[NEWS] Ransomware

[Spoetnik]

I already have heard stories about ties to Bitcoin + Ransomware..
I had heard the industry make malware creators around 325 million a year in Bitcoin.

Now i seen this..

Meet Ransom32, the first Javascript ransomware for Windows, Mac, and Linux

Ransomware, as known by a lot of people, are nasty pieces of software that encrypt files on a Windows system, and then threaten users that their data will be lost forever, unless they pay up, usually in Bitcoins. Many have surfaced in the past year, like a program that scrambles your computer's file names, and another that even offers a 'referral program,' turning victims into perpetrators. And more recently, such programs have evolved, now targeting a wider range of computers.

Enter Ransom32, one of the newest ransomware for the New Year. The program is written in Javascript, running on the NW.js platform, and can infect systems running on the Windows platform. It can also have the capability of targeting Mac OS X or Linux computers, if repackaged with platform-specific runtimes. It is also dubbed as a "ransomware-as-a-service," a play from SaaS or "Software as a Service."

Credits: www.neowin.net + Emsisoft

This topic about "Ransomware" should be an ongoing discussion.
We need to address this and spread awareness to the world about it.
Yet i never have seen one topic on this issue here before.
Just like how Paypal's Terms of service forbids use of any crypto currency trading..
We have Staff, the site owner and all users ignoring the issue deliberately.

There is dangers with things like Paypal and Ransomware and you all should be responsible
and make an effort to warn people and maybe make some kind of effort to combat it.

Both of those two things deserve a sticky warning topic here !
Places like BTCe should NOT be letting people withdraw to Paypal if it will get their money stolen etc.
And NO ..simply creating a sticky by theymos saying hey "it's risky" because of Paypal Chargebacks is not enough !

Then the Ransomware issue is a big problem !
If people don't know what they are ? I highly suggest searching for info on them.

THIS IS NOT JUST A WINDOWS ONLY PROBLEM

EDIT:
It's getting dangerous out there guys.. this mentions hackers stole a Billion dollars from a bank.
http://www.neowin.net/news/russian-gangs-using-sophisticated-hacking-technique-to-make-unlimited-cash-withdrawls

[1715323740]

1715323740

[1715323740]

1715323740

[1715323740]

1715323740

[1715323740]

1715323740

[capcher]

The program will then be distributed via the usual method: spam emails. Packaged as a RAR file, the archive will extract all by itself, utilizing WinRAR's scripting language in order to make the malicious program always launch at startup, and execute the files inside it, successfully locking up a victim's computer using a 128-bit AES encryption.

I guess try not to download/open suspicious .rar files from suspicious emails?

[Amph]

The program will then be distributed via the usual method: spam emails. Packaged as a RAR file, the archive will extract all by itself, utilizing WinRAR's scripting language in order to make the malicious program always launch at startup, and execute the files inside it, successfully locking up a victim's computer using a 128-bit AES encryption.

I guess try not to download/open suspicious .rar files from suspicious emails?

still waiting for malware that can spread without you actually downloading/running /clicking on some link/pishing site etc....

spread through router maybe, but those stuff usually works on a security hole...

[Spoetnik]

The program will then be distributed via the usual method: spam emails. Packaged as a RAR file, the archive will extract all by itself, utilizing WinRAR's scripting language in order to make the malicious program always launch at startup, and execute the files inside it, successfully locking up a victim's computer using a 128-bit AES encryption.

I guess try not to download/open suspicious .rar files from suspicious emails?

Some malware have recently been infecting users via TXT MSG system on Phones..
The "Stage Fright" exploits.
Auto Text message retrieval leaves users vulnerable who are not patched.
Running an old custom Android ROM ? LOL

When it comes to these stories they always mention EMAIL as the most common and easiest infection method
but not necessarily the only way !

Anyway the quote mentions an example..
There is no requirement for using WinRar  



EDIT:
Malware has been installed on machines many times via ad's served on web pages.
There is more than 1 way to skin a cat



EDIT2:
Who is getting off their ass to warn users ?
Why as usual am i the only one ?

I posted this to get the word out ..most likely to NEW users that would end up coming here.
Coming here to the Crypto / Bitcoin nerd sanctuary where you all seem to think your know it all about this stuff.
Yet do i see one topic about Ransomware ? noooooope.
And what do i see in the Market section ? All Paypal Deal posts..

I like the reaction i get here so far.. who cares and "small risk"
Makes me think of Asteroid impacts or Super Volcanoes exploding like Yellow Stone park.
Smaller risk but Catastrophic MAJOR consequences !

I expect the Nerd community to be nerds about this stuff good or bad.
Not stuffing their cheerleader heads in the sand when bad news comes along.
The Fanboyism surrounding Bitcoin is irresponsible & Childish.
What are you experts going to say when a family member mistakenly gets infected with Ransomware ?
I guess quickly start Googling what it is LOL

EDIT:
http://www.neowin.net/news/russian-gangs-using-sophisticated-hacking-technique-to-make-unlimited-cash-withdrawls
See how the head of a bank gets infected via email and has a BILLION dollars hacked ?

