Secret Ransomware Ransoms
-
The Trade Secret: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
As ransomware attacks crippled businesses and law enforcement agencies, two U.S. data recovery firms claimed to offer an ethical way out. Instead, they typically paid the ransom and charged victims extra.
I'd say it's not surprising that getting data back involved actually having to pay the ransom, but some of these companies seemed to be giving customers the impression that they weren't doing that.
Also, Iranians.
The companies’ claims to be able to release files using their own technology aroused Wosar’s curiosity. He and other security experts sometimes find ways to disable ransomware, and they post those fixes online for free. But they can decrypt ransomware only if there are errors in the underlying software or if a security lapse allows the researchers to hack into the attacker’s server, he said; otherwise, it’s essentially bulletproof.
“If there is a company that claims they broke the ransomware, we are skeptical,” Wosar said. “Everything the ransomware did has been analyzed by other researchers. It’s incredibly unlikely they were the only ones to break it.”
Long article. Lots of good stuff in there.
-
What I'm actually genuinely surprised by is that paying the ransom actually worked. I was always under the impression people would pay the ransom and either would be strung along for a while longer, making additional payments, or they'd simply take the money and run, leaving the "customers" pantsless.
-
@The_Quiet_One if they plan on keeping the operation going and not just grabbing some quick cash before moving on to the next scam it makes sense to keep their end of the bargain. If it's widely known or even suspected that paying the ransom doesn't get you your data back then there's no reason to pay and the business model dies
-
@The_Quiet_One Organized crime groups are good at keeping promises and defending their "honor"... reputation is a big deal when there's no enforcement agency you can complain to.
@Jaloopa said in Secret Ransomware Ransoms:
If it's widely known or even suspected that paying the ransom doesn't get you your data back then there's no reason to pay and the business model dies
Hmm... so if we were to spread the rumor that paying is useless, it might kill the whole thing
-
@anonymous234 said in Secret Ransomware Ransoms:
@The_Quiet_One Mafias are good at keeping promises... reputation is a big deal when there's no enforcement agency you can complain to.
Hmm... so if we were to spread the rumor that paying is useless, it might kill the whole thing
Yeah. That could come back to ...um... hurt you...
-
The rumor is already here, since we're surprised paying worked...
-
Heh...still working my way throught TFA:
Despite Storfer’s best efforts, sometimes the hackers behaved erratically. Proven Data would pay the requested ransom, but they would not respond. At such times, Storfer would share the attacker’s email address and details of the snub with other hackers in the same group.
Then the hacker “would come back and say, ‘Sorry, I’ve been on a coke binge for three weeks.’” Storfer said.
-
@boomzilla said in Secret Ransomware Ransoms:
Despite Storfer’s best efforts, sometimes the hackers behaved erratically. Proven Data would pay the requested ransom, but they would not respond. At such times, Storfer would share the attacker’s email address and details of the snub with other hackers in the same group.
What does that accomplish?
-
@jinpa said in Secret Ransomware Ransoms:
@boomzilla said in Secret Ransomware Ransoms:
Despite Storfer’s best efforts, sometimes the hackers behaved erratically. Proven Data would pay the requested ransom, but they would not respond. At such times, Storfer would share the attacker’s email address and details of the snub with other hackers in the same group.
What does that accomplish?
It might have applied peer pressure. As discussed here, the scammers have an incentive to be "honest" about decrypting victims' files after receiving the ransom, although sometimes it would only decrypt some files, apparently. TFA says they assume this was due to bugs with the original encryption process that made recovery ultimately impossible.
-
@boomzilla said in Secret Ransomware Ransoms:
some of these companies seemed to be giving customers the impression that they weren't doing that.
Not surprising.
Those companies don't want it known that they're just proxies.
The customers may suspect there's something fishy, but why would they talk publicly about it? They get their data back, and they can claim they didn't pay the ransom.
So everybody keeps quiet.
-
@Jaloopa said in Secret Ransomware Ransoms:
@The_Quiet_One if they plan on keeping the operation going and not just grabbing some quick cash before moving on to the next scam it makes sense to keep their end of the bargain.
But that's the thing - a reasonably smart criminal doesn't plan to stay in the same business for a long time. The longer you keep doing the same thing, the greater the chance you'll get busted
If it's widely known or even suspected that paying the ransom doesn't get you your data back then there's no reason to pay and the business model dies
Widely known by who? If I pay someone and they don't keep up their end of the deal, who am I going to tell? I'm just one random person on the Interwebs. Nobody is paying any attention to me.
And even if I could somehow get the word out that "The XYZ Group won't decrypt your shit after you pay them", there's still the problem of "what other choice to you have?" You can refuse to pay the ransom and lose all your shit forever, or, you can take a chance and pay them and hope for the best. That's the number one reason why these ransomware groups are making a lot of money.
