Held ransom by malicious spyware? Just pay up, FBI says

There is a particularly devious type of malicious software that locks users out of their own computer systems until an individual agrees to pay a ransom to the hackers. In these cases, the FBI has surprisingly suggested just ponying up the dough.

“The ransomware is that good,” said Bonavolonta... “To be honest, we often advise people just to pay the ransom.”

even when the Bureau is notified of ransom hacks... ...the encryption is too tough for officials to crack.

Unusually, scammers are“good to their word,”Bonavolonta added, according to Security Ledger.“You do get your access back.”

Source

My immediate thought was "Yeah, and I wonder how much the FBI gets out of it". In all seriousness though, this seems strange that the FBI would come out and tell people to just pay up when their computers or phones are infected. Something seems really fishy there. It's like saying "Hey hackers, you're better than us, so keep doing what you're doing because we can't stop you."

I've experienced this type of Malware and it is actually very easy to get rid of,it usually blocks you from closing down your web browser but simply going into Task Manager by pressing CTRL+ALT+DELETE and killing your web browser's process will get rid of it unless one returns to the web page that had the Malware.

It is quite suspicious that the FBI says to pay up,I'm about 95% sure that if you do pay that it won't go away anyway.

a reply to: trollz

Some folks have an operating system on their computer that came with it. I think they call it an "OEM version". They don't do regular back-ups to some drive so when they get hit with the ransomware they feel as though they are stuck.

You see, that's the crux; folks think that the operating system is their computer.

When you realize that's not the case, and you are prepared to change out your OS when necessary, ransomware becomes kind of silly.

a reply to: trollz

I had this happened to me about a year ago. I was completely lock out of my computer, did the CTRL+ALT+DELETE nothing happened.

I couldn't shut down the computer. I had to turn off the power to shut down the computer then I rebooted and was back to the lockout screen.

The Malware virus had a message for me to pay them to unlock my computer, of course I did not comply to their demand.

The next day I brought my computer to Best-buy and told them to wipe out the hard drive and formatted it, partition it, and install windows.

Yes it cost my $100.00, however I was not going to let Malware extort money from me. What they are doing is illegal and the FBI turns a blind eye.

I have bought two virus programs and one of them is strictly for Malware, updated every week and I have no more problems.

a reply to: VashTheStampede

Yeah I've had something like that myself. I had to kill individual browser processes until I found the one for that specific web page. This article is about something a bit different though; rather than locking an internet browser, the malware encrypts your entire computer so that you are unable to access anything on it without the password to unlock it.

Would it be too much to ask for which members it would be a hardship to immediately change out their OS in the case of attack by ransomware?

I mean, it would be interesting to get a rough idea of how many folks reading this would feel totally stuck.

BTW this question comes from a place of compassion, not ridicule.

Thanks In Advance,

I don't believe the fbi would say something like that. I live in UK and have been a manager of a technology repair shop. I've also a lot of other experience in othe countries with computers and the like going back to the late 90s. This type of job is what we call a "bread and butter job". Basically it means it's one of the main, albeit small, earners for us techs. Depending on which ransomware it is it can take between 10 minutes (simple password removal through a pre Windows program (dos program) or a few hours clearing individual files known to be associated with said ransomware. In all my years of working with PCs, phones, tablets, servers, printers and networks there's only been a handful of times I've ever needed to do a complete wipe and reinstall (with or without backup) on a non-hardware issue.

a reply to: trollz

Radiolab did a show on this a few weeks ago - Darkode.

Cyber criminals today have more sophisticated tools, have learned to work collaboratively around the world and have found innovative ways to remain deep undercover in the internet's shadows. This episode, we shine a light into those shadows to see the world from the perspectives of both cybercrime victims and perpetrators.

First we meet mother-daughter duo Alina and Inna Simone, who tell us about being held hostage by criminals who have burrowed into their lives from half a world away.

It's worth a listen to hear how some of these ransom situations play out. The woman in the show had to pay to recover information for her husband. Most of the hassle was getting bitcoin within the deadline set by the crooks. There's an interesting glimmer of humanity at the end too.

It's not surprising that FBI/law enforcement don't help because they don't have the resources for trying to decrypt the files. Some of the ransomware encrypts the whole system behind the home screen and others encrypt every file from images to folders.

