back to article KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION

Victims of the CryptoWall ransomware have been extorted out of at least $1m. Despite a takedown operation in June, CryptoWall continues to be the largest and most destructive ransomware threat on the internet, according to the latest analysis of the threat by security researchers from Dell SecureWorks Counter Threat Unit. …

  1. Anonymous Coward
    Anonymous Coward

    Good article, but why cover this when my, I mean Julian Assange's story is still playing out. Sure Syria, Gaza, Ukraine, are important, but people die all the time. It's not new. The day-to-day life inside the Ecuadorian embassy is not easy and that's real news. You should be asking what it's really like for a 43 year old Australian to defend liberty and freedom for all while cooped up at Flat 3B, Hans Crescent. You remember Bradley Cooper and the way Wikileaks supported him with a collection to cover his legal fees? That money will get to him soon to aid in his trial defense. We need to hear more about that! No wait a sec. Let's more on to more interesting items.

    That Edward Snowden bloke is just so last year. People want to hear more in-depth reporting on the impact of Julian's releasing hundreds of thousands of diplomatic cables. Quotes from embarrassed politicians are what sell newspapers and generate donations to Wikileaks. No one wants to hear about Swedish extradition orders or any sexual allegations of a completely unfounded nature. How is this news?

    Then there's the food issue. You wouldn't believe what the Ecuadorians serve for dinner every night. You can only eat so many llapingachos and ceviche before you really start craving a takeaway curry. Then there's the popcorn. Served with every meal? Really? And it's plain; no butter or salt. Can't nip down the road for McDonalds every now and then chaps? Oops, it seems I wandered from the central topic which is, of course, Julian Assange. Everyone needs to know more about this vigilant champion of every man's freedom and his struggle to avoid American incarceration. He even said he was leaving the embassy soon so you know big things are coming. He'll get so many back pats from congratulatory police officers as he leaves that it'll leave bruises.

    More Julian news, and much less reporting on everything else is what we should take from this exchange. So if you see an article that does not mention my, I mean Julian's, name you should be haranguing that writer for blatantly biased reporting. Right, time for my exercise. I think I'll walk around my room counterclockwise tonight.



    1. Captain Scarlet

      I estimate around a hundred down votes, lets pull up a chair and watch them roll in.

      1. Pascal Monett Silver badge

        Not worth the time.

      2. Mark 85

        Well, the Weekend Edition is coming and there's no strong leader yet for the downvote winner... but there is still time to be the most obnoxious.

  2. Anonymous Coward
    Anonymous Coward

    "victim paid $10,000 for the release of their files"

    He went like one that hath been stunned,

    And is of sense forlorn:

    A sadder and a wiser man,

    He rose the morrow morn.

    Then looked at a catalogue of backup tools.

    1. DropBear

      Re: "victim paid $10,000 for the release of their files"

      Then looked at a catalogue of backup tools.

      Not sure those would help if the malware does indeed encrypt everything in sight including removable storage and network drives. Unless one realizes immediately what's going on, the backups might end up getting encrypted too (or equally bad, backing up encrypted stuff, assuming it's not a multi-version scheme) - then what...?

      1. SImon Hobson Bronze badge

        Re: "victim paid $10,000 for the release of their files"

        Which is why any scheme worthy of the name "backup" includes offline (and offsite) copies. Perhaps not updated as often as the local ones, but all the same - if your house burns down then your in-house backups are as useful as the original files that also went up in the flames.

      2. Paul Crawford Silver badge

        Re: if the malware does indeed encrypt everything in sight

        Not all backup systems present the "backup" as files on the regular file system.

        How about rsync to a remote system that has no obvious log-in? Said system could also have features like file system snap-shops so you could roll-back even if said remote file system is deleted/encrypted.

  3. Pascal Monett Silver badge

    $10,000 ??

    I hope that person at least receives faxes now and then.

    Telling me that my PDF Suite has been activated, or that I missed a fax, is like telling me that my lost dog has been found.

    I don't have a dog.

