Jump to content
Sign in to follow this  
UnusualMedic

Ransomware is back

Recommended Posts

http://www.bbc.com/news/technology-31869589

 

Soooooooooo yup, I though it was weird...

 

Already got it twice on my games. Good thing I had backups.

 

So yeah, since WoT is targeted, it might try to get to the "popular sites" for it. Like Noobmeter (don't care), VBAddict, Curse, etc.

 

Watch yourselves. If you want to quit the game, here's your chance.

Share this post


Link to post
Share on other sites

How can it affect WoT? There's no saved games to encrypt.

You would have to go through the hassle of reinstalling the game and mods.

Share this post


Link to post
Share on other sites

Soooo....where is it coming from? This article is really light on information and seems much more like a boogieman fear thing.

Share this post


Link to post
Share on other sites

Soooo....where is it coming from? This article is really light on information and seems much more like a boogieman fear thing.

Some Wordpress blog...

Scamming shitters...This is almost an bigger fail than that FBI ransomware virus. This an grim reminder for me to update my MalwareBytes AntiMalware.

Share this post


Link to post
Share on other sites

2sp00ky. Targeting online games is pure retardation. There is almost no local content to target. And while offline game saves might be a hassle to recover, most popular games have trainers and other stat-editing tools that can allow you to essentially reset your character to the point where he was before. This is a stupid article.

 

Targeting important documents and home photos, videos, or even System32 files is a very smart thing to do. Some of these ransomwares are super destructive, and unless you literally have your entire hard-drive constantly backed up, you can get wrecked if you download one of these: http://en.wikipedia.org/wiki/CryptoLocker

Share this post


Link to post
Share on other sites

I'm currently debating if this is worth cross-posting to the NA forums. But given that I got an 3 Day RO (and overturned it via CS) for "talking about unreleased content/illegal websites/hacks " when I was talking about the spambots in 8-bit mode, I'm having second thoughts.

Share this post


Link to post
Share on other sites

I'm currently debating if this is worth cross-posting to the NA forums. But given that I got an 3 Day RO (and overturned it via CS) for "talking about unreleased content/illegal websites/hacks " when I was talking about the spambots in 8-bit mode, I'm having second thoughts.

 

OP of this thread already posted it there.

Share this post


Link to post
Share on other sites

OP of this thread already posted it there.

 

Not me, I posted IN the thread. I just crossed it here since I saw no thread and that I know nobody cares about the official forum.

Share this post


Link to post
Share on other sites

Sometimes I wonder how these people don't get caught. As wide a net as they cast, you'd think eventually they'd end up hitting somebody with 733+-er e-skilz than them, who would then:

(1) defeat the ransomware on their machine

(2) find out the physical origin of the attack

(3a) turn the evidence over to the Feds

(3b) revenge-hack the people who hacked them

(3c) find out where they are and beat the shit out of whoever tried to blackmail them for $1,000

Share this post


Link to post
Share on other sites

Sometimes I wonder how these people don't get caught. As wide a net as they cast, you'd think eventually they'd end up hitting somebody with 733+-er e-skilz than them, who would then:

(1) defeat the ransomware on their machine

(2) find out the physical origin of the attack

(3a) turn the evidence over to the Feds

(3b) revenge-hack the people who hacked them

(3c) find out where they are and beat the shit out of whoever tried to blackmail them for $1,000

 

It seem you have little knowledge of why ransomware is so dangerous. Let me enlighten you.

1) It is entirely possible to "defeat" the ransomware. Almost any given anti-virus will detect the ransomware after it has already been opened. The issue occurs in two places:

  1. FUD (fully un-detectable) encryption very much exists, and is certainly mastered by the more skillful hackers that venture into the realms of distributing ransomware, meaning the file will not be detected for a given period of time (until the anti-viruses update their database as the personnel on their side that works for their company finds more malicious strings of code and alters their anti-virus to detect such code). If you obtain an infected file that has this ransomware on it during its FUD period, you will have 0 chance of knowing that it is infected, until it is too late.
  2. After opening the ransomware, it encrypts a variety of files, most of them being important documents or system files that may become corrupted if they are not unencrypted. The targeted user is then given a timeframe no more than 24 hours (if the distributer is not an idiot). The reason for this is because the encryption can be bruteforced. The catch is that this bruteforce requires much longer than 24 hours, as the encryption methods of ransomware are powerful. After the 24 hours, if the user does not pay the fee, the ransomware will typically corrupt the encrypted files, leaving no chance of recovery.

    The only way out of this is if the ransomware is poorly made and stores the decryption client-side, meaning the ransomware could theoretically be reverse engineered and the decryption key could be found. Unfortunately, most ransomware creators know what they're doing, and are not idiots, and they store the decryption keys in their own personal servers, which you will most certainly not be able to backtrace and access within the 24 hour timeframe.

2. Most ransomware creators and other serious hackers reside in countries that have crossed the third-world line and have some sort of industrialization, but are otherwise corrupt. The most notable are Russia and China. Even if you manage to trace the true IP of the signal, what are you going to do? Fly over there and give 'em hell? Or contact the country's authorities, who don't give two shits about their own residents, let alone some random dude from another country? Let's be real here.

 

3. a) Once again, these people are located in fairly isolated corners of the world. The FBI only have strong influence over the western portion of the world, and even there their grip is not overly strong. Furthermore, the FBI is mostly interested in large-scale operations and black-market things such as child pornography and human trafficing. Even if 100 people got ripped off for $500, a measly $50000 is not worth even looking at for the FBI. This ransomware activity would have to expand into the millions of dollars region to appear as an issue for the FBI.

 

3. b) I think I already addressed most of this in point 1, but these are not your average script kiddies that are messing around with some malicious code. These are organized groups of serious hackers that, together, make quite a large sum of money from a variety of blackmailing methods. They would have some very serious defence mechanisms in place to ensure that they are never located, and even if they are, their information is never found out because it is encrypted in the strongest of ways.

 

3. c) The above points answered why this is a comedic statement.

 

Hopefully this helps you understand the darker side of our digital planet a little better. Lemme know if you have any questions.

Share this post


Link to post
Share on other sites

It seem you have little knowledge of why ransomware is so dangerous. Let me enlighten you.

1) It is entirely possible to "defeat" the ransomware. Almost any given anti-virus will detect the ransomware after it has already been opened. The issue occurs in two places:

  • FUD (fully un-detectable) encryption very much exists, and is certainly mastered by the more skillful hackers that venture into the realms of distributing ransomware, meaning the file will not be detected for a given period of time (until the anti-viruses update their database as the personnel on their side that works for their company finds more malicious strings of code and alters their anti-virus to detect such code). If you obtain an infected file that has this ransomware on it during its FUD period, you will have 0 chance of knowing that it is infected, until it is too late.
  • After opening the ransomware, it encrypts a variety of files, most of them being important documents or system files that may become corrupted if they are not unencrypted. The targeted user is then given a timeframe no more than 24 hours (if the distributer is not an idiot). The reason for this is because the encryption can be bruteforced. The catch is that this bruteforce requires much longer than 24 hours, as the encryption methods of ransomware are powerful. After the 24 hours, if the user does not pay the fee, the ransomware will typically corrupt the encrypted files, leaving no chance of recovery.

    The only way out of this is if the ransomware is poorly made and stores the decryption client-side, meaning the ransomware could theoretically be reverse engineered and the decryption key could be found. Unfortunately, most ransomware creators know what they're doing, and are not idiots, and they store the decryption keys in their own personal servers, which you will most certainly not be able to backtrace and access within the 24 hour timeframe.

2. Most ransomware creators and other serious hackers reside in countries that have crossed the third-world line and have some sort of industrialization, but are otherwise corrupt. The most notable are Russia and China. Even if you manage to trace the true IP of the signal, what are you going to do? Fly over there and give 'em hell? Or contact the country's authorities, who don't give two shits about their own residents, let alone some random dude from another country? Let's be real here.

3. a) Once again, these people are located in fairly isolated corners of the world. The FBI only have strong influence over the western portion of the world, and even there their grip is not overly strong. Furthermore, the FBI is mostly interested in large-scale operations and black-market things such as child pornography and human trafficing. Even if 100 people got ripped off for $500, a measly $50000 is not worth even looking at for the FBI. This ransomware activity would have to expand into the millions of dollars region to appear as an issue for the FBI.

3. b) I think I already addressed most of this in point 1, but these are not your average script kiddies that are messing around with some malicious code. These are organized groups of serious hackers that, together, make quite a large sum of money from a variety of blackmailing methods. They would have some very serious defence mechanisms in place to ensure that they are never located, and even if they are, their information is never found out because it is encrypted in the strongest of ways.

3. c) The above points answered why this is a comedic statement.

Hopefully this helps you understand the darker side of our digital planet a little better. Lemme know if you have any questions.

Fair enough; I hadn't considered how much of serious hacking originates from corrupt countries. I hear stories the Chinese government maintains hacker "farms", so to speak. My understanding was that they mostly focus on stealing intellectual property as in trade secrets, but I imagine they sweeten the deal for their hackers by allowing them to moonlight in fraud and ransomware.

Share this post


Link to post
Share on other sites

Targeting important documents and home photos, videos, or even System32 files is a very smart thing to do. Some of these ransomwares are super destructive, and unless you literally have your entire hard-drive constantly backed up, you can get wrecked if you download one of these: http://en.wikipedia.org/wiki/CryptoLocker

 

I know a few people at my plant that got hit with that, windows boots normaly but all the personal files in their computer got encrypted. Some tried to use an external HDD while the virus was active and everything in it also got encrypted.

 

And even if you manage to pay the ransom in time, there's a big change that they won't give you the key to decrypt them anyway.

Share this post


Link to post
Share on other sites

Not me, I posted IN the thread. I just crossed it here since I saw no thread and that I know nobody cares about the official forum.

 

Oh, whoops. And I was so close to checking, too. :/

Share this post


Link to post
Share on other sites

So, how do I protect myself from this thing? Move all the personal stuff on an external HDD which I then disconnect from the computer? I only play games with server-side saves anyway so game files arent a problem.

Share this post


Link to post
Share on other sites

So, how do I protect myself from this thing? Move all the personal stuff on an external HDD which I then disconnect from the computer? I only play games with server-side saves anyway so game files arent a problem.

 

You protect yourself by having a powerful anti-virus, doing monthly scans of your entire hard-drive, and not being a dumbass and downloading sketchy shit.

Always gotta look for comments, reviews, etc. on any file that you're getting.

Share this post


Link to post
Share on other sites

You protect yourself by having a powerful anti-virus, doing monthly scans of your entire hard-drive, and not being a dumbass and downloading sketchy shit.

Always gotta look for comments, reviews, etc. on any file that you're getting.

 

The attack vector for this was through a flaw in Adobe Flash.   That's harder to protect yourself against. 

Share this post


Link to post
Share on other sites

My work PC got that ransomware virus last year, where it hijacks the boot process and displays 'you have been found to have downloaded indecent images of children (note: this was on my work PC). To avoid jail, please Paypal $50 to <email address>'.

 

Because that's totally how the police work.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...