Microsoft is raising the alarm on the latest threat it opened its customers to: Zcryptor, a new ransomware product with self propagation features. Zcryptor is capable of deploying itself to shared network drives and portable storage devices accessible from an infected machine. Zcryptor also allows infected machines to be used as part of a DDoS gang for additional monetization opportunities. Once again ransomware seems to be leading other accessory industries surrounding Bitcoin in product improvement.
Category Archives: Ransomware
Ransomware Industry Tightening Product Quality
Proofpoint brings us news that the makers of the CryptXXX ransomware have patched a vulnerability in their product which allowed various antivirus companies to produce "decryptor" products which would recover user files without payment. Numerous ransomware producers have seen their revenue suffer as antivirus companies produced software that exploited vulnerabilities in their ransomware to circumvent payment. If other ransomware ventures follow the example of CryptXXX in improving their own products, the industry as a whole could see substantial growth over the next year.
New MBR Infecting Ransomware 'Petya' Found In The Wild
GData and TrendMicro report a new ransomware they refer to as 'Petya' is circulating in the wild largely affecting German 'Human Resources' departments (archived 1, archived 2). Like other ransomware Petya encrypts files on an infected machine, but it goes further than other ransomware by living in a computer's masterboot record and presenting its demands through a DOS boot screen when the infected machine is powered on. In its present incarnation Petya demands a 0.99 Bitcoin ransom which doubles if its payment deadline is missed. If an affected user goes through the FBI approved manner of recovering their files by paying the ransom, they would be well advised to physically destroy the disk and handle recovered files with care. This is because if anything was learned from the MBR infecting rootkit Sony distributed on their music CDs, it is that people who care enough to put their malware in the MBR tend to make complete eradication of the malware a tremendous pain.
Ransomware Comes To OSX Bittorrent Client
Ransomware has come to Apple's OSX through a doctored binary for the Transmission bittorrent client (archived). This is reminiscent of a similar failure by Linux Mint to secure their software distribution pipeline, with the only substantial added step in this case being the ~100 United States dollar expense to register a key with Apple to bypass their "Gatekeeper" check for signed code. Once again pseudo security theater fails to provide actual security.
Mass Ransomware Strike Hits Millions Of Indian Computers
A massive malware strike affecting three Indian banks and a pharmaceutical company has at a ransom of 1 Bitcoin per machine incurred a total ransom equivalent to multiple millions of United States dollars at fiat/Bitcoin interface reported exchange rates (archived). Apparently only select machines operated by executives had their ransoms paid, but as the source article notes even with the files decrypted malware may remain allowing for easier insertion for future penetrators. Paying ransomware demands is the recovery method officially endorsed by the United States Federal Bureau of Investigation.
The particular piece of ransomware used in this strike goes by the name LeChiffre (archived). It does not propagate automatically and its windows executable needs to be initiated manually. These means that to be deployed on this scale the entire network infrastructure of these enterprises was thoroughly penetrated and brought to submit to the ransomers.
Craig Steven Wright Raided By Australian Police
Hours after Wired and Gizmodo reported on the same day that Craig Steven Wright is their best guess for a likely Satoshi Nakamoto, Australian Federal Police began reportedly began raiding residences and businesses associated with Wright (archived). Mainstream media are parroting police assertions that the raids are unconnected with the possibility Wright may be Nakamoto but instead related to Australian Taxation Office matters. Given the timing of the raid however it is exceedingly likely police, the tax office, and other agents of fiat when reading the recent speculation did as a point of fact become aroused on rumors of Satoshi's hoard. Continue reading
Ransomware Ring Busted, "Decryptors" Rushed by Adware Vendors
Shortly after an FBI agent publicly encouraged ransomware victims to pay off their attackers, some arrests and leaks have lead to the release of a number of private keys maintained by some ransomware authors. Allegedly all of the keys for Coinvault and Bitcryptor ransomware have been acquired and persons alleged to have connections to the schemes have been arrested. Adware vendors Bitdefender (archived) and Kaspersky Labs (archived) have released free adware1 tools to decrypt files related to these ransomware products, though caution is advised as the decryption tools from these providers and those from others have the potential to be at least as malicious as the original ransomware.
It is important to accurately categorize software according to what it really does instead of what it is marketed as. Their free products advertise their paid products and their paid products advertise still more premium paid products. ↩
FBI Agent Encourages Paying Ransomware Demands
The Security Ledger report at a summit the United States Federal Bureau of Investigation Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program at the Boston field office, Joseph Bonavolonta, encourages paying ransomware demands (archived). The quality of the encryption implementations utilized in ransomware is frequently too high for his office to do anything to recover the affected files. As a prophylactic measure he encouraged healthy backup measures so systems could at least be restored to a pre-ransomware state.
Bharara Snubbed By Supreme Court
Bloomberg reports that the United States Supreme Court has refused to consider whether convictions won by Preet Bharara should not have been overturned on appeal (archived). While this decision to decline entertaining Bharara's zealotry only immediately rescues three defendants from the jeopardy of having their cases revived, it lays the groundwork for hundreds of other defendants to have their convictions or guilty pleas vacated under the higher standard for insider trading criminal liability established by the appellate court. This is a severe blow to the embattled Bharara's office which will now be burdened by the influx of defendants looking for freedom from the sanctions criminally imposed on them by Bharara. This is just the latest even in a long downward spiral of reality hitting Preet Bharara after his unjustly criminal prosecution of Ross Ulbricht.
Dutch Police Hunt For "Bitcoin Bomber"
As yet another example of how bitcoin is increasingly attractive for use in the payment of ransoms, Dutch police (archive) are seeking the assistance of the public to capture a perpetrator who is distributing small explosive devices at Jumbo supermarkets throughout the Netherlands. The attacks, which reportedly began in May and continued in June and July have so far only caused property damaged. Continue reading