such emblazoned across the front of the screen.

      1. Alan(UK)

        Browser?

        What's that? "that blue E icon" is THE INTERNET!

  2. Phil O'Sophical Silver badge

    Locking the users out when the system is infected seems counter-productive, since they'll have to get it fixed. If the process just sat in the background taking maybe 10% of CPU, it could run for years unnoticed. 100,000 PCs all dedicating 10% of their capacity to mining bitcoins could contribute a lot of cycles...

    1. poopypants

      A sound observation. Do you think it's possible that they might have allowed their behavio(u)r to be directed by greed? Surely not.

    2. Cliff

      10%

      This is why I always suggest a flatten and rebuild for an infected system, I just assume most sensible malware won't burn up all the processor cycles much like a successful real life infection will attempt to at least spread before killing the host.

      I can't believe how many people would rather spend 2 days trying to play catchup and patch with various AV products and revival tools than a few hours to return a system to a known good state. It's like a cheating partner, once the trust is gone it's nigh on impossible to rebuild.

      1. ecofeco Silver badge
        Paris Hilton

        Re: 10%

        "I can't believe how many people would rather spend 2 days trying to play catchup and patch with various AV products and revival tools than a few hours to return a system to a known good state."

        Because most people don't back up.

        Ever. Even when they have free space on a server and the drive pre-mapped to do so.

        Pre-damned-mapped! And they STILL don't backup!

        1. Don Jefe
          Joke

          Re: 10%

          Does it count as a backup if I email it to myself?

          1. poopypants

            @Don Jefe (Re: 10%)

            Provided you can convince the NSA to give you their copy, then yes.

            (Or if you use something like gmail. My account currently says "3.59 GB (3%) of 96 GB used", and has emails and attachments going back several years stored in various servers somewhere. Great for audit trails, and making sure any ads that manage to fight their way through AdBlock are of some interest to me.)

            1. borg95

              Re: @Don Jefe (10%)

              And luckily for you even adblock will help you backup your browsing history and kindly pass it on to the NSA for further backup. Owww the kind souls :D

        2. Anonymous Coward
          Anonymous Coward

          Re: 10%

          Set default saved location to mapped drive, then you don't rely on user intervention.

    3. Old Handle

      CPU mining is useless anyway, but if the PC in question does happen to have a decent GPU, it could be kept grinding away at almost full speed without hurting the PC's performance much (as long as they're not playing games, obviously). So obviously this is an attempt to wring every last penny out of their targets, but it really doesn't seem like the two methods go together very well.

      1. Anonymous Coward
        Anonymous Coward

        Grinding away at full speed

        My son has a big box he built himself, with two stonking great nVidia graphics cards in it. When it's not in use for gaming, he runs Folding@Home on both GPUs. Although I am in a different room, I can hear it from here - I don't think that many people will fail to notice a GPU being hammered, due either to the fan noise, or indeed the electricity bill after a few weeks!

        <checks F@H website to see if he's really folding, or mining bitcoins on my dime...> :)

        Also, seriously, how many people when locked out of their PC would leave it running, and connected to the internet?

    4. Gerardo McFitzpatrick-O'Toole

      Difficulty

      But consider the fact that Bitcoin difficulty is increasing exponentially, and that a week's mining now might be worth a year's in a year's time: http://bitcoindifficulty.com/

      1. Danny 14

        Re: Difficulty

        The problem is some users are half savvy enough to use the windows backup which backs up the malware too. Rotation backups are not in the realm of most normal users.

    5. Marcelo Rodrigues

      "Locking the users out when the system is infected seems counter-productive, since they'll have to get it fixed. If the process just sat in the background taking maybe 10% of CPU, it could run for years unnoticed. 100,000 PCs all dedicating 10% of their capacity to mining bitcoins could contribute a lot of cycles..."

      Yes, the same question occurred me. But wouldn' t be better to use 100% of CPU?GPU, and drop the priority all the way down? This way the malware would stand a much better chance of getting by unnoticed.

      At least on desktops - where there is no battery to run flat in about... five minutes?

  3. Anonymous Coward
    Anonymous Coward

    Picture this ..

    Am I the only one with a mental image of a windows PC staggering out of the 'entertainment' district of a rough town only to be grabbed by a press gang and shipped off to the mines ...

  4. Anonymous Coward
    Anonymous Coward

    Death to Ransomware

    Creators of ransomware need to be shot on sight and hung from a streetlight until their bones are picked clean.

    Why yes, I do think they are evil little shits. How could you tell? (And I've made money fixing infected PCs and I STILL think it's evil shit)

    1. Steven Roper

      Re: Death to Ransomware

      My thoughts exactly.

      I've often maintained that until we start PUBLICLY EXECUTING these fucking bastards, and their families along with them if it can be shown that the family members knew of the criminal activity and did nothing about it, this sort of shit will run rampant.

      Once we've had a few globally televised public hangings of these parasitic scum that are of no worth to the human race, once they made to realise the stakes are that they'll make money at less risk by enlisting for service in Afghanistan, we'll start seeing some results.

      Ch-Click...HOCK! HOOOORRRRRAAAAAAAAYYYYYY!

  5. codeusirae

    W32 Trojan ..

    Trojan:W32/Reveton is a ransomware application ..

    Safe Mode, find the file ctfmon.lnk in the Startup folder (C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Program\Startup\ctfmon.lnk) and delete it.

    1. MrDamage Silver badge
      Pint

      Re: W32 Trojan ..

      Booting into safe mode doesnt always work, and often just presents a low res version of the same ransom screen.

      I just keep a 1gb bootable USB key with the bitdefender rescue cd ISO loaded on it handy, and grab that whenever I get a call from friends/family asking me to help them get out of paying the "fine".

      Head on over, boot it up, drink all their beer over the next hour or two as it does a search and destroy, then get them to pay for the taxi home.

      http://www.bitdefender.com.au/support/how-to-create-a-bitdefender-rescue-cd-627.html

      <-- beer. Accepted by techies worldwide.

      1. Anonymous Coward
        Anonymous Coward

        Re: W32 Trojan ..

        "<-- beer. Accepted by techies worldwide."

        If you think it's over that way, you've had enough already...

      2. Ralph B
        Pint

        @ MrDamage Re: W32 Trojan ..

        Now, I'm wondering if you're the one who put the trojan on your friends/family's PCs, in order to feed your beer habit.

        Good scheme, if so.

    2. richard 7

      Re: W32 Trojan ..

      If it WERE that easy...

      Most of the time now with this you'll loose safe mode (various stop errors while trying) or it will actually run in safe mode. They also hook in more places and almost always will have been dropped by something else so you'd be expecting to find TDSS or similar too as well as the .js/.pdf/.exe.pdf etc that dropped it. And then you just *know* they will go and open that bloody email again when you are done....

      Flattening the machine is always last option unless you know you have a backup. Although most programs play nice with backups, not all do (I'm looking at you outf??k)

  6. Anonymous Coward
    Anonymous Coward

    Er, if you're locked out of your computer, why would you have the computer turned on?

This topic is closed for new posts.

Other stories you might like