Ransomware - encrypting files on windows machines - shady Dateline documentary
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ransomware - encrypting files on windows machines - shady Dateline documentary
Was watching an hour special on malware/ransom ware and it showed how unsuspecting people fall prey by clicking an email or website and then maybe clicking on a popup running on the Win OS. Basically what it showed was a DOS box and it explained that the files were going to be encrypted and warned not to shut off, then it displayed:
Code:
Encrypting "C:\users\user\Documents"
Encrypting "C:\users\user\Desktop"
Encrypting "C:\users\user\Documents"
Encrypting "C:\users\user\Music"
Encrypting "C:\users\user\Pictures"
Encrypting "C:\users\user\Contacts"
All files have been encrypted - do not try to open or copy them as this may lead to permanent deletion... Blah, Blah, blah
Contact 1234-234231--2341@Baby-I-Want-yo-Money.com to discuss terms to unlock your files
It then displays a screen with a timer countdown until your files are permanently locked.
Each "encryption" line appeared about 5 seconds after the previous line and, IMO it looked like it wasn't encrypting an entire folder (speed is one reason) but also it only lists generic folder names and they seemed just not legit IMO. I would think a simple batch script that displays (echos) what I wrote above, so it isn't really doing anything, just printing that it IS encrypting files, to the screen to scare the user.
When the "security specialist" and reporter contacted the hacker and paid for unlocking, it did the exact same thing as the encryption process but it said "decrypting" instead of encrypting. To me, it looked like an echo command of a batch file. It didn't even look like it pulled the real user account names and just used generic "user" unless that is what the reporter uses.
Has anyone come across one of these scams/blackmails? Did anyone see this "expose" on ransomware (I'll try to find the video, I have it somewhere.
What I REALLY found suspicious was the attitude and behaviour of the IT security specialist. It seemed like his job was fear mongering and stating that these hackers are SOOOO advanced that you have a better chance of squeezing a charcoal briquette into a diamond, with your hand, than getting your data back w/o paying b/c they use "industry accepted best practices for security and encrypting systems, yada-yada - and these hackers are years ahead of the security specialist companies.
I really felt that this security exp was one of the hackers or had some way of benefiting from what he was saying. It just reminded me of parents trying to scare 5-10 year olds of something that wasn't true (to make parents life easier)..
Anyone else see any of these expose/exclusive reports on ransom ware or malware?
If you've ever actually been interviewed by a journalist, you appreciate that a sizable percentage of their work is presentation and theater. So... perhaps what you saw was an attempted depiction of something for which they didn't actually have a recorded session: dramatic reenactment.
there is also the ones when a call center calls you saying they are from microsoft and your pc is sending us messages for a free diagnostic. please allow me to remote desktop...
(they show the event-viewer with multiple info dialogs that are normally ignored... please give us your credit card number so we can fix).
When the "security specialist" and reporter contacted the hacker and paid for unlocking, it did the exact same thing as the encryption process but it said "decrypting" instead of encrypting. To me, it looked like an echo command of a batch file. It didn't even look like it pulled the real user account names and just used generic "user" unless that is what the reporter uses.
Ridiculous. Here's what I don't get. While they don't value the data enough to back it up, they value it enough to pay for it once lost.
This isn't something magical, the user broken into has their files encrypted and otherwise deleted. If backups are actually made out of that users permission, restoring is very easy.
Even without backups, it still doesn't seem the system was compromised. Just that user. Which is a very important distinction.
bottom line, the threat is real, but it pays to do some web searching before paying anything (the bitdefender article looks good).
magento is some sort of cms.
personally, i never ever had any problem. running my own linux server now, and linux on various machines for years... it always seems to me that common sense (think before you type/install/click) is the best defence. and the power of the community. before i install an obscure app, i look at its github page, what others commented, how the devs reacted, and so on, that usually gives me a reliable picture and a basis for a decision.
what do you think?
Ridiculous. Here's what I don't get. While they don't value the data enough to back it up, they value it enough to pay for it once lost.
This isn't something magical, the user broken into has their files encrypted and otherwise deleted. If backups are actually made out of that users permission, restoring is very easy. Even without backups, it still doesn't seem the system was compromised. Just that user. Which is a very important distinction.
This is exactly what I thought was going on. Some unsuspecting user sees this stuff on the screen that "looks" real, they are afraid to do anything so they call and pay at which point, the next part of the program displays "decrypting blah blah blah.."
While they don't value the data enough to back it up, they value it enough to pay for it once lost.
think about selfmade photos and videos.
that is by far the most valuable (*) thing most people store on their machines. they also take large amounts of disk space, and having an external backup disk of equal size is not always an option, financially.
(*) i mean, most likely to pay up because they want it back.
Quote:
Originally Posted by cilbuper
Some unsuspecting user sees this stuff on the screen that "looks" real, they are afraid to do anything so they call and pay at which point, the next part of the program displays "decrypting blah blah blah.."
i guess more than 50% of all windows users hit a wall when they can't open a file because it has a different extension (but is otherwise the same file), so that sort of scenario sounds like "worth a try" for a hacker?
They put it on the news because they want to backdoor all encryption.
In reality, if you backup your data, keep your system up-to-date, disable vulnerable plug-ins, and don't click random e-mail attachments, you should be fine.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.