back to article Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay

Malware slingers have gone back to basics with the release of a new strain of ransomware malware that locks up compromised devices without encrypting files. The infection was discovered on a porn site that redirects users to an exploit kit that pushes the ransom locker malware. Researchers at Cyphort Labs who discovered the …

  1. Herby

    And...

    The arms race continues....

    Where is a tactical nuclear strike when you need it??

  2. Locky

    Discovery

    "The infection was discovered on a porn site"

    It was research I tell you, research....

    1. Anonymous Coward
      Anonymous Coward

      Re: Discovery

      But not at the taxpayers expense I trust!

    2. Jimbo 6
      Paris Hilton

      Re: Discovery

      I totally want one of those 'security expert' jobs.

      This 'penetration tester' career is nowhere near as much fun as I thought it would be.

  3. Anonymous Coward
    Anonymous Coward

    Ah, windows....

  4. Anonymous Coward
    Anonymous Coward

    Question:

    Can you slave the drive / use a USB enclosure to get at the files?

  5. ekithump

    System Internals ERD Commander FTW?

  6. Eddy Ito

    So is this just a refresh of the locker which was defeated by booting an install disc and rolling back to a recent restore point?

    1. Halfmad

      To be fair it doesn't mention anything about restore points, nothing to say it won't simply remove them.

      I suggest we all hit the porn sites to do some research.

  7. gollux

    Welcome to the TOR crime locker.

  8. redpawn Silver badge

    Appearance of function is good enough

    An unlatched lock on a chain will deter most people from continuing down a path. Belief that payment is necessary will yield enough revenue to be quite profitable.

  9. Sureo

    We're getting to the point where everyone will have to pay "protection money" to use our computing devices, just like the mobsters and street gangs do to businesses.

    1. Slef

      \\\\\isn't that the Microsoft model?

      1. Anonymous Coward
        Anonymous Coward

        @Slef

        You're missing /rimshot in your post :)

        1. I Like Heckling

          Re: @Slef

          aaaaaaaand... we're back to porn again.

          1. Anonymous Coward
            Anonymous Coward

            Re: @Slef

            it never left

  10. jason 7

    Isnt it time....

    MS did away with Admin accounts as default accounts?

    1. a_yank_lurker Silver badge

      Re: Isnt it time....

      Because of some legacy issues with design and legacy software it is not as easy to do. Winbloat has ancestors such as DOS. DOS was designed for stand alone boxes that had very limited connections with other computers; if any. So having an admin only with no log on was quiet common in the era. Thus, some older packages were designed to run only on an admin type account.

      1. jason 7

        Re: Isnt it time....

        and meanwhile 99% of the world doesn't need Admin as the main user account...

        I love it when the needs of the very few outweigh the needs of the many and non-legacy.

        1. Medixstiff

          Re: Isnt it time....

          "and meanwhile 99% of the world doesn't need Admin as the main user account...

          I love it when the needs of the very few outweigh the needs of the many and non-legacy."

          Unfortunately the average user is an idiot.

          As someone originally pointed out, that UAC error that comes up is saying "Hey stupid, by clicking continue, do you realise you are going to make system changes, that if this crappy software from some no name site is found to be malware, is really going to ruin your day"

          1. Dan Wilkie

            Re: Isnt it time....

            This, 1000 times this. The amount of software I've seen that is written so it needs admin access is truly astounding - you can't lay all the blame at MS's door.

            Hell with UAC they even tried - so a lot of the software instructions I've seen are "Step 1. Check your user is a member of the administrators group. Step 2. Disable UAC".

        2. P. Lee

          Re: Isnt it time....

          >99% of the world doesn't need Admin as the main user account

          It goes deeper than that.

          What parts of the disk does Internet Explorer need to access? The OS should be able to enforce resource privileges based on application profile, not just user rights. Does EMET do this? If so, why is it not the default, or pushed out in a security patch, or auto-enabled along with, er, privacy mode?

    2. stucs201

      Re: Isnt it time....

      https://xkcd.com/1200/

  11. Frozit

    So has anyone...

    actually seen a non-criminal use of Tor?

    1. Steven Roper

      Re: So has anyone...

      Bypassing the Great Firewall of China and similar restrictive measures imposed by totalitarian regimes, whistleblowers, exposing human rights atrocities, corporate corruption...