There's a massive difference between being unable to help and advising what are actually victims to pay criminals. I guess it's the only option to get files back.

originally posted by: trollz
a reply to: VashTheStampede

Yeah I've had something like that myself. I had to kill individual browser processes until I found the one for that specific web page. This article is about something a bit different though; rather than locking an internet browser, the malware encrypts your entire computer so that you are unable to access anything on it without the password to unlock it.

If it locks up your computer it is only locking up Windows,if you Dual Boot you can clean it off of your hard drive through Linux or any other OS,or you can start Windows in Safe Mode and manually delete the offending file or scan for it with your anti-virus.

originally posted by: Bybyots
Would it be too much to ask for which members it would be a hardship to immediately change out their OS in the case of attack by ransomware?

I mean, it would be interesting to get a rough idea of how many folks reading this would feel totally stuck.

BTW this question comes from a place of compassion, not ridicule.

Thanks In Advance,

Any OS can become compromised through a virus,I think a better solution is dual boot Windows+Linux or Mac Osx+Linux,or Windows+Other OS or Mac Osx+Other OS. That way if anything goes wrong with Windows you can fix it through Linux or vise versa.

a reply to: VashTheStampede

Although I appreciate your ingenuity, I disagree.

It's because I was bequeathed with a really nice 2011 machine that had been infected by ransomware and I was able to slowly work with it.

You can't "try and fix it". And you can't trust anyone that tells you that they can "try and fix it". The machine will never be the same. On that drive. In the state that it has been rendered to. Despite # -sgdisk --zap-all.

You just have to start again.

To most people an operating system equates to "I can get online".

I can do that with Debian (with working flash) in 45-50 minutes.

originally posted by: VashTheStampede

originally posted by: Bybyots
Would it be too much to ask for which members it would be a hardship to immediately change out their OS in the case of attack by ransomware?

I mean, it would be interesting to get a rough idea of how many folks reading this would feel totally stuck.

BTW this question comes from a place of compassion, not ridicule.

Thanks In Advance,

Any OS can become compromised through a virus,I think a better solution is dual boot Windows+Linux or Mac Osx+Linux,or Windows+Other OS or Mac Osx+Other OS. That way if anything goes wrong with Windows you can fix it through Linux or vise versa.

It'd be easier just to install a Linux os on a usb stick and save the space on a hard drive. I have an 8gb stick here with a Linux os on it which can allow me access to all the files on a computer... Just plug it in and boot.

originally posted by: VashTheStampede
I've experienced this type of Malware and it is actually very easy to get rid of,it usually blocks you from closing down your web browser but simply going into Task Manager by pressing CTRL+ALT+DELETE and killing your web browser's process will get rid of it unless one returns to the web page that had the Malware.

It is quite suspicious that the FBI says to pay up,I'm about 95% sure that if you do pay that it won't go away anyway.

lol my father had this and yeah that's all I did to get rid of it.

to informer 1958 next time when it boots have it boot into safe mode without networking and load an antivirus

just press f8 during the boot up process, use the arrow key to highlight safe mode without networking, click enter.
use another computer and download malware bytes free anti-virus load the file onto a thumb drive or flash drive or external hard drive "make sure the external hard drive wasn't connected to the infected computer now drop the Malware bytes A/V file onto your computer in safe mode. Open it and let it run to catch the virus. once the virus is found malware bytes will ask you to restart and let it look through the files during boot let it run its scan in boot.
Problem solved

get Ccleaner software and click registry, click analyze and let ccleaner run scan once done fix all issues hit ok.

a reply to: trollz

actually if you run virtualization software like vmware or virtualbox and load the same operating system on it and use that if you get a virus then the virus is stuck in the virtual machine os and not yours. We do this all the time to document how viruses work and document what they infect. Worst case scenario I delete the program and reinstall it.

a reply to: VashTheStampede

That way if anything goes wrong with Windows you can fix it through Linux or vise versa.

I totally get that you have a "Way" ("Do") when it comes to this stuff. but honestly: hardware resources and software resources are best left separated: I can't believe that folks aren't running bare-metal-whatever on whatever device they want (within specs, of course).

All that "dual-boot" # is just workin' too hard for my "Do"



ETA: I probably wasn't clear with that separation thing.

I mean that software is not hardware. Hardware is purchased in order to run firmware and software on it. I am saying that a person should be conversant in the language of selecting whatever software they desire to run on the hardware that they pay so dearly for.