[franky1]

though its a problem. i think your mainpost sounds more like an advertisement to show script kiddies how easy it is to create the ransomware. but lacks any real usable information to remove ransomware.

i know thats not our intention. but thats how it can be perceived by outsiders

the article even states trying to remove it can damage your computer.. thus naive victims wont remove it or search out how to remove it, and end up paying the ransom..

again not your intention. but how other perceive it..

maybe best to remove the second image (the stats page) as it will appeal to script kiddies who 'want to make it rich'.
try to highlight known tools that effectively remove the ransomware WITHOUT payment.
because although your sentiment at the end of the post seems to not like ransomware. the top part of the post seems more advertisement-esq showing script kiddies how easy they can make it. and not much real information for victims to remove it, even making victims worry that trying to remove it is a kiss of death to their data

[DimensionZ]

And yet people are running to buy sketchy Chinese manufacturers Android phones with outdated versions not patched or anything just because they are cheap

[Spoetnik]

@Franky
I posted the pic's to show how they look interesting.
Who says they are easy to code ?

Want me to post pic's of the Zuess Rootkit ?
The source code needs a computer programming degree or two on how to understand it.
"Script kiddy's" ?
I thought we had pro dev's here ?
or is that only the argument used when defending Altcoins ?

I said in the first post..

Then the Ransomware issue is a big problem !
If people don't know what they are ? I highly suggest searching for info on them.

Get on Google in other words !

Me posting info on them is not a substitute for being responsible for your own security.

And the pictures were to make the topic interesting nothing more.. i found them interesting

Quit trying to twist this into the bad news is my fault.
I posted to warn you guys.. many people out there probably don't know what Ransomware even is !
Franky you warning them ? No ?

And if you DID already know what Ransomware is you might like to know it's getting more cross compatible with OS's
In other words the underlying point is this issue is evolving and yes i have ALREADY brought this up before
and as usual nobody cared..

@Franky if YOU want to post removal instructions you are free to do so.
Some AV vendors have a cracked KEY for some variants.
I can't recall which one it is but i seen a story about it last year.
Which is why you should Google it (to get the most up to date info on this changing story)

Moral here ?
All malware can be coded by "Script Kiddy's"
Being a life long software cracker i have gotten pissed off lots by losers ripping off my work.
I actually quit the Game cracking scene because of re-packers and credit thieves constantly stealing my work..
they would copy cat everything i put out and erase my Name and put their own in in then share it.
It does not require much skill..

EDIT:
by the way Franky was it you that went and downloaded Litecoin's source code off of Github
so you could MOD it slightly to make a scrypt clone called Franko ?
So..
Uhh..
Is there Ransomware on Github smart guy ?
Who is the "Script Kiddy" ? ROFL

[Spoetnik]

This ransomware is only run on windows, but they could earn more bitcoin if they able to compile it to linux or mac os x.
But since everyone can make their own ransomware just by know how to access hidden server in tor network & know about bitcoin, security expert will find a way or another to prevent this ransomware & might able to decrypt files which has been encrypted by this ransomware generator.

Looks like you try to prevent people get this ransomware, but people could try find & make their own version of ransomware because this news.

Are you high ? Seriously ?
So this topic = Spoetnik is Evil ?

WOW ..you people are too much !

[franky1]

bored now. you offer no support for victims yet want to rant that people need to offer support to victims.
um.. you missed yourself out of that mindset

victims will never see the "stats" page. victims just want to know how to remove it without payment and without nuclear bombing their data.
your just ranting and telling people to google..

i even suggested to tweek your posts to add more support for victims and reduce the advertisement for script kiddies that can see that its just a few key presses in an admin-panel to create the ransomware.

but no. you continue to rant and rave bt add no substance or take the moral highground that your post might actually tempt script kiddies into searching out how its made to then spam their new creations out. (defeating the purpose of your rants)

so take off your rant-hat. and put on your support-hat.
i have gave you a couple supportive idea's already, but if you dont think you have the time or patients to follow my idea.. then flip that mindset around as if you were the one giving my idea to others to do things.. and then you will see why no one will help you if your not willing to help yourself

so dont rant. but do this

remove the second image that clearly shows how easy it is to make the ransomware, as we both know victims wont see it or be interested because all they care about is getting rid of it..
then take any posts out saying that google is what people should do. and then you search out the working tools that would remove it.

[unamis76]

Ransomware has been an ongoing discussion, especially since they started requesting Bitcoins for unencryption...

OP, do you suggest anything specific that should be done in order to avoid this problem?

Making threads saying "don't click in suspicious links, don't download suspicious files" isn't enough for those who do these things and isn't suited for a forum where most people have Bitcoins and search for ways to store them safely...

Theft is an ongoing problem and we don't even need ransonware to get people started on reading up about security around here... One just has to look to the Electrum subforum, as an example, to see people not checking if the website they're downloading .exe from is the official one...

[Kprawn]

I see where you coming from, and I think it is not a bad idea to warn people. I know some banks post warnings for users on their website, to warn them

against phishing sites. As with banks and online banking, it is your own responsibility to protect your computer from malicious code. The community must

identify these threats and post them online. One site doing this is, http://www.badbitcoin.org/

[Lorenzo0]

Just wanted to add that you don't need to be careless to get infected by ransomware (or anything else, for that matter).

https://heimdalsecurity.com/blog/ultimate-guide-angler-exploit-kit-non-technical-people/

They use exploit kits, which basically detect if your browser or plugins have a particular buffer overflow vulnerability and try to exploit it.
With that, they are able to execute code and install whatever they want.

They need that vulnerability, though. So by keeping your browser updated, NEVER using IE (main target) and disabling javascript using no-script you should be reasonably secure.

But obviously don't keep half a million in bitcoin in an online computer.
Assume whatever you connect to the Internet will be compromised and act based on that assumption.

[Wobberdk]

The program will then be distributed via the usual method: spam emails. Packaged as a RAR file, the archive will extract all by itself, utilizing WinRAR's scripting language in order to make the malicious program always launch at startup, and execute the files inside it, successfully locking up a victim's computer using a 128-bit AES encryption.

I guess try not to download/open suspicious .rar files from suspicious emails?

still waiting for malware that can spread without you actually downloading/running /clicking on some link/pishing site etc....

spread through router maybe, but those stuff usually works on a security hole...

I've experienced some troubles recently regarding my ISP and the router they provided. It not only had a serious security breach, but the ISP also had their DNS compromised, giving crackers full acces to my router. i've learned and fixed it, but the average user is far from secure from this type of attack.

[Spoetnik]

bored now. you offer no support for victims yet want to rant that people need to offer support to victims.
um.. you missed yourself out of that mindset

victims will never see the "stats" page. victims just want to know how to remove it without payment and without nuclear bombing their data.
your just ranting and telling people to google..

i even suggested to tweek your posts to add more support for victims and reduce the advertisement for script kiddies that can see that its just a few key presses in an admin-panel to create the ransomware.

but no. you continue to rant and rave bt add no substance or take the moral highground that your post might actually tempt script kiddies into searching out how its made to then spam their new creations out. (defeating the purpose of your rants)

so take off your rant-hat. and put on your support-hat.
i have gave you a couple supportive idea's already, but if you dont think you have the time or patients to follow my idea.. then flip that mindset around as if you were the one giving my idea to others to do things.. and then you will see why no one will help you if your not willing to help yourself

so dont rant. but do this

remove the second image that clearly shows how easy it is to make the ransomware, as we both know victims wont see it or be interested because all they care about is getting rid of it..
then take any posts out saying that google is what people should do. and then you search out the working tools that would remove it.

Listen smug bastard.. YOU ARE RANTING *again*

and it's YOUR job to offer support.. i did my part by posting the news.
You wanna be a snotty little prick ?
Try reading the topic title.. it says "[NEWS]"
NOT "[Support]"
And i just finished saying how using Google will be a BILLION times more useful than me patching together info.. from Google
Then posting it here.
THEN the next sentence i posted..

@Franky if YOU want to post removal instructions you are free to do so.
Some AV vendors have a cracked KEY for some variants.
I can't recall which one it is but i seen a story about it last year.
Which is why you should Google it (to get the most up to date info on this changing story)

Which is more helpful than anything you are "RANTING" on here about.

How about just STFU and leave my -NEWS- topic alone.
Spoetnik is not guilty of spreading Ransomware here because he posted a picture..
Did i see you bringing up the issue ?
Of course not.. What are you contributing to Bitcoin ?
Scrypt clones ?

Wanna run your mouth dope head ?
Then every word out of you mouth is 100% applicable to Neowin.net where i quoted and linked to the story.
so.. here is a brand new headline.
[NEWS] Neowin.net Guilty of Helping To Spread Ransomware BY POSTING PICTURES

Franky STFU and take your stupid useless anti-Spoetnik Ranting somewhere else.
I don't need to put up with your bratty smug little cocky crap here.. shut your fucking mouth idiot.

ADD RECAP
I don't have to post instructions on how to fix your computer if infected.
More than likely there is nothing you can do anyway..
*IF* There is it's going to be late breaking News i won't know yet.. security evolves fast.
The best thing i can do is Try and Warn users BEFORE they get hit !
Hence the damn topic snotty douche bag  

[NorrisK]

It is indeed disturbing. What is even more disturbing is the fact that in both cases you present in the OP human error is the cause of getting infected and losing cash. It is indeed time to better educate people about the risks involved and to prevent them from clicking suspiscious links and running proper AV all the time.

It is good that most e-mail gets filtered out, but if it is targeted instead of just spam it is near impossible for the the mail clients spam filter to find it.

What I find most troublesome even are the spread of viruses through ads. They are already massively annoying and even find ways around adblockers sometimes. The ad networks should be held responsible for any virus served through their network.