-
@El_Heffe said in Secret Ransomware Ransoms:
what other choice to you have?
Restore from your off-line backups. You do have those, right?
Filed under: I don't, either.
-
@HardwareGeek said in Secret Ransomware Ransoms:
@El_Heffe said in Secret Ransomware Ransoms:
what other choice to you have?
Restore from your off-line backups. You do have those, right?
Filed under: I don't, either.
Yes I do. But most people don't, otherwise ransomware wouldn't be a thing.
Many years ago, when I was new to computers and didn't know very much, it occurred to me that I should make backup copies of all my important stuff. I still remember the days of backing up stuff onto a big pile of floppy disks.
Nobody told me to do it, it just seemed like common sense. Since then, I've always been extremely anal about backups and it has saved my ass several times. I still find it extremely weird that people don't do backups.
-
@El_Heffe said in Secret Ransomware Ransoms:
But that's the thing - a reasonably smart criminal doesn't plan to stay in the same business for a long time. The longer you keep doing the same thing, the greater the chance you'll get busted
That's assuming you're located in a country that cares about such crimes. Plenty of ransomware operators aren't.
Widely known by who? If I pay someone and they don't keep up their end of the deal, who am I going to tell? I'm just one random person on the Interwebs. Nobody is paying any attention to me.
This is the Internet. People write articles, post on social media, upload videos to YouTube ; and the point of ransomware is to infect as many people as possible. So if paying the ransom didn't work, the news would travel pretty fast. Not to mention that decrypting the data costs the malware authors virtually nothing -- what advantage would they gain by not doing it?
And even if I could somehow get the word out that "The XYZ Group won't decrypt your shit after you pay them", there's still the problem of "what other choice to you have?" You can refuse to pay the ransom and lose all your shit forever, or, you can take a chance and pay them and hope for the best. That's the number one reason why these ransomware groups are making a lot of money.
If you knew paying the ransom doesn't work anyways, why would you pay it? You've already lost your data, you wouldn't want to waste money as well.
-
@El_Heffe said in Secret Ransomware Ransoms:
I still remember the days of backing up stuff onto a big pile of floppy disks.
Pleb. I have a stack of 22 zip disks! That are... kinda still readable. Somewhat.
-
@Tsaukpaetra said in Secret Ransomware Ransoms:
Pleb. I have a stack of 22 zip disks! That are... kinda still readable. Somewhat.
You still have the zip drive? (I seem to recall they needed a special kind of drive.)
-
@jinpa said in Secret Ransomware Ransoms:
I seem to recall they needed a special kind of drive
And that drive was usually connected via LPT1:
-
@El_Heffe said in Secret Ransomware Ransoms:
I still find it extremely weird that people don't do backups.
The
is weak with you.I back my work stuff up every day over the network (and I don't use git or any other VCS, if you're wondering) and do a weekly backup to an external drive. I've been thinking a that I should get more of those and rotate them but I can only fight the
so much.
-
@jinpa said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
Pleb. I have a stack of 22 zip disks! That are... kinda still readable. Somewhat.
You still have the zip drive? (I seem to recall they needed a special kind of drive.)
I have four! One USB, two IDE, and one parallel.
-
@Tsaukpaetra said in Secret Ransomware Ransoms:
@jinpa said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
Pleb. I have a stack of 22 zip disks! That are... kinda still readable. Somewhat.
You still have the zip drive? (I seem to recall they needed a special kind of drive.)
I have four! One USB, two IDE, and one parallel.
I think I've got a SCSI one... (I do have a USB)
-
@Tsaukpaetra said in Secret Ransomware Ransoms:
zip disks!
You mean hard drives.
Sorry, been watching The Looming Tower recently. Zip disks appear several times (it’s set in the late ’90s, I guess they figured everybody used Zip disks back then), and all the characters in the show keep calling them “hard drives”.
-
@Gurth said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
zip disks!
You mean hard drives.
Sorry, been watching The Looming Tower recently. Zip disks appear several times (it’s set in the late ’90s, I guess they figured everybody used Zip disks back then), and all the characters in the show keep calling them “hard drives”.
Come on now, everyone knows this is the hard drive!
-
@Gurth said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
zip disks!
You mean hard drives.
Sorry, been watching The Looming Tower recently. Zip disks appear several times (it’s set in the late ’90s, I guess they figured everybody used Zip disks back then), and all the characters in the show keep calling them “hard drives”.
Considering they probably did not do their research at all...or, at best, very poorly...they probably have them confused with these: https://en.wikipedia.org/wiki/Jaz_drive which were hard drives, also made by Iomega.
-
@CodeJunkie said in Secret Ransomware Ransoms:
@Gurth said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
zip disks!
You mean hard drives.
Sorry, been watching The Looming Tower recently. Zip disks appear several times (it’s set in the late ’90s, I guess they figured everybody used Zip disks back then), and all the characters in the show keep calling them “hard drives”.
Come on now, everyone knows this is the hard drive!
Or this:
-
@CodeJunkie said in Secret Ransomware Ransoms:
@Gurth said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
zip disks!
You mean hard drives.
Sorry, been watching The Looming Tower recently. Zip disks appear several times (it’s set in the late ’90s, I guess they figured everybody used Zip disks back then), and all the characters in the show keep calling them “hard drives”.
Come on now, everyone knows this is the hard drive!
What are you talking about, that's the modem
-
@hungrier said in Secret Ransomware Ransoms:
@CodeJunkie said in Secret Ransomware Ransoms:
@Gurth said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
zip disks!
You mean hard drives.
Sorry, been watching The Looming Tower recently. Zip disks appear several times (it’s set in the late ’90s, I guess they figured everybody used Zip disks back then), and all the characters in the show keep calling them “hard drives”.
Come on now, everyone knows this is the hard drive!
What are you talking about, that's the modem
And this is the computer
-
-
@boomzilla said in Secret Ransomware Ransoms:
and I don't use git
Sane choice.
or any other VCS, if you're wondering
-
@dcon said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
@jinpa said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
Pleb. I have a stack of 22 zip disks! That are... kinda still readable. Somewhat.
You still have the zip drive? (I seem to recall they needed a special kind of drive.)
I have four! One USB, two IDE, and one parallel.
I think I've got a SCSI one... (I do have a USB)
Mine was SCSI, but it broke a long time ago. :(
-
@topspin
It’s not like “get off my lawn” ever has any changes that need to be tracked.
-
@Gurth said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
zip disks!
You mean hard drives.
Sorry, been watching The Looming Tower recently. Zip disks appear several times (it’s set in the late ’90s, I guess they figured everybody used Zip disks back then), and all the characters in the show keep calling them “hard drives”.
One day, years ago, a friend asked me if I could make a copy of a "hard disk" for him.
Sure, no problem.
He handed me a 3 1/2" floppy disk.
-
@Tsaukpaetra said in Secret Ransomware Ransoms:
@El_Heffe said in Secret Ransomware Ransoms:
I still remember the days of backing up stuff onto a big pile of floppy disks.
Pleb. I have a stack of 22 zip disks! That are... kinda still readable. Somewhat.
I had a Syquest drive, which was the same concept as the Zip drives but the disks had slightly larger capacity and they made an internal IDE unit that I could mount in my computer and use it like a jumbo floppy disk drive.
The disks themselves were somewhat expense, about $20 each for a 120MB disk. And they were garbage. Disks would become unreadable after a few months and I had a few brand new disks, right out of the box, that wouldn't work at all.
-
@El_Heffe said in Secret Ransomware Ransoms:
@Gurth said in Secret Ransomware Ransoms:
@Tsaukpaetra said in Secret Ransomware Ransoms:
zip disks!
You mean hard drives.
Sorry, been watching The Looming Tower recently. Zip disks appear several times (it’s set in the late ’90s, I guess they figured everybody used Zip disks back then), and all the characters in the show keep calling them “hard drives”.
One day, years ago, a friend asked me if I could make a copy of a "hard disk" for him.
Sure, no problem.
He handed me a 3 1/2" floppy disk.
My objection is to the phrase "3 1/2" floppy disk." At least calling it a "hard disk" is sort of logically correct. (Okay, the actual disk inside is not hard, but the case is.)
This is a floppy disk:
If you a hold a corner and gently move your hand up and down, it flops.
The 3 1/2 " ones are diskettes.
-
@jinpa I think the exact name depends on who you ask. I have a box of IBM 8" floppy disks and this is what is says on the label on one of them:
Part No. 1669045
Record Length: 1024 Bytes
Diskette No.
IBM
Diskette 2DEDIT: This article even calls it a "floppy diskette".
-
I had one of those at home at some point*
Not this exact model, this looks small, it was the size of full tower computer case of today (and it was freakishly heavy). It could only read tapes though, I wonder how big the writing unit was.
[edit]I still have some tapes somewhere
[/edit]
* it was my father's, I'm not that old.
-
@JBert said in Secret Ransomware Ransoms:
@jinpa I think the exact name depends on who you ask. I have a box of IBM 8" floppy disks and this is what is says on the label on one of them:
Part No. 1669045
Record Length: 1024 Bytes
Diskette No.
IBM
Diskette 2DEDIT: This article even calls it a "floppy diskette".
I'm not saying there aren't careless people who call them that, just that it's inaccurate.
-
@dkf said in Secret Ransomware Ransoms:
@CodeJunkie In that case, this must be the hard disk:
See? It's got a hard case…
Yup, not floppy at all.
