back to article Prison Locker: A load of überhyped malware FUD over... internet chatter

An underground advert seeking help in developing a file-encrypting ransomware kit that might be sold for just $100 a go sparked something of a panic on the interwebs this week. But security watchers are yet to see any samples of the so-called Prison Locker ransomware, leading at least two security firms to characterise the …


This topic is closed for new posts.
  1. psychonaut

    cryptoprevent from foolishit

    As the title. Its free. Or make your own gpo's

  2. Pete 2 Silver badge

    Talk is cheap

    Ever since terrorism hit the news headlines, the security forces, media and some of the more impressionable individuals (not to mention any politician who can get on the bandwagon to further their media profile patriotic credentials) has been on a hair-trigger. Every little comment, however innocuous is examined for it's threat potential. Every bluffer's threat is taken as a real danger, every sign / portent / suspicious movement causes the panic button to be pressed - repeatedly and every tiny little incident is bigged-up as if the end of the world has just been averted.

    However, most of it is complete bull.

    So when some little wannabe-hacker asks for help, with a project that nobody has heard of, has no chance of coming to fruition and will be forgotten as soon as their attention flits onto something shiny, the circus grinds into action. Especially those outfits that can leverage the "event" for their own gain (and our increased levels of fear). Therefore it's refreshing to hear two such organisations characterise this as:

    > intangible and overhyped.

    Which, for a business sector that makes every molehill (real or imagined) into a mountain of FUD, must mean that the whole thing is of so little consequence that even they can't spin it into a criminal mastermind plotting the next global crisis.

    Maybe there is some common sense out there.

    1. TopOnePercent

      Re: Talk is cheap

      Pete 2 has hit the nail firmly on the head.

      Back when I first started using the internet, the "little wannabe-hacker" would have had an mail address. Oh CryptoLocker is making a mint.... "Me too" - for those old enough to remember the meme.

  3. Hans 1

    Malware ?

    What's that ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Malware ?

      "Malware ?

      What's that ?"

      Malicious software. It does bad things. I'd have thought anyone hanging out on these forums would have heard of it.

      1. Amorous Cowherder

        Re: Malware ? did see the icon to the right of the post above, yes?

        1. Anonymous Coward
          Anonymous Coward

          Re: Malware ?

          " did see the icon to the right of the post above, yes?"

          Yup - shame what I did was so far over your head you couldn't see it. Your choice of icon is invalid here :)

        2. NumptyScrub

          Re: Malware ?

          quote: " did see the icon to the right of the post above, yes?"

          Sorry, I just get a bit sick of the repeated "there are no malwares on Linux" smugness when, while it is demonstrably safer than running a Windows box, it is just as demonstrably still targeted on occasion ^^;

          The only way to practise safe internets is to do so with every partner. Otherwise at some point you'll end up with a nasty surprise that could take some time to clear up... :(

    2. NumptyScrub

      Re: Malware ?

      Applications written specifically to misbehave, usually in an attempt to provide fiscal gain for the writer, and again usually by performing actions which would normally be deemed illegal (e.g. fraud, ransoming data, anything covered by The Misuse of Computers Act).

      These days they are operating system agnostic, malware has been seen on all operating systems which has a significant market presence. Admittedly the amount and frequency is usually relative to the size of the market presence, however strains have been seen on Android, iOS, and OSX as well as the more "traditional" Windows versions.

      I suspect you were intending to imply that you use operating systems that do not have malware; fair enough, but I would suggest that you simply do not have malware yet. Once the Windows (and Android, as the per-unit-dominant mobile OS) markets are saturated, criminals are going to start focusing on other OSs in an attempt to capture that market segment. While the stuff seen so far on iOS or OSX is simplistic and easily avoided (the last OSX one required you to permit the install, IIRC), that doesn't mean that someone isn't already looking for exploits that will allow the same silent, drive-by installs seen on other platforms.

      The majority of the boxes I run are Linux distros, but I will not assume that only my Windows gaming rig is at risk. The "la la la I'm not listening" approach to security has been shown to be ineffective time and time again ;)

  4. ammabamma

    A silver lining to this fetid, fecal overcast

    On the bright side, I imagine CryptoLocker et al. will make more people more punctilious about making, securing, and testing their backups.

    1. Frumious Bandersnatch

      Re: A silver lining to this fetid, fecal overcast

      will make more people more punctilious about making, securing, and testing their backups

      I think you mean something more like "diligent" or "meticulous". "Punctilious" conjures up the same sort of negative connotations as "officious" does for me...

      Just make sure your backup machine isn't infected! Oh, and a database of hashes for integrity-checking is a pretty good idea, too.

      1. Anonymous Coward
        Anonymous Coward

        Re: A silver lining to this fetid, fecal overcast @Frumious Bandersnatch

        "I think you mean something more like "diligent" or "meticulous". "Punctilious" conjures up the same sort of negative connotations as "officious" does for me..."

        Punctilious does mean diligent, meticulous and so on. If you're going to use the condescending "I think you mean ..." then at least base it on the definition rather than what you think/have a gut feeling it means.

    2. Ken Hagan Gold badge

      Re: A silver lining to this fetid, fecal overcast

      Given that most Windows boxes are sold without installation media, I don't think most people are actually in a position to test an offline backup.

      Yes, I know about that hidden "recovery" partition on a bog-standard OEM installation, but I rather suspect that malware knows about it too, so you need a Windows CD-ROM to let you wipe the encrypted disc clean and put a fresh installation on, and then you need an offline backup that lets you "restore" the fresh installation to the state of the original one.

      Then you need the self-discipline to actually make a full system backup every so often (daily? weekly? monthly? I don't care, but how much recent work are you willing to lose?) and you need to hope that the malware never evolves the facility to install itself on your machine, lurk unnoticed until it sees you run the backup software, and *then* unleash its payload. (I imagine this is a fairly trivial thing to implement for anyone capable of rooting the machine, so don't hold your breath on that last point.)

      Or you could just stop running under an administrative account (with or without UAC enable) and running any old shit you've just downloaded off the net.

      Or you could just accept that everything you do on the computer might be lost tomorrow.

  5. Anonymous Coward
    Anonymous Coward

    Working on a Windows Locker ..

    "Greetings, For a while now I have working on a Windows Locker as my first C project" ..

  6. Mark 85 Silver badge

    Maybe I'm an optimist...

    I would like to think a perfect world, malware would be bought and tested by the security people and their products would kill it at the PC level as it tries to install itself.

    Just too much to ask and too much fantasy I guess.

    1. Ken Hagan Gold badge

      Re: Maybe I'm an optimist...

      I think the mistaken assumption there is that a small number of samples of malware would be sufficient to let you block all the unknown variants. I cite the last 20 years of AV software history as a counter-example.

      1. Pookietoo

        Re: mistaken assumption

        I'm fairly sure he means that any commercially available malware could be dealt with shortly after it's delivered to a paying customer, not that this is a solution to all malware detection.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022