How ransomware creeps cash out their payments

Discuss

22 Responses to “How ransomware creeps cash out their payments”

  1. Didn’t know about ramsomware until now, thanks Cory! 

  2. tacochuck says:

    Daily backups of your documents and photos is a the best last ditch defense against these sorts of attacks. I say last ditch because you can do a number of things to prevent it happening in the first place, but if you have a daily backup of your documents and photos and this happens, you can just wipe the hard drive and start over, no fuss, no muss.

    The daily backup thing is important for more than just these sorts of scams of course because anything could take out your hard drive and if you get any sort of virus infection the best course of action is to reformat and reinstall you OS.

    I hear good things about “mozy” online backup. An online backup has the added advantage of being off site as well. I personally use external USB drives (2) and a program called SyncBack (free version) and keep them locked in a fireproof safe. Realistically I run the backup to the drives about once a week.

    Before it is too late defense consists of an anti virus program (MS Security Essentials is ok defense wise, but the best by far in terms of not being intrusive or slowing your machine down and it is free), adblock plugin in your browser, javascript blocking plugin for your browser, flash blocking plugin for your browser and good internet habits in general.

    Never open anything that comes to you via email unless you asked someone to send it to you. Never means never. If they ask you if you got whatever they sent you, just explain to them you do not open anything sent to you via email. Even if they tell you ahead of time they are sending it or follow up to see if you saw the picture or got the ecard or whatever, just say no, sorry, (because you can’t trust they know what they are really sending).

    Really the same goes for links you get in email, basically never ever click a link in an email. If you for any reason think you need to follow a link sent in an email, close the email and then type the url into your browser by hand or find the site via google, or even better just pick up the phone and call the organization (especially bank related emails).

    • I especially loved the bit about emails. That’s when I worked out it was a joke.

      • When reading an email (you shouldn’t be reading an email), only use your peripheral vision. DO NOT stare at the email. Keep one eye closed while reading the email (you shouldn’t be reading an email) to avoid bilateral oculo-emailitis.  DO NOT taunt the email.

      • tacochuck says:

         And which one of my suggestions is not considered to be best practices (aside from the MSE suggestion as best AV is open to debate)?

        But really, I am glad there are folks like you out there, they keep me employed.

          • tacochuck says:

             Not sure what you mean. The original post is certainly not a joke and people who treat sensible recommendations for online security as a joke do keep me employed. The down side is they also cost us all money and keep the bad guys employed as well.

          • People should exercise caution. If you’re at the point where you don’t open ANY attachment unless it has been explicitly solicited (in writing, with a witness, I assume), or simply verify a link by actually looking at it, then quite frankly you should probably just stop using email, as you’re not cut out for the perils it brings.

            If I ever encounter anyone that refuses to open my attachments, ill come looking for you.

          • tacochuck says:

             Nested replies ran out so this is in reply to your last message:

            You would be surprised at the ways it has been possible and is still possible to fool the hover over method of url “verification” (especially if it is a long url). If you followed my suggestion to disable javascript when you hover over a link then I no longer know a way to spoof the url effectively, but with in browser email clients JS usually has to be enabled.

            Here is a decent list of ways urls can or used to be able to lie:
            http://www.michaelhorowitz.com/linksthatlie.html

            And those are just the ones we know about, browser and email client bugs exist that we do not know about.

            It only takes one errent click and you are owned.

            Really it isn’t that hard to type in a url if you want to follow one.

            And again, while well intentioned, I am not trusting my security to people who send me things (or things that were supposedly sent by them, you check the full email headers every time or are sure their machine wasn’t owned ?).

            If you want to come find me, no problem, I’ll send you a map to my house as an email attachment ;)

          • Oh don’t get me wrong, I know the ways (I work with the web) – it’s just there is such a thing as being too worried :) As I say, exercise caution – once you’re at the point where you categorically refuse to open any attachment then you’re just crippling your own workflow, and you might as well not bother using email – and anyone else you work with is going to hate you.

            I think the most important thing is for people to be more aware of what they’re doing, and to exercise caution at all times – assuming you’re paying attention that should negate 99% of the threats.

            And lets be honest, if that paranoid you should be running all your traffic and email through software anyway – something most of us can’t avoid even if we tried. Postbox/gmail flags malicious content, as does Chrome. I’m sure neither is perfect, but I like to live on the wild side.

  3. Mitch_M says:

    There has to be away to get the Zetas to hate people who distribute malware. A few of them turning up dismembered would have some deterrent value if they feel that no government can touch them.

  4. Recluse says:

    Hmmm so, can we call that diagram “Krebs’ Cycle?”   :-)

    • Listener43 says:

      I have a feeling Maynard G. might object to the use of his name in re a criminal activity.
      Like, you laundered, man?

  5. knoxblox says:

    When it comes to scareware, I always worked on the assumption that if a major law enforcement agency knew you were dealing in child porn, they’d prefer to drop in unannounced over sending a threatening e-mail.

  6. mccrum says:

    So, the takeaway here is as long as I undercut the current cashiers, say, by only charging 55%, I’m going to corner the market?

  7. boise427 says:

    Linux has been the best way to prevent virus infection. I use a bootable USB stick to browse piratebay or other questionable sites.

Leave a Reply