Have you or anyone you know ever paid the ransom?
Also, how are people stupid enough to,
1) Infect themselves with ransomware?
2) Actually pay the ransom?
>>53940523
go ask the retards at /v/ every once in a while we get a crossposting /v/idiot asking if there's a way to fix his encrypted shit
apparently it's mostly on gaym cracks, there's also an email variant
4chan is the only site I use and I haven't come across any. The amount of hospitals and police departments that fall victim to it is quite concerning though.
>>53940523
Infecting yourself is just opening any .exe/bat/.jpg.exe/whatever, it's pretty easy. Paying the ransom is probably your best option if you lost something important. It's pretty hard to deny this shit working, it's popular with criminals for a reason.
1) Windows
2) peer pressure
Like last year ProtonMail was getting DDoSed and all the other fucktards hosting in the same datacenter forced them to pay the ransom up against all better judgment.
Retards who know shit always end up pressuring you to pay up.
>>53940626
Does paying really unlock stuff though, or do they just take the money and leave you fucked?
>>53940744
It actually unlocks stuff if you pay. If they didn't follow through, then word would get out not to pay because it won't make any difference.
>>53940523
this ransomware scare is perplexing
>be me
>front desk girl opens an odd attachment
>all our files are encrypted
>call IT
>backup restored
>done
>>53940523
my neighbor paid
they still didn't release and asked for more
did a low level format for him and had him tell them to fuck off
>>53940765
True. Hadn't thought of that.
>>53940523
Wipe HD and restore from last week's backup (just to be sure; yesterday's might be infected).
You do run a backup, don't you?
>>53940822
>implying I have anything worth saving
>>53940626
>Infecting yourself is just opening any .exe/bat/.jpg.exe/whatever
how about not doing this in the first place?
your best option is to back it up beforehand
I dont have anything important on my computer. Anything important is kept on multiple flash drives.
>>53940523
ms-debug
> all those nops
fucking reuters
Why do they bother encrypting the files, why not just changing their contents to some unusable, corrupted content, and then restoring it back?
I mean, the weakness they exploit here is the fact people don't have backups.
>>53940990
Because then security researchers would just write free fix tools.
>>53940744
Yea they give you the decryption key, it's good business to do so.
>>53940862
Most def, go out and tell the world.
>>53940594
>4chan is the only site I use and I haven't come across any.
I downloaded a mod package from /vg/'s Stalker general on an otherwise freshly installed OS and later found a truecrypt bootloader had been installed on my machine, apparently without yet encrypting anything. Putting in my win7 disk automatically restored the MBR, though I formatted and reinstalled after.
I used to keep my Win 7 machine airgapped just so I could download random garbage off the internet and install via thumbdrives without having to care about malware.
>>53941054
Well, if they changed the file content for a single char 'a', there isn't much you can do, is it?
But now I realize they would need to send all the content away on their server, if they want to bring it back when the victim has paid. They can't save it locally on the victim's machine.
Saving a key away though is much faster.
>>53941082
If you change all the file to a 'a' then you can't reverse it, so noone would pay. (well maybe a few untill people realise paying doesn't work)
>>53941117
Yeah, you could only reverse it by having the content stored somewhere, which would be a pain in the ass and easy to track, etc.
Was Ukash ever used for reasons other than ransomware?
>>53941195
Maybe for immigrants to send money back , like westernunion.
And OP, paying the ransom is not stupid if you really don't have a backup.
>>53941158
Indeed, transfer & storage issues for the cirminals.
I dual-boot and don't reallty care about my Windows partition (games), it's on an SSD while my GNU/Linux is on a HDD. How can I prevent some windows crack from fucking up my HDD? Do I have to make it impossible to mount?
>>53940523
I have never gotten it, i dont really think that i would be targeted because linux anyways. Adblocker helps too. I make weekly backups so i wouldnt pay anyways,
What kind of files does it encrypt?
>>53940948
This dude gets it.
>>53941288
>>53940948
>Anything important is kept on multiple flash drives.
The malware can easily encrypt any flash drive as soon as you connect it.
>>53941256
If there's a will, there's a way. There was a variant made for OS X.
>>53940523
> 2016
> Running software in a kernel accessible environment
>>53940782
There are people who don't keep backups.
>>53941992
> 2016
> Not banging rocks against each other instead of using software
Berrypicker
Anyone wanna work on a ransomware with me and build a fake health safety website so that hospital nurses will click on it and will fuck their workplace, forcing them to pay us ?
>>53942622
Sure, I'll help you, a complete stranger from the internet, commit a felony.
>>53942667
You could use seven proxies
>>53941064
How did a mod get administrator access?
