CryptoLocker Ransomware and How to Protect Yourself ...
CryptoLocker Ransomware and How to Protect Yourself ...
Ransomware: So entfernen Sie Verschlüsselungs-Trojaner
CryptoLocker's crimewave: A trail of millions in laundered ...
Ransom In Bitcoin CryptoCoins Info Club
Bitcoin as ransom, WannaRen ransomware hits twice ...
How to pay Bitcoin Ransom?(cryptolocker)
Hi, We are a company that has been hit by cryptovirus on a very crucial systemcomputer. We have involved IT security firms but they cant remove the cryptolock. Now we have taken the decision to pay them and in wondering which way is the best? I was thinking of making a Coinbase account and buy bitcoins and then pay them from the Coinbase account! Is that good solution?
Even police departments are complying with CryptoLocker's ransom demands. Police chief: “Paying the Bitcoin ransom was the last resort”
This is an automatic summary, original reduced by 50%.
A small town police department just outside of Boston finally agreed to pay a $500 ransom to regain access to a police server that it had been locked out of after being infected with CryptoLocker ransomware. The Tewksbury Police Department chief told its local newspaper, the Tewksbury Town Crier that those who infected the computers in early December 2014 were "Terrorists." "Paying the bitcoin ransom was the last resort." A suburban Chicago police department also agreed to pay a $500 ransom in February 2015, as did a Tennessee sheriff's office. It turned to the FBI, Homeland Security, and the Massachusetts State Police, "As well as private firms in an effort to restore their data without paying the ransom." In 2013, Swansea Police Department, which sits south of Boston, paid a similar $750 ransom, just a month after Ars first reported on the phenomenon.
Putting $400M of Bitcoin on your company balance sheet
Also posted on my blog as usual. Read it there if you can, there are footnotes and inlined plots. A couple of months ago, MicroStrategy (MSTR) had a spare $400M of cash which it decided to shift to Bitcoin (BTC). Today we'll discuss in excrutiating detail why this is not a good idea. When a company has a pile of spare money it doesn't know what to do with, it'll normally do buybacks or start paying dividends. That gives the money back to the shareholders, and from an economic perspective the money can get better invested in other more promising companies. If you have a huge pile of of cash, you probably should be doing other things than leave it in a bank account to gather dust. However, this statement from MicroStrategy CEO Michael Saylor exists to make it clear he's buying into BTC for all the wrong reasons:
“This is not a speculation, nor is it a hedge. This was a deliberate corporate strategy to adopt a bitcoin standard.”
Let's unpack it and jump into the economics Bitcoin:
Is Bitcoin money?
No. Or rather BTC doesn't act as money and there's no serious future path for BTC to become a form of money. Let's go back to basics. There are 3 main economic problems money solves: 1. Medium of Exchange. Before money we had to barter, which led to the double coincidence of wants problem. When everyone accepts the same money you can buy something from someone even if they don't like the stuff you own. As a medium of exchange, BTC is not good. There are significant transaction fees and transaction waiting times built-in to BTC and these worsen the more popular BTC get. You can test BTC's usefulness as a medium of exchange for yourself right now: try to order a pizza or to buy a random item with BTC. How many additional hurdles do you have to go through? How many fewer options do you have than if you used a regular currency? How much overhead (time, fees) is there? 2. Unit of Account. A unit of account is what you compare the value of objects against. We denominate BTC in terms of how many USD they're worth, so BTC is a unit of account presently. We can say it's because of lack of adoption, but really it's also because the market value of BTC is so volatile. If I buy a $1000 table today or in 2017, it's roughly a $1000 table. We can't say that a 0.4BTC table was a 0.4BTC table in 2017. We'll expand on this in the next point: 3. Store of Value. When you create economic value, you don't want to be forced to use up the value you created right away. For instance, if I fix your washing machine and you pay me in avocados, I'd be annoyed. I'd have to consume my payment before it becomes brown, squishy and disgusting. Avocado fruit is not good money because avocadoes loses value very fast. On the other hand, well-run currencies like the USD, GBP, CAD, EUR, etc. all lose their value at a low and most importantly fairly predictible rate. Let's look at the chart of the USD against BTC While the dollar loses value at a predictible rate, BTC is all over the place, which is bad. One important use money is to write loan contracts. Loans are great. They let people spend now against their future potential earnings, so they can buy houses or start businesses without first saving up for a decade. Loans are good for the economy. If you want to sign something that says "I owe you this much for that much time" then you need to be able to roughly predict the value of the debt in at the point in time where it's due. Otherwise you'll have a hard time pricing the risk of the loan effectively. This means that you need to charge higher interests. The risk of making a loan in BTC needs to be priced into the interest of a BTC-denominated loan, which means much higher interest rates. High interests on loans are bad, because buying houses and starting businesses are good things.
BTC has a fixed supply, so these problems are built in
Some people think that going back to a standard where our money was denominated by a stock of gold (the Gold Standard) would solve economic problems. This is nonsense. Having control over supply of your currency is a good thing, as long as it's well run. See here Remember that what is desirable is low variance in the value, not the value itself. When there are wild fluctuations in value, it's hard for money to do its job well. Since the 1970s, the USD has been a fiat money with no intrinsic value. This means we control the supply of money. Let's look at a classic poorly drawn econ101 graph The market price for USD is where supply meets demand. The problem with a currency based on an item whose supply is fixed is that the price will necessarily fluctuate in response to changes in demand. Imagine, if you will, that a pandemic strikes and that the demand for currency takes a sharp drop. The US imports less, people don't buy anything anymore, etc. If you can't print money, you get deflation, which is worsens everything. On the other hand, if you can make the money printers go brrrr you can stabilize the price Having your currency be based on a fixed supply isn't just bad because in/deflation is hard to control. It's also a national security risk... The story of the guy who crashed gold prices in North Africa In the 1200s, Mansa Munsa, the emperor of the Mali, was rich and a devout Muslim and wanted everyone to know it. So he embarked on a pilgrimage to make it rain all the way to Mecca. He in fact made it rain so hard he increased the overall supply of gold and unintentionally crashed gold prices in Cairo by 20%, wreaking an economic havoc in North Africa that lasted a decade. This story is fun, the larger point that having your inflation be at the mercy of foreign nations is an undesirable attribute in any currency. The US likes to call some countries currency manipulators, but this problem would be serious under a gold standard.
Currencies are based on trust
Since the USD is based on nothing except the US government's word, how can we trust USD not to be mismanaged? The answer is that you can probably trust the fed until political stooges get put in place. Currently, the US's central bank managing the USD, the Federal Reserve (the Fed for friends & family), has administrative authority. The fed can say "no" to dumb requests from the president. People who have no idea what the fed does like to chant "audit the fed", but the fed is already one of the best audited US federal entities. The transcripts of all their meetings are out in the open. As is their balance sheet, what they plan to do and why. If the US should audit anything it's the Department of Defense which operates without any accounting at all. It's easy to see when a central bank will go rogue: it's when political yes-men are elected to the board. For example, before printing themselves into hyperinflation, the Venezuelan president appointed a sociologist who publicly stated “Inflation does not exist in real life” and instead is a made up capitalist lie. Note what happened mere months after his gaining control over the Venezuelan currency This is a key policy. One paper I really like, Sargent (1984) "The end of 4 big inflations" states:
The essential measures that ended hyperinflation in each of Germany,Austria, Hungary, and Poland were, first, the creation of an independentcentral bank that was legally committed to refuse the government'sdemand or additional unsecured credit and, second, a simultaneousalteration in the fiscal policy regime.
In english: *hyperinflation stops when the central bank can say "no" to the government." The US Fed, like other well good central banks, is run by a bunch of nerds. When it prints money, even as aggressively as it has it does so for good reasons. You can see why they started printing on March 15th as the COVID lockdowns started:
The Federal Reserve is prepared to use its full range of tools to support the flow of credit to households and businesses and thereby promote its maximum employment and price stability goals.
In english: We're going to keep printing and lowering rates until jobs are back and inflation is under control. If we print until the sun is blotted out, we'll print in the shade.
BTC is not gold
Gold is a good asset for doomsday-preppers. If society crashes, gold will still have value. How do we know that? Gold has held value throughout multiple historic catastrophes over thousands of years. It had value before and after the Bronze Age Collapse, the Fall of the Western Roman Empire and Gengis Khan being Gengis Khan. Even if you erased humanity and started over, the new humans would still find gold to be economically valuable. When Europeans d̶i̶s̶c̶o̶v̶e̶r̶e̶d̶ c̶o̶n̶q̶u̶e̶r̶e̶d̶ g̶e̶n̶o̶c̶i̶d̶e̶d̶ went to America, they found gold to be an important item over there too. This is about equivalent to finding humans on Alpha-Centauri and learning that they think gold is a good store of value as well. Some people are puzzled at this: we don't even use gold for much! But it has great properties: First, gold is hard to fake and impossible to manufacture. This makes it good to ascertain payment. Second, gold doesnt react to oxygen, so it doesn't rust or tarnish. So it keeps value over time unlike most other materials. Last, gold is pretty. This might sound frivolous, and you may not like it, but jewelry has actual value to humans. It's no coincidence if you look at a list of the wealthiest families, a large number of them trade in luxury goods. To paraphrase Veblen humans have a profound desire to signal social status, for the same reason peacocks have unwieldy tails. Gold is a great way to achieve that. On the other hand, BTC lacks all these attributes. Its value is largely based on common perception of value. There are a few fundamental drivers of demand:
Means of Exchange: if people seriously start using BTC to buy pizzas, then this creates a real demand for the currency to accomplish the short-term exchanges. As we saw previously, I'm not personally sold on this one and it's currently a negligible fraction of overall demand.
Criminal uses: Probably the largest inbuilt advantage of BTC is that it's anonymous, and so a great way to launder money. Hacker gangs use BTC to demand ransom on cryptolocker type attacks because it's a shared way for an honest company to pay and for the criminals to receive money without going to jail.
Apart from these, it's hard to argue that BTC will retain value throughout some sort of economic catastrophe.
BTC is really risky
One last statement from Michael Saylor I take offense to is this:
“We feel pretty confident that Bitcoin is less risky than holding cash, less risky than holding gold,” MicroStrategy CEO said in an interview
"BTC is less risky than holding cash or gold long term" is nonsense. We saw before that BTC is more volatile on face value, and that as long as the Fed isn't run by spider monkeys stacked in a trench coat, the inflation is likely to be within reasonable bounds. But on top of this, BTC has Abrupt downside risks that normal currencies don't. Let's imagine a few:
A critical software vulnerability is found in the BTC codebase, leading to a possible exploitation.
Xi Jinping decides he's had enough of rich people in China hiding their assets from him and bans BTC.
Some form of bank run takes hold for whatever reason. Because BTC wallets are uninsured, unlike regular banks, this compounds into a Black Tuesday style crash.
Blockchain solutions are fundamentally inefficient
Blockchain was a genius idea. I still marvel at the initial white paper which is a great mix of economics and computer science. That said, blockchain solutions make large tradeoffs in design because they assume almost no trust between parties. This leads to intentionally wasteful designs on a massive scale. The main problem is that all transactions have to be validated by expensive computational operations and double checked by multiple parties. This means waste:
BTC was estimated to use as much electricity as Belgium in 2019. It's hard to trace where the BTC mining comes from, but we can assume it has a huge carbon footprint.
A single transactions is necessarily expensive. A single transaction takes as much electricity as 800,000 VISA transactions, or watching 50,000 hours of youtube videos.
There is a large necessary tax on the transaction, since those checking the transaction extract a few BTC from it to be incentivized to do the work of checking it.
Many design problems can be mitigated by various improvements over BTC, but it remains that a simple database always works better than a blockchain if you can trust the parties to the transaction.
Background: I'm the level 1/2 IT tech + helpdesk for a local government office of ~150 users. All names changed of course. I have a supervisor who used to be in my role, but magically forgot everything upon promotion. For most things that I just don't have time for, we have an external company that we use. This includes our backups... (foreshadowing?) 11.22am Anyway, it all started on a lazy Friday of a 4 day week. An unsuspecting user (May) opened a "resume" (CV) email containing a 'resume.zip', with a 'resume.js' inside. Upon clicking the resume.js file, the user gets confused by the error and no document popping up on their screen. So to make sure it was only just herself that was having the issue, she sent it to two other people (Jane and Kate) to see if they had any luck. Unfortunately for me, this day I happened to be in a training session. 3:29pm I finally get back to my desk, brain near exhaustion, and see a help request about a file that someone (Bill) is unable to open. They've attached the file directly to the job, so I just have a check and see if I have the same issue. Same issue for myself, but without knowing the origin (could have been sent from contractors judging by the name) I didn't think too much of it immediately. 3:54pm That was until I get another email came in... "Hi IT, just looked in my $Folder on the network share and found some strange files. "Decrypt_Help.txt"" Internally "Fuuuuuuuuuuck" Externally I'm frantically opening the file server, checking the details of the file to see which user created it. Discovered it had come from $May. 30 seconds later I'd opened the directory and was on the phone to $May
in a very calm voice "Umm, hi $May, could you please close anything you have open and log off your machine right now" $May: "Sure, I've been having some weird issues today. Anyway, logging out now" Me: click
3:57 Logged into vSphere and shutting down the user's PC. At this point I turn to my boss who sits behind me and inform her
"So, umm, it looks like we might have an infection on the network. I've got the user's PC shut down, and am looking at the resources on the file server. It looks like we've stopped it from spreading, but we've already got at least 200GB of our files corrupted" $Boss O_0 Me: "I'm getting on the phone to $IT_Support_Company now so that they can start to restore the backup. It looks like it started before 12, so we can't just used the Windows Shadow Copy. You'll probably want to send an email out to staff to let them know they've lost anything they've created today and stored on $Network_Drive" $Boss: "Errr.... good...."
