TNS213234 Posted October 28, 2015 Share Posted October 28, 2015 Over the last few years ransomware has become a prominent way for hackers to extort money from victims. Ransomware such as Cryptolocker encrypts a victims computer and demands a payment to decrypt the files. What's surprising is how the FBI deals with victims of ransomware attacks. Last week at the Cyber Security Summit 2015 event, Joseph Bonavolonta, the Assistant Special Agent in charge of the FBI's CYBER and Counterintelligence Program at the FBI's Boston office revealed that the FBI can't really do a lot about the problem.Ransomware programs such as Cryptolocker and Cryptowall appear to have gotten the better of the FBI, "To be honest, we often advise people just to pay the ransom." revealed Bonavolonta "The ransomware is that good".In June this year, the FBI issued a Public Service Announcement (PSA) which echoed Bonavolonta's message regarding ransomware. "These financial fraud schemes target both individuals and businesses, are usually very successful, and have a significant impact on victims."The announcement by the FBI also stated that 992 CryptoWall-related complaints were received between April 2014 and June 2015 with losses to victims totaling $18,000,000. Aside from suggesting the usual tips of using anti-virus software, enabling popup blockers and backing up data the only other help the FBI could give was to contact your local FBI field office, turns out now that they can't do much either.Source : http://www.neowin.net/news/fbi-gives-shocking-advice-to-ransomware-victims Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted October 28, 2015 Share Posted October 28, 2015 FBI, "To be honest, we often advise people just to pay the ransom." revealed Bonavolonta "The ransomware is that good".mad never do this Link to comment Share on other sites More sharing options...
masterupc Posted October 28, 2015 Share Posted October 28, 2015 that's a good joke! with all the resources they have available (for spying us), can't they break through a program?What a lazy advise! Link to comment Share on other sites More sharing options...
HX1 Posted October 28, 2015 Share Posted October 28, 2015 They found a way to fix this.. You have to use a boot disk.. like Hirens 10.. then you go in and remove entries from within the MBR.. or MFT.... and it is gone..Unless this has changed in some way.. correct me if I am wrong. Link to comment Share on other sites More sharing options...
straycat19 Posted October 28, 2015 Share Posted October 28, 2015 They found a way to fix this.. You have to use a boot disk.. like Hirens 10.. then you go in and remove entries from within the MBR.. or MFT.... and it is gone..Unless this has changed in some way.. correct me if I am wrong.OK, you're wrong. Each file designated by the ransomware is encrypted, for example, all docx files, and they will not open. Changing a bit or two in the MBR/MFT has nothing to do with file encryption. Though some of the ransomware took a shortcut and actually put the decrypt key in a hidden directory and thus we were able to unencrypt those files, I have seen system where all the files on an individuals PC and all the files in network folders that the user had access to was also encrypted. Fortunately we had a nightly backup of the server we could use to restore so there was no loss involved, just a lot of embarrassment on the employees part. Link to comment Share on other sites More sharing options...
smallhagrid Posted October 29, 2015 Share Posted October 29, 2015 The only way to avoid these sorts of things is NOT to get them to begin with.Trouble is - there are too many innocently ignorant (as in 'know no better'...) people who don't even know the difference between browser, word processor and email apps.These same poor shmoos think that their computer IS mikr0$oft or 'apple';And:Whenever they see a brand name they recognize, they'll do whatever stupid thing that email or pop-up or whatever tells them to do.Bingo.Data loss...ransomware...whatever.I don't think that computer users need to be tested & licensed like car drivers because that (obviously) does not help.Frankly I have no clue what may help against such ignorance because most folks seem to resist learning.All that comes to mind is to turn off the TV - maybe stuff like that will help the poor dears regain a few IQ points ?!?Otherwise=>Yep - pay the ransom, I guess. Link to comment Share on other sites More sharing options...
shamu726 Posted October 29, 2015 Share Posted October 29, 2015 They found a way to fix this.. You have to use a boot disk.. like Hirens 10.. then you go in and remove entries from within the MBR.. or MFT.... and it is gone..Unless this has changed in some way.. correct me if I am wrong.If it was something that can be fixed that easily, ppl wouldn't have so much trouble with it and the FBI certainly would not advise paying up. Link to comment Share on other sites More sharing options...
HX1 Posted October 29, 2015 Share Posted October 29, 2015 Well the information I am talking about is back when ransomware was first making its debut.. It was documented as a fix in two places online... The worst of it is how many people actually lost their systems and files to this before they realized the files were not even encrypted or locked... The loading was stopped and a message was given lead them to pay for a code to unlock their systems..This type of ransomware was the one which would give you a notification when you tried to boot... and yes it absolutely did come down to removing 2 - 4 lines in the MFT... I did state that was old above ( or used to be )...The one you seem to be describing is open during system operation. So maybe they have advanced it, actually doing this... were as before it did not...The FBI would rather you provide a trail for them to follow rather than actually track down on these people doing it...My feeling is that this statement to people to pay up... is like saying that we negotiate with terrorists... That statement should not have been made.. For every one of these that they create there is a solution.. Rest be assured.. there is or will be... Link to comment Share on other sites More sharing options...
jtmulc Posted October 29, 2015 Share Posted October 29, 2015 that's a good joke! with all the resources they have available (for spying us), can't they break through a program?What a lazy advise!That's just it. If they (in conjunction with the NSA) actually used the encryption breaking resources at their disposal for something like this, it risks exposing what resources and methods they have available with no benefit to them. As I recall, the FBI went to great lengths to not show in court exactly what they did to uncover the Silk Road. If what they can do is shrouded in mystery, it becomes a lot harder to prepare yourself against them. Link to comment Share on other sites More sharing options...
HX1 Posted October 29, 2015 Share Posted October 29, 2015 Shhh.. Thermite.... decrypt that #$%^.. LOL :) j/k...Yeah, then they just hold you indefinitely in some undisclosed location.. :P While their huge quantum processors unravel the data..I dunno but I am glad I don't have anything they want or mixed up in anything they are after.. or anyone for that matter..Unless I had an honest product that people wanted that badly.. and it was making me money... Then that would not be so bad.. ( scary though ) ..especially in this economic state.. Link to comment Share on other sites More sharing options...
kasper Posted October 29, 2015 Share Posted October 29, 2015 do not pay anything you do not receive any decryption code when this ransomware arrived on the scene they send decryption but now no I am Hardware and Software technician sometimes I malware removal in notebooks and PC technician in Anti- Virus company sometimes find decryption code Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.