How did it get any access outside of its sandbox?
>>53940990
Because that would take a lot of storage to hold everyone's files until they could be restored. For encryption all the hacker needs to hold on to is a key.
>>53942667
too many commas, fool
>>53940523
>Have you or anyone you know ever paid the ransom?
Yes and it wasn't even the kind of ransomware that encrypts your HDD. I only found out after they got infected a SECOND time a few months later.
>>53942732
must have been some kind .exe installer shit.
>>53940523
Governments have no choice. Stupid employer (or malicious) puts USB stick with ransomware, executes it and all governamental data is now inaccessive. So the government have no choice but pay to access their own data.
>>53940523
My employer got randomware on our network server 2 months ago, good thing they do daily backups so we just restored that shit and within an hour we were good to go, sucks we lost a morning's worth of work though,
>>53941064
>mod package from /vg/'s Stalker general
Which one was it?
>>53942053
then it will be a valuable lesson.
>>53942863
>Government
>Not being smart enough to have airgapped backups
What 3rd world country do you live in?
I fucking love ransomware. The world is literally better off for it.
>>53942622
kill yourself. Hospital waiting times are already terrible and you're gonna fuck it up even more.
Plz kill yourself before you try to harm others.
>>53940782
>front desk girl
Pics of her tits or it didn't happen.
>>53942732
>>53942821
>>53942895
It was CoC, it had its own installer. The most recent version wasn't up on ModDB at the time and I got impatient and used some shady megaupload link in the OP of the thread, so I mostly deserved it.
>>53942758
No it isn't you retard.
>>53943005
*MEGA, not megaupload. Whatever.
>>53943005
>It was CoC
Oh shit. I installed that too but can't remember if I got it from modDB or not since it's been a while. I guess I'm fine though since nothing has happened
>>53940523
I haven't but I know people who have. They bought themselves a good firewall and backup system right after.
>>53942758
>>53942806
What if the user had raid 6 and it was the type of malware to encrypt hod's. Would all raid disk become encrypted?
>>53942806
*hdd's
Does anyone have a ransomware file that I can download? I'm bored.
it is more common than you think.
i get on average a couple a week coming through at work. pretty much all of them are going to be a simple macro word doc that will download the file, very easy to get macro code through a/v and firewalls since you can do the same thing a million different ways.
i usually try to analyze all the malware that comes through.
weve got almost 100tb of fileshares at work, and i have wondered how far it would get before someone caught it. luckily we keep backups offsite.
the best way to defend against this stuff is to remove local admin from accounts
>>53943324
firewalls will not do much of anything, even with good egress rules. most of them employ domain generation algorithms so it is hard know what to block to prevent the machine from getting a key assigned
>>53944121
>firewalls will not do much of anything, even with good egress rules. most of them employ domain generation algorithms so it is hard know what to block to prevent the machine from getting a key assigned
Sorry, I should have been more clear, they picked up a good UTM device that can strip malicious files before they enter the network.
>>53944026
sure
sent ;^)
>>53940523
one time i installed windows 10
>>53944149
i get stuff that isn't detected by any a/v all the time, then a couple days later it starts getting flagged.
it is very hard to find something that can actually detect macros within a document, much less know what is happening.
i run palo's and they just started detected .rtf stuff (that shit is fucking awesome, dont even need to enable macros you open it and the malware runs), but nothing so far can detect a macro unless you run it all through a sandbox first and delay the arrival of every attachment being sent through, which doesnt happen with many companies.
>>53944241
The UTM company I work for is adding support for analyzing and stripping macros in a build that is now in beta.
>>53944272
thats cool. its simple as hell to detect macros, but i havent found or really bothered to figure out a way to run all attachments that come through exchange through stuff i use.
in the end sandboxing is the real only way, i go through obfuscated code all the time and its fun to do, but i can either spend hours figuring it out, or run it through a cuckoo machine i have and know instantly that is downloading a file.
but there are ways to detect sandboxing and shit so if someone really wanted to they could still avoid a lot of detection. for regular mass phishing stuff its 99% obfuscated macro code that simple downloads and runs a file, which downloads and runs the final payload.
ive got a cool one that came through where it was a botnet file, and after about 15 minutes if it sitting idle the attacker logged into my machine with a vnc session and poked around, didn't find anything and then he shut the VM down and removed the malicious files.
really fun stuff to play with
>>53944330
It's amazing how much the malware game has changed. Years ago it was about fame and mass destruction, now it's about avoiding detection and harvesting information.
>>53940948
Ransomware is targeted at organizations Mr. neet
>>53944362
yeah its pretty cool. i am usually on the offensive side of security but im getting into analysis and shit like that. now that i have been running samples and actually paying attention to logs its hilarious seeing how many ips are coming across. this shit is probably what anyones normal router would look like. the vast majority are machines trying to telnet and ssh my ip
>>53944421
Glad to see you are actually trying to secure your network, all to often I come across configurations that are just open doors wide open and defeating the entire purpose of a UTM.
Then having to tell this person why the way they configured their box was completely wrong is even more fun.
>>53940523
Ransomware infects more than just idiots that click on penis enlargement pill ads anon or opening porn.exe...
A vulnerability in any of the runtimes you have in your computer would do: That means java, flash and all the JavaScript runtimes on your computer (all the browser and some other applications like steam and some games even)... Just to mention the most common onces...
Just backup your shit
No but I may have spread them around in torrents for $ at one point in time.
Usually not just ransomware, it'll contain keyloggers and basically a RAT to your whole system as well.
>>53941279
The entire drive I think.
If I ever fell victim to it, and a reset of my router didnt fix it for whatever reason, as in I was stupid enough to actually install something, I would erase and reinstall my OS before paying, I backup my data so I couldnt give a shit.
>>53940782
My mom had it happen at her work, and apparently the company that ran their backup updated their system, but never set up their auto-backup back up and they lost 4 years worth of legal documents. The lawyer is too boneheaded to pay the ransom to get them back and instead bought 7000 dollars worth of new computers.
>>53940523
>1) Infect themselves with ransomware?
They use Adobe Flash
>2) Actually pay the ransom?
They don't have backups
>>53943948
>Would all raid disk become encrypted?
Yes
RAID != backup
>>53941279
Mainly the common file types - MP3, doc, docx, pdf, xls, xslx, html, jpg etc.
Database files don't seem to be hit by it yet.
It all comes down to permissions. I'm doing restores at the moment, and if it weren't for the fact that we had half-decent permissioning, we'd be restoring >4tb worth of data at least twice a week
>>53940626
> Opening some $fileformat.exe
> Using unsure programms
> using Windows
> not having backups if important data
How can someone be this tech illiterate
>He thinks backups will protect him
http://arstechnica.com/security/2016/04/ok-panic-newly-evolved-ransomware-is-bad-news-for-everyone/
Never had this, however I'd do everything in my power to put these people in prison.
>>53940523
>Fullscreen hex editor
>>53947197
This.
All the dumb people will think encryption is evil thanks to shit like that and keep supporting the NSA.
>>53940523
had a dude who got the ransomware virus, but i dont think he payed, was pretty cool seeing it
>>53945846
>Bought 7000 worth of new computers
Does he think by buying new computers that it won't happen again?
how do you stay safe from ransomware on winblows? I use noscript and ublock, disabled flash, and keep off-site backups for everything important just in case, but anything else?
There was ransom ware going around that was using my job's company name and people would call up. One guy tried to pay, failed somehow, then called up while he was on the way to the bank.
Some of those calls were hilarious
A customer of mine had one of the first outbreaks. Back then, they didn't have a tor site - they told you to email them. I had a long chat with the cryptolocker team. It's amazing how they view it as a legit business. Talked to me about their "monetization strategy" and everything.
>>53947325
by not pressing on links with dick enlargement
>>53947325
You're not really the target for cryptolocker. The last outbreak here was most hopeless fucking English I've ever seen, from "iPHONE INTERT", claiming "YOUR APPLE CAN BE FREE". An accountant opened the .docx attachment, and promptly ran the macro that distributed it.
Why is it so hard to stop plebs from fucking their computers over?
I don't get how you can even get malware. Okay, during the age of Flash, Java applets and JavaScript backdoors, there was nothing you could do, but nowadays, the only way to get malware is to download and execute it.
That's actually quite difficult.
>>53940523
>Have you or anyone you know ever paid the ransom?
Yes, customers who have no data backup and get hit with this via phishing emails. Had one that paid them and they refused to give the key unless they got another $10k, at that point the customer gave up.
>>53944235
>windows 10
You've already lost.
>>53947953
But even then. Backing up once every so often to a 1TB HDD would solve this.
Like not even regularly, just every time you have something you really need to save. Copy it.
Come back from holiday with photos?
Copy.
Done. Simples.
>>53940523
some people genuinely have important files on their PCs.
Also remember that many ransomware programs will also encrypt things like USB drives, external drives and network drives, making backups redundant unless your backup media was physically disconnected at the time.
>>53948198
important backup media should be disconnected. I have two USB that i use to back-up OS ISOs, photo and 4chan folder in a drawer and my extHDD is always off unless i need something from it...
