Pay us bitcoin or never see your files again: Inside the highly profitable underworld of ransomware

7 years ago
March 5, 2018
9 replies
24 views

+48

freydrew
Retired Webrooter
1550 replies

In wake of an attack on computers at Colorado’s DOT, experts at Webroot shed light on ransomware

March 5th, 2018 by Tamara Chuang of the Denver Post

Last month, employees at the Colorado Department of Transportation were greeted by a message on their computer screens similar to this:

“All your files are encrypted with RSA-2048 encryption. … It’s not possible to recover your files without private key. … You must send us 0.7 BitCoin for each affected PC or 3 BitCoins to receive ALL Private Keys for ALL affected PC’s.”

CDOT isn’t paying, but others have. In fact, so-called ransomware has become one of the most lucrative criminal enterprises in the U.S. and internationally, with the FBI estimating total payments are nearing $1 billion. Hackers use ransomware to encrypt computer files, making them unreadable without a secret key, and then demand digital currency like bitcoin if victims want the files back — and many victims are falling for that promise.

To better understand how ransomware works and how it has spread so effectively, The Denver Post talked with Broomfield anti-malware company Webroot, which got its start in the late 1990s cleansing computer viruses from personal computers.

“The end goal is just to put ransomware on the computer because right now the most successful way for cybercriminals to make money is with ransoming your files,” said @ (Tyler Moffitt), a senior threat research analyst at Webroot.

Read the rest of the article on the Denver Post.
What would you do? Would you pay to get your files back? What are the steps you take to keep yourself safe?

Let us know in the comments below!

ChrisK029
New Voice
8 replies
7 years ago
March 6, 2018

This is a hard topic, depending on the size of the operation, the back up schema, and how long it takes to replace documents that have been encrypted since the last backup - well. In a case by case review I think at times it is in the best interest of the company to pay. But, if you can live without what you have lost since your last good known backup, then no way!
Even if you do pay, there have been cases where the encryption fouled up, and when you go to decrypt it does not work as advertised - Hey quick give me my money back!!! HA.

To think of loss, you must also consider, how much you pay the workers to replace the data, how long it will take (items input since the last backup) and if you have a known good backup that is not just as infected as what you are trying to replace. Like I said it is a case by case proposition in this world of reactivity - decide what to do next, and wait for the next zero day. Once one hits, you will prepare for the next.

jerr868
3 replies
7 years ago
March 15, 2018

Could you please make this font darker and easier to read - use another font? I don't know why people use a such a thin font; very hard for me to read.
Jerry

gmorsefl
Fresh Face
1 reply
7 years ago
March 15, 2018

In attempt to stay safe I reformatted hard drive and reloaded webroot secure anywhere along with anti malware bites. Does this help? Everything is done by WiFi , and nothing sensitive is done on this pc. Does this help?

jhevener
Fresh Face
1 reply
7 years ago
March 15, 2018

Unfortunately, I have some significant experience on this particular subject.
I have helped at least 3 businesses and 2 home users deal with Ransomware infections. So, I have seen and dealt with Ransomware on 5 different occasions and variants.
In at one case, I did pay the ransom, because my backup was missing 3 files - and really because at the time, (my first time) I was so incredibly shook up that I could not remember where I had put my 2nd backup. In some cases, I have at least two different backups and locations - not including offsite replication. No matter what - I think the first time you see those screens - if you do not nearly crap yourself then you do not realize the gravity of it. Fortunately for me, the first time was prior to bitcoin being a mandate and a prepaid CC was sufficient, but - it had to be a particular "green dot" CC. I urge home users and businesses to have multiple backups. Onsite/offsite - and even different backup technologies/applications when possible. And, usually - it costs less than you would think for that added piece of mind and protection.

lvphil13
4 replies
7 years ago
March 15, 2018

Other sites have warned that ransomware can not only lock up files on your computer but also files on any attached devices (external hard drive, USB drive, etc.) As a result, I use the following strategy:
1. For my desktop, on which I store all my sensitive / personal files, I bought two portable external hard drives. I swap them out every two weeks, keeping only one drive attached to my PC at a time. Thus, if locked up by ransomware, I can restore my files from the unattached drive - confident that all I would lose are files saved in the past two weeks.
2. For my laptop, I do not store any personal files on this device. If I want to work on something personal while away from home, I copy the relevant file(s) to a USB drive and insert that in the laptop when ready to go to work.
3. For my OneDrive account, I store no sensitive or irreplaceable information, photos, etc. in this account. Thus, if that account is encrypted by ransomware the loss of stored information would be at worst inconvenient, but not serious.

+54

Jasper_The_Rasper
Moderator
11629 replies
7 years ago
March 15, 2018

@ wrote:
Could you please make this font darker and easier to read - use another font? I don't know why people use a such a thin font; very hard for me to read.
Jerry

Hi @ I would you suggest you post the suggestion here Ideas Exchange

+48

freydrew
Author
Retired Webrooter
1550 replies
7 years ago
March 15, 2018

Great idea @!

@, also be sure to please use the 'Label' - 'Community' when you do. It's a new process but it's the best way for the Community Team to filter Community enhancements from Product enhancements.

Thanks!!!

+25

MajorHavoc
Bronze VIP
1282 replies
7 years ago
March 17, 2018

Thanks for this great article. It really hit home. I have two firewalls, and ran two different virus/ransoeware programs (not Webroot at that time) and one of my PCs was hit by ransomware. It really surprised me as that machine does not have email, and I don’t browse the internet on that machine either. But I came to my desk to find the machine turned off. It is usually running as it acts s a server. When I rebooted it, it came up fine and then started throwing errors like crazy as the auto run programs could not find their corresponding files.

I did not pay either. I have a daily backup that had all the files, and a majore portion also on Dropbox (which has encrypted files, but Dropbox was able to go back a few versions for me.)

It was that incident that led me to Webroot, which now runs on that server (and all my other machines as well.) It is really a strange feeling to see all your files locked up like that. Even with a full recent backup it took me several days to get back running. Formatting all the drives, reinstalling the OS, and then restoring from my backup. I went back 5 versions as well, just to be sure whatever triggered was not on my machine (hopefully.)

So thanks for the article and the product. I hope to never see that nonsense again.

- Owen Rubin,  Apple Expert. Worked in Vision Pro team and early Mac HW and OS engineer at Apple. Machines: 2017 iMac Pro 27" 5K 3GHz 10-Core Xenon Sonoma 14.x. 2023 14" MacBookPro M2 Max Ventura 13.x, 2018 16" MacBookPro Ventura 13.x, and a dozen or so older machines for testing. iPhone 14 Pro, iPhone 13 Pro, iPhone 6.

ChrisK029
New Voice
8 replies
7 years ago
March 17, 2018

Ransomware, can not only encrypt your machine and all attached peripherals, but also can seek and destroy network attached components also. In a large organization it is very uncommon that this product will not find a file server, or what ever (like SAN), and encrypt those items also. So in being safe and having a backup, as I said above, it is in the intrest of looking at your situation, how long will you be down restoring all affected machines? How long will it take to re-key, re-input, etc. all the information you have inputted since your last known good backup? You pay all these people to redo all the work mentioned above, in a large .org if you are looking at paying hundreds of people to re-key all data you have lost, since everything since the backup will be gone, and be paying IT to make sure that when you bring it all back up - it is clean. Now that is the trick isn't it?

Reply

Related Topics

Matlab ZOS Connection returns "License Check Failed"icon

Zemax API connectionicon

ZRD ray database processing in MATLAB, why does the output power changes magnitude?icon

matlab代碼轉換成python代碼相關問題icon

When running batch ray trace inside a loop in C#, ReadNextResultFull fails after first iterationicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded