Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

You're infected -- if you want to see your data again, pay us $300 in Bitcoins

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Oct 2013 08:12:22 +0000 (UTC)
http://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/

By Dan Goodin
Ars Technica
Oct 17 2013
Malware that takes computers hostage until users pay a ransom is getting meaner, and thanks to the growing prevalence of Bitcoin and other digital payment systems, it's easier than ever for online crooks to capitalize on these "ransomware" schemes. If this wasn't already abundantly clear, consider the experience of Nic, an Ars reader who fixes PCs for a living and recently helped a client repair the damage inflicted by a particularly nasty title known as CryptoLocker.
It started when an end user in the client's accounting department received an e-mail purporting to come from Intuit. Yes, the attached archived zip file with an executable inside should have been a dead giveaway that this message was malicious and was in no way affiliated with Intuit. But accounting employees are used to receiving e-mails from financial companies. When the receiver clicked on it, he saw a white box flash briefly on his screen but didn't notice anything else out of the ordinary. He then locked his computer and attended several meetings.
Within a few hours, the company's IT department received word of a corrupt file stored on a network drive that was available to multiple employees, including the one who received the malicious e-mail. A quick investigation soon uncovered other corrupted files, most or all of which had been accessed by the accounting employee. By the time CryptoLocker had run its course, hundreds of gigabytes worth of company data was no longer available.
"After reading about the ransomware on reddit earlier this week, we guessed [that it was] what we were dealing with, as all the symptoms seemed to be popping up," Nic, who asked that his last name not be published, wrote in an e-mail to Ars. "We went ahead and killed the local network connection on the machine in question and we were immediately presented with a screenshot letting us know exactly what we were dealing with." 

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: