Overclock.net › Forums › Software, Programming and Coding › Networking & Security › RANSOMWARE (cryptolocker) - encryted systems ... many questions
New Posts  All Forums:Forum Nav:

RANSOMWARE (cryptolocker) - encryted systems ... many questions - Page 3

post #21 of 50
Ok, so there are still people who would pay it. Great. But then there are people who wouldn't pay it if they thought they wouldn't get their files back. For your argument's sake, let's say that's 10% of the people.

So word gets out that the scammers are "nice" and they'll honor their word. The victims browse for a solution and find out that they can actually get their files back. So the scammers gain another customer - that's another $300 - that they would have otherwise lost. And that's all by doing something very easy: just giving their files back.

So again, the question is: why wouldn't the scammers do it when it's that easy? On the avast link, somebody said they're making $300k+/month on this scam. That's ~1000 people per month. Assuming the 10% that wouldn't pay (a horrible underestimate) - because they thought the scammers won't make good on the ransom - change their minds, that's $30k. Pretend he's worth $95/hr and wrote that feature in 5 hours. For $475, he's pulling in an extra $30k a month. I hate to say it, but it's the right business move.
post #22 of 50
I'd wager that the vast majority of victims wont "browse for a solution." If the malware is programmed to tell the user something like, "Hello from the FBI. It looks like some Chinese hackers encrypted all of your files. If you pay us, we will unlock your files for you" then the user, who is more than likely about as tech-savvy as a loaf of bread, will gladly pay the fee without doing any sort of investigation. In this scenario, what is the point of being trustworthy? The only thing you're handing over at this point is a potential clue for how to unravel the whole scheme.
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
post #23 of 50
Quote:
Originally Posted by Oedipus View Post

I'd wager that the vast majority of victims wont "browse for a solution."

You and I can argue about how stupid the average user is, but let's talk numbers again:

Ok, let's say 1% (the "vast minority") of users is skeptical enough to say, "I'm not sure if I'll get my files back whether or not I pay, so I give up." Those 1% go to "browse for a solution." They find that they can actually get their files back. On 1000 victims a month, that's $3k. At $95/hr, it cost $475 over 5 hours to make an extra $3k a month. Is $3k a month, assuming 1% which I still think is outlandishly low, worth being "trustworthy" at the expense of potentially busting their business (which they are likely shielded from since they're probably in russia or china where they will never be stopped in a million years anyway)? Apparently they seem to think so. Like I said, on their end, it makes the most business sense.
post #24 of 50
It may be their MO for now, but don't count on it to continue. There is a break-even point where the reduction in income from not sending out the codes is balanced out by the potential for an AV company to get enough of a sample size (of codes) to figure out how to build some sort of program that will unlock all of the infected machines. At this point, almost all of the people who actually look for a solution will find the link to Kaspersky's or AVG's or whoever's unlock software that is available for free. The impulsive baguettes that I know are the majority will pay the ransom regardless of whether or not the malicious party will send them the code. These same people will also pay regardless of whether or not there's an unlock tool available.

So, once again, how much long term value is there in continuing to send out the codes?
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
post #25 of 50
lol well if they're counting on doing this until RSA is cracked, they may have all the time in the world. That's pretty long-term. Read up on RSA. If you can find an algorithm to solve factoring, I'm sure they'll give you a Nobel prize. If you can invent a machine that will brute-force the 2048-bit key (3.2317006071311007300714876688669951960444102669 × 10^616 possible keys, says WolframAlpha) in less time than the current age of the universe (15 billion years?), you'll get another Nobel prize.

If breaking the cryptography were that simple, you would never want to buy off of Amazon or use PayPal because the interwebz would be total anarchy; you would never know if you were talking to a legitimate company or getting duped by an imposter.

So once again, they are gaining the "business" of this 1% (for your argument's sake) that is not in the "vast majority" of people who would pay anyway. All because the scammers have made a way for them to get their files back.
post #26 of 50
The same people are putting out scareware that isn't even proofread. Doesn't bode well for them coming up with bulletproof software.
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
post #27 of 50
Then I guess it's a good thing for them that they didn't have to come up with RSA.

PS: The Comment Crew speaks piss-poor English, too. Doesn't stop their software from ransacking corporation after corporation. And the U.S. Government.
post #28 of 50
Fair enough.