    1. Elmer Phud

      Re: $10,000 ?? --dog's chance

      I don't have a dog, either.

      Or any number of bank accounts, ISP's, credit cards or Facebook account using my 'proper' email address.

      Oh, nor have I made any accident claims

      But faxes?

      I've seen these in the spam box but -- faxes -via email ?

      May be the fax is an email attachment - in PDF?

      1. Yugguy

        Re: $10,000 ?? --dog's chance

        Yeah - I get the spam emails about a facebook message waiting for me.

        Given that I'm probably the world's biggest social media hater and do not in fact have a facebook account I doubt that very much.

        And thank you, but I am neither bald, fat nor impotent. And I doubt again that I really have won a lottery that I haven't bought a ticket for.

        I mean seriously, which MORONS still click on this stuff???

        1. mark 63 Silver badge

          Re: $10,000 ?? --dog's chance

          Fat bald people who have a facebook account and play the lottery!

      2. midcapwarrior

        Re: $10,000 ?? --dog's chance

        A corporate level multi-function printer/copier can receive a fax and route it as email.

        You can also send it from your desktop.

        And yes it generally is converted into a pdf attachment.

        Although I suspect very few people under 30 have even seen a fax.

        Banking still use them (mortgages and such) and given the economy most in that age group are not likely to use them.

  4. Cipher

    No mention of existing prevention methods?

    Preventing CryptoWall

    1. Anonymous Coward
      Anonymous Coward

      Re: No mention of existing prevention methods?

      "When you double-click on the fake PDF, it will instead infect your computer with the CryptoWall infection and install malware files"

      Would using a PDF viewer that don't execute scripts help in preventing infection, same with disabling ZIP attachments, and so on.

      1. handle

        Re: No mention of existing prevention methods?

        Not if the contents of the zip file has names ending in .pdf.exe.

        1. handle

          Re: No mention of existing prevention methods?

          To update the above, I've just had a look at a spam email attachment "invoice_<random digits>.zip" - it contains "invoice_<different random digits>.exe" - in other words, not even attempting to hide the file type. This may or may not be CryptoWall - perhaps I should try executing it using wine? ;)

  5. mark 63 Silver badge

    is it just me or does the article not mention wether or not anybody got their files back?

    or how hard RSA2048 encryption is?

    1. handle

      If you follow Cipher's link, your questions will be answered:

      1) Yes they do get their files back

      2) Very

  6. HippyFreetard


    It's funny how I've seen hundreds, probably thousands of adverts on TV telling me not to drink too much, not to drink and drive, to put my seatbelt on, not to fly kites round pylons, to wear a bike helmet, and other "stay safe" adverts on TV.

    I don't think I've ever seen an advert that warns me not to click on email attachments, or that popups telling me I have malware might be scams. I've never seen an advert that to warn me that MS doesn't call customers randomly telling them they're infected. Never.

    I mean it's fine for us who know, but they just sell PCs and laptops to anyone, and there's no responsibility at all. I remember cleaning a neighbour's PC and saw a weird thing in the tray. This person was paying a subscription to their own malware. I'm not kidding. It was heartbreaking to tell them that. They had a direct debit set up and everything.

    Businesses are business. They should be training their staff anyway, but every time I get a phone call from "Windows support" I'm sure the people down the road can hear the tirade of vitriolic abuse I give them.

    But ransomware is particularly nasty. These guys have made a million bucks and STILL no ad campaign. Malware signatures and detection should be open sourced so that if Comodo finds something, keeping it secret from Avast is not an option. They should be made to compete on features, not on security.

  7. mark 63 Silver badge

    all very true hippy, maybe signed files might help, this pain in the arse UAC stuff is probly saving a few people. But with the likes of Oracle and Adobe pushing shit like ask toolbars mcAffee free trial crap at every update its no wonder people get confused.

    maybe people could opt for a walled garden setup when they buy the pc, that might help.

    just having a few basic rules pounded into their heads would also help , i suppose they have to want to help themselves..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like