Me: "Hi, this is $Warlord_Shadow from $office, who in your office would be the best person to talk to about a crypto infection?" $Support: "Hmm, not really sure... hmm, I guess $Nick might know somethi-" Me: "If you think $Nick is best, please put me through to him now. Please." $Support: "Please hold while I transfer you"
4:30 After explaining the situation to $Nick and $boss's email telling people that the $Network_Drive would be inaccessible for the remainder of the day, we'd kicked off restoring the folders that had been infected (God I love file-level restore backups that happen nightly...) 9pm I get an email that the backups were restored and the normal nightly/weekend backups were on schedule. Done and dusted. This is a story about making sure your backups are in order. We had around 200GB of files completely restored after only 5 hours of us first noticing. Thank god that we do our quarterly backup checks. Monday morning I get to work and explain Friday's events to our young finance guy (quite tech savvy). He's heard about them before and knows the normal payout is ~$500USD. Once I finish, he just stares at me and says:
"Next time just pay them. Do you know how much our support company costs"
Hey everyone, I work in a small web development/technical support company. There's 5 of us, me and another on web development, 2 on tech support and then our manager so this story isn't directly mine but it was from our tech support side. Recently, we've been getting emails containing ransomware. It's the usual "Upgrade your RAM for free today, download the attachment and setup your fast new PC". Of course all of us here have a laugh about it and get back to work after a while. Our manager had been researching the virus and found out it was targeting companies specifically. Since we have clients that are companies, he thought it would save us some heartache to warn our clients about it. We all agreed. So I come back in the next day at around 8:45, we don't officially start until 9. I settle in, have a chat and get ready to work on a website. The clock hits 9 and the phone rings, it automatically gets forwarded to tech support so they answer. After a minute or so, the phone has rang more than 5 times and since there's only 5 of us, no one could answer as we're already all on call. We were all being called by the same company, one of our clients. Apparently, they had recently hired a junior for data entry or something like that. Anyway, he'd opened up the support email and downloaded the virus. It then found it's way onto their entire network and all their database files were encrypted. Yep. And I'm talking forms, legal documents, client information, the whole shabang. One of our tech guys decided he'd go out and have a look. He comes back at 4, an hour before we finish. He looks exhausted, crippled from the ineptitude he'd endured the entire day. He said the virus was asking for payment for the cure which would unlock the files. Except.. it had to be in bitcoins. Granted it wasn't much, only 0.3 bitcoins, fuck they were hard to find. We couldn't find a site where you could buy fractions of them, we've never had to. So we call back telling the manager of the virus company her options. She says "Let's just delete all the files". Our jaws dropped. Not sure how bad it was over there but I imagine our tech guy felt like this.
However, it is awkward that even if a ransom is paid, users cannot recover damaged files, and WannaCry is notorious for this. And this is not the first time Bitcoin has been used by hackers. CryptoLocker, which appeared in 2013, is the initiator of Bitcoin ransomware. CryptoLocker will masquerade as a legitimate email attachment or .exe format ... Worst virus ever locks your files, demands Bitcoin ransom Other ransom viruses are just a bluff. CryptoLocker is for real. Mar 2, 2020, 1:31 pm* Crime . Aaron Sankin. How much would you pay to ... CryptoLocker malware demands bitcoin ransom A piece of malware is currently terrorising computer users by encrypting their data and charging a ransom – in fiat currency or bitcoins – to ... CryptoLocker's ransom amount has varied since its debut in September, but currently sits at $300 (USD) and 300 Euro - the ransom price is typically listed in cash currency, and Bitcoin. Cryptolocker Source Code Download Bitcoin . Cryptolocker Source Code Download . May 7, 2018 DTN Staff. twitter. pinterest. google plus. facebook. Github - Ytisf/thezoo: A Repository Of Live Malwares For Your Own Joy And Pleasure ...
How to buy a bitcoin and pay for Crypto Locker virus ransom ware
UK VICTIMS ----- MET Police is asking anyone affected by this to call 0300 123 2040 (Action Fraud). Trasactions between buyers and sellers are le... Remove CryptoLocker Ransomware and Restore Encrypted files. Cryptolocker (also known as "Trojan/Ransom-ACP", "Trojan.Ransomcrypt.F") is a Ransomware. After i... This video, by Sourcefire Chief Scientist Zulfikar Ramzan, describes the mechanics of cryptolocker and explains how it uses public-key cryptography to hold a victim's data at ransom. The private ... DO NOT DO THIS ON YOUR PC! This is running inside a virtual machine, Ransom Ware variant BART infects the PC less then few seconds and demands a 1 Bitcoin Ra... O Ramsonware é um Vírus/Malware que bloqueia e sequestra seus arquivos usando criptografia em troca de resgate! Se inscreva aqui no Canal http://bit.ly/jeffe...