GPCode never really caught on, for whatever reason. Hopefully this one and its ilk wont expand very far, either.
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
2x intel Xeon E5-2650 Supermicro MBD-X9DR3-F-O Onboard awesomeness 8 x 8GB Kingston DDR3 1333 ECC 
Hard DriveCoolingOSMonitor
4x WD Green 2TB in RAID 10 2x Coolermaster Hyper 212 EVOs Windows Server 2012 Datacenter 3x Dell Ultrasharp U2410s 
PowerCase
Corsair AX1200 Case Labs TX10-D 
  hide details  
Reply
post #29 of 50
Quote:
Originally Posted by Oedipus View Post

Fair enough.

GPCode never really caught on, for whatever reason. Hopefully this one and its ilk wont expand very far, either.

Interesting... I just read up on wikipedia for that one. Makes me wish I was into that kind of thing back then, because finding the flaws would have been fun.

I wonder if somebody could stop this cryptolocker by DDoS or something. Apparently it doesn't do anything if it can't get a key from the C2. Imagine if there were a hacker gang in russia or china that STOPPED crime. That would be something redface.gif
post #30 of 50
I have found this:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
 
Gsvlip Dudyrm
(15 items)
 
Oda'maksv
(9 items)
 
CPUMotherboardGraphicsRAM
3770k @ 4.5 1.312 load z77 Sabertooth GTX 1070 Gaming 2126/2249 w/ Hybrid cooler Patriot Viper Xtreme D2 1600  
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 Pro 1TB 4TB RAID 0 4.5TB RAID 0 <.< DVD drive 
CoolingCoolingOSMonitor
H105 EVGA Hybrid GPU cooler Windows 10 Asus MG279Q - 24" 144Hz 1080p 
KeyboardPowerCaseMouse
Filco Majestic II w/ Cherry Reds Seasonic X 760W CM690 II Adv. Logitech G400 
Mouse PadAudioAudioAudio
Razer Goliath AKG A701 JDS Labs Objective 2 JDS Labs ODAC 
CPUMotherboardGraphicsRAM
Core i5 750 3.99 (190x21) 1.376v Load ASUS P7P55d-E Pro GTX 670 FTW <- Poor overclocker :( 8GB (4x2GB) G.Skill DDR3 1600 
Hard DriveHard DriveOptical DriveOS
Samsung 830 Evo 128GB 2x 2TB  Some DVD drive OSX 10.10.4 
MonitorPowerCaseMouse
Asus 1080P Crap TX 750 HAF 922 G400s 
Mouse PadOther
Apple Keyboard Xbox One controler 
CPURAMHard DriveHard Drive
C2D 2,26GHz under volted @ .978v 8GB  Crucial M4 64GB SSD 500GB Scorpio Black 
OSMonitorKeyboardMouse
OS X 10.0 1280x800 Built-in Trackpad 
Audio
Built-in 
  hide details  
Reply
 
Gsvlip Dudyrm
(15 items)
 
Oda'maksv
(9 items)
 
CPUMotherboardGraphicsRAM
3770k @ 4.5 1.312 load z77 Sabertooth GTX 1070 Gaming 2126/2249 w/ Hybrid cooler Patriot Viper Xtreme D2 1600  
Hard DriveHard DriveHard DriveOptical Drive
Samsung 850 Pro 1TB 4TB RAID 0 4.5TB RAID 0 <.< DVD drive 
CoolingCoolingOSMonitor
H105 EVGA Hybrid GPU cooler Windows 10 Asus MG279Q - 24" 144Hz 1080p 
KeyboardPowerCaseMouse
Filco Majestic II w/ Cherry Reds Seasonic X 760W CM690 II Adv. Logitech G400 
Mouse PadAudioAudioAudio
Razer Goliath AKG A701 JDS Labs Objective 2 JDS Labs ODAC 
CPUMotherboardGraphicsRAM
Core i5 750 3.99 (190x21) 1.376v Load ASUS P7P55d-E Pro GTX 670 FTW <- Poor overclocker :( 8GB (4x2GB) G.Skill DDR3 1600 
Hard DriveHard DriveOptical DriveOS
Samsung 830 Evo 128GB 2x 2TB  Some DVD drive OSX 10.10.4 
MonitorPowerCaseMouse
Asus 1080P Crap TX 750 HAF 922 G400s 
Mouse PadOther
Apple Keyboard Xbox One controler 
CPURAMHard DriveHard Drive
C2D 2,26GHz under volted @ .978v 8GB  Crucial M4 64GB SSD 500GB Scorpio Black 
OSMonitorKeyboardMouse
OS X 10.0 1280x800 Built-in Trackpad 
Audio
Built-in 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › RANSOMWARE (cryptolocker) - encryted systems ... many questions