-
@PleegWat said in Secret Ransomware Ransoms:
@dkf said in Secret Ransomware Ransoms:
@CodeJunkie In that case, this must be the hard disk:
See? It's got a hard case…
Yup, not floppy at all.
But the storage medium inside is still floppy, unlike a hard disk.
-
@dkf I think those LS120 drives can support them as well
-
@JBert said in Secret Ransomware Ransoms:
@PleegWat said in Secret Ransomware Ransoms:
@dkf said in Secret Ransomware Ransoms:
@CodeJunkie In that case, this must be the hard disk:
See? It's got a hard case…
Yup, not floppy at all.
But the storage medium inside is still floppy, unlike a hard disk.
Right, so it really should be a floppy discette!
-
@topspin said in Secret Ransomware Ransoms:
@boomzilla said in Secret Ransomware Ransoms:
and I don't use git
Sane choice.
or any other VCS, if you're wondering
Ahhh...I see you follow the @blakeyrat philosophy of backups. I'm sorry.
-
@boomzilla I really don't see how you can dispense with all forms of VCS.
It does much more than backups. It gives you a full history of who-changed-what-when-where-and-why, allows you to work on mutually incompatible features in parallel with any number of other developers across any number of workstations, integrates with issue tracking software, and can be used to find when bugs were introduced. Not using it is just
.
I suspect 
.
-
@error said in Secret Ransomware Ransoms:
@boomzilla I really don't see how you can dispense with all forms of VCS.
It does much more than backups. It gives you a full history of who-changed-what-when-where-and-why, allows you to work on mutually incompatible features in parallel with any number of other developers across any number of workstations, integrates with issue tracking software, and can be used to find when bugs were introduced. Not using it is just
. I suspect .I don't know
you guys are on about talking about "dispensing with VCS" or whatever. I was just talking about backups. Sheesh.I love VCS for...controlling the versions of my software and facilitating development and etc. But I don't like it for backing up my hard drive like @blakeyrat does. Or did. Maybe he's found some actually backup software or something by now.
-
@levicki said in Secret Ransomware Ransoms:
So this is esentially you paying extra to the police to protect you from racketeering, and the police paying racketeers while taking the rest for themselves?
Yes, pretty much. I'm pretty sure some countries in South America and Africa are doing literally that - bribing organized crime with tax money.
Help, I can't decide who is worse -- malware authors or those data recovery "specialists"?
The authors are at least honest about their methods.
-
@boomzilla said in Secret Ransomware Ransoms:
I don't know you guys are on about talking about "dispensing with VCS" or whatever. I was just talking about backups. Sheesh.
The exact quote was
(and I don't use git or any other VCS, if you're wondering)
Not out-of-context; there were no qualifiers. It did seem like you were saying you don't use it at all, anywhere, for any purpose.
-
@error said in Secret Ransomware Ransoms:
@boomzilla said in Secret Ransomware Ransoms:
I don't know you guys are on about talking about "dispensing with VCS" or whatever. I was just talking about backups. Sheesh.
The exact quote was
(and I don't use git or any other VCS, if you're wondering)
Not out-of-context; there were no qualifiers. It did seem like you were saying you don't use it at all, anywhere, for any purpose.
I have no idea what you're talking about...here's the post where I said that:@boomzilla said in Secret Ransomware Ransoms:
@El_Heffe said in Secret Ransomware Ransoms:
I still find it extremely weird that people don't do backups.
The
is weak with you.I back my work stuff up every day over the network (and I don't use git or any other VCS, if you're wondering) and do a weekly backup to an external drive. I've been thinking a that I should get more of those and rotate them but I can only fight the
so much.
-
@boomzilla said in Secret Ransomware Ransoms:
backing up my hard drive like @blakeyrat does. Or did.
K don't recall him saying anything like this.
-
I back up my work stuff up every day over the network (and I don't use deodorant or any other hygienic products, if you're wondering) and do a weekly backup to an external drive. I've been thinking a that I should get more of those and rotate them but I can only fight the
so much.Why is everyone looking at me funny! I don't use deodorant for backups! That's obvious.
-
@Tsaukpaetra said in Secret Ransomware Ransoms:
@boomzilla said in Secret Ransomware Ransoms:
backing up my hard drive like @blakeyrat does. Or did.
K don't recall him saying anything like this.
Sounds like a personal problem to me.
He was complaining that he couldn't stash code remotely using git without everyone seeing it or the branches never going away or something. It turned out that when he used TFS he'd do that at the end of every day in case he lost data.
-
@error said in Secret Ransomware Ransoms:
Why is everyone looking at me funny! I don't use deodorant for backups! That's obvious.
Yeah, it's funny because no one but @blakeyrat would recommend using
deodorantgit for backing stuff up. Maybe you have to remember being there.
SuperDisk - Wikipedia