The economy that is represented by that is simultaneously why used hardware has become more expensive, why "Geeks.com" died, and why virtual machines and spending the money on cores and RAM makes more sense than aesthetics.

It's a matter of control.

Ransomware leverages the odds that the average user is not "conversant" as described.

a reply to: TerryDon79

The FBI guy was referring to the more recent editions of ransomware. These are serious pieces of kit that are currently unbreakable in terms of recovering files.

In-brief: The nation’s top law enforcement agency is warning companies that they may not be able to get their data back from cyber criminals who use Cryptolocker, Cryptowall and other malware without paying a ransom.

Link

Coincidentally, the company I work for had their servers encrypted by one of the above this year. The ransom was £5000 and they wouldn't pay. Everything was backed-up elsewhere so they started from scratch with new HD. A few weeks later and the same thing came back. The malware was apparently traced to someone visiting PutLocker. They've now gone for a centralised server farm with a cloud backup...something like that

originally posted by: trollz

originally posted by: VashTheStampede

originally posted by: Bybyots
Would it be too much to ask for which members it would be a hardship to immediately change out their OS in the case of attack by ransomware?

I mean, it would be interesting to get a rough idea of how many folks reading this would feel totally stuck.

BTW this question comes from a place of compassion, not ridicule.

Thanks In Advance,

Any OS can become compromised through a virus,I think a better solution is dual boot Windows+Linux or Mac Osx+Linux,or Windows+Other OS or Mac Osx+Other OS. That way if anything goes wrong with Windows you can fix it through Linux or vise versa.

It'd be easier just to install a Linux os on a usb stick and save the space on a hard drive. I have an 8gb stick here with a Linux os on it which can allow me access to all the files on a computer... Just plug it in and boot.

Linux doesn't take up much space,most Linux distros actually ask you how much space you want to use and you can use 5gb or less on most of them if you are concerned about HDD space,also a good portion of Linux distros won't actually work through a usb stick,all Linux distros will work if installed to your HDD.I think the extra security at the cost of 5gb's or less is worth it,plus who knows you might find a version of Linux you like,I know i did,I only use Windows if I'm going to be playing a PC game or if I have to use a Windows specific program to do something.

With all due respect, the "ransomware" that the FBI are referring to in the article is certainly not something that can be simply remedied by any CTRL+ALT+DELETE/Task Manager procedure. If that's all it took for you, then consider yourself lucky you weren't infected by real ransomware. And the point of it is not simply to lock you out of your computer - but rather take all your data (Documents, Photos, Videos etc.) and encrypt it using pretty advanced methods. Quite literally the only way to get the files back is via a backup, or you take the risk of paying. Apart from that there may be a slim chance of recovering some of the files using data recovery methods - but chances are anything recovered would be corrupted and therefore useless.

The virus most commonly associated with this behavior is called "Cryptowall".

As an IT Consultant I have had the displeasure of having to inform a client quite recently that they had no chance of recovering their years worth of photos (no backup had been made and they were not willing to pay the ransom).

So yeah - sure you can just wipe the drive and start fresh, no biggie - but there are a lot of people who have files important enough to them that they may well need to pay for to get them back. Simply no way around it.

originally posted by: VashTheStampede

originally posted by: Bybyots
Would it be too much to ask for which members it would be a hardship to immediately change out their OS in the case of attack by ransomware?

I mean, it would be interesting to get a rough idea of how many folks reading this would feel totally stuck.

BTW this question comes from a place of compassion, not ridicule.

Thanks In Advance,

Any OS can become compromised through a virus,I think a better solution is dual boot Windows+Linux or Mac Osx+Linux,or Windows+Other OS or Mac Osx+Other OS. That way if anything goes wrong with Windows you can fix it through Linux or vise versa.

you use linux which version redhat? ubuntu? Kali?

if you can load an ISO your better off doing everything through vmware lol dual boot I have server 2008,xp,7,vista,server2012, I had ubuntu and Kali at one time but due to the nature of nobody ever needs them fixed it was a waste of time except for kali which had some fun tools.

however it would just be easier to use virtualization software each time you went online then ask people to use linux and windows or Apple however chances are if you own an apple your pockets are deeper then your knowledge base with computers.

a reply to: trollz

Well my advice is DON'T PAY UP! Do anything but...throw the pc away even, but don't pay those bastards. It will only make the problem much worse. I think the FBI are giving out totally the wrong advice here.