      Of course, many of those things are also against the law in the jurisdictions they cover. But if you believe that standing up for freedom and justice is subordinate to blind unquestioning obedience to the law then I'm afraid we're on opposite sides of a very ugly battle.

      1. veti Silver badge

        Re: So has anyone...

        "Bypassing the Great Firewall of China and similar restrictive measures imposed by totalitarian regimes, whistleblowers, exposing human rights atrocities, corporate corruption..."

        Yes, that's all fine.

        But I don't do any of those things on a regular basis. Come to think of it, and call me a slack-arsed sheep if you like, but in 20 years of using the Internet I've never done any of them. Have you?

        Because it seems to me that Tor is one of those things that people like to bloviate about, but not one person in a thousand actually has a plausible use-case for. It makes people feel better simply by existing, even if you've never actually been near it yourself.

        A bit like the queen, really. Or the 2nd Amendment, because I'd like to be an equal-opportunity iconoclast.

    2. Anonymous Coward
      Anonymous Coward

      Re: So has anyone...

      Yes.

      The point you're trying to make is ...?

  12. Winkypop Silver badge
    Alien

    Ahh the human race

    Inventive lot.

    Destructive also.

  13. JCitizen
    Coffee/keyboard

    Temporarily removing power

    from the hard drive during a reboot can also defeat the safemode block - won't help you with encryption types of ransomware though.

  14. Prst. V.Jeltz Silver badge

    isnt this a giant step backwards for the bad guys?. if the files arnt crypted there is no provlem .

    as others have said - boot disk.

    1. Nigel 11

      I hope it is a result of perceived risk/reward amongst criminals. If you effectively destroy data you make yourself a greater target of the law's ire. If you merely force somebody to copy their data and reload their PC, you may stay at the bottom of the pile forever. Should you get caught you'll receive a lesser sentence.

      If I'm wrong, it means that the effort involved in catching crypto-ware criminals and the sentences imposed when they are caught both need to be increased, several times over if necessary, until I'm right.

      Sort of like the difference between burglary and shiplifting, or kidnapping and blackmail.

      1. muddysteve
        Joke

        "Sort of like the difference between burglary and shiplifting, or kidnapping and blackmail."

        I think you'll find shiplifting is counted as piracy, and is very poorly regarded.

      2. A Ghost

        I did a bit of shiplifiting once. Never again. Bloody killed my back getting it home. And I had to walk funny coz I couldn't get the whole thing down my trousers. Wife wasn't too happy either - she said: Bloody hell, where are we going to put that now?

        </joke officer, joke, I've never shiplifted in my life and I'm not about to start now so please don't include me in your minority report>

      3. This post has been deleted by its author

  15. Anonymous Coward
    Anonymous Coward

    Health Care

    Our concern isn't so much ransomware encrypting files - it's if they start removing/copying data that we'll get REALLY worried, this sounds as if it's about to start happening.

    Dridex etc were bad enough.

  16. gmathol

    Backups?

    Should try it! Really works. VMware is also niece - never go native.

    1. Santa from Exeter
      Joke

      Re: Backups?

      'VMware is also niece' and KVM is Uncle!

  17. Anonymous Coward
    Anonymous Coward

    Wow, I mean my Home Clients have this licked.....

    If you lack a basic boot cd\dvd with access to a semi-recent system image then you're getting what you deserve no ?

    1. A Ghost

      So you are saying that my mother who is in remission from cancer who is caring after my father who is also in remission from cancer, who are both looking after my brother who is dying of cancer at a very young age, deserve that?

      Some people don't know how to use a computer for whatever reason. Don't mean they are stupid. I bet each of those family members of mine have skills in areas you could only dream about. But it's good to feel superior eh, especially when you are so inadequate deep down inside and the one thing you can do well is your sole source of self-pride and dignity. Rock on!

      Since when did being a nerd, geek or hacker mean you have to have a compassion or decency bypass?

      No wonder you are AC.

      Some people...

  18. This post has been deleted by a moderator

  19. PeterMorrison

    This virus is disgusting!

  20. zach_e

    Not surprised ransomware is moving on to porn. Lots of malicious software coming from porn sites are targeting mobile users.

    I wonder though, whether a fresh install would've done the job. That is, if you had nothing else in place to prevent you from wiping out the ransomware. “The Windows nasty prevents users from booting in safe mode.” There are, instant restore software (Comodo, Rollback Rx, etc) that can do the job.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021