15 November 2013

Cybercrime evolved: Cryptolocker virus gets user-friendly with brilliantly twisted update


People want to spend, goes a popular maxim in sales, all you have to do is remove any barriers that might prevent them from doing so. That principle tends to be applied to the sale of fancy knives or spa subscriptions, but the internet allows us to run all sorts of new social and economic simulations. Interestingly, even when put under all new stresses and exposed to bizarre new incentives, this old principles still seem to hold true. We now know even when people don’t want a product, even when they despise the seller and every step of the sale, customer service remains the key to success.

The Cryptolocker virus is an idea so simple that most people, upon first hearing of it, have to laugh. The audacity of the plan coupled with its sheer obviousness simply has to be admired on some level. After all, not everybody has it in them to concoct and execute a plot to sell people’s own data back to them. That’s what Cryptolocker does it finds your most important and sensitive files and then contacts a remote server to create a 2048-bit key pair to encrypt them beyond all hope of recovery. Then it delivers its ultimatum: pay up or the RSA key gets it.



If you see this screen, scream.


In the early days of the virus, just weeks ago, victims were given three days to cough up roughly $200 via BitCoin or MoneyPak currency transfer. If the virus’ authors did not receive payment within 72 hours, they said, a single line would be deleted from a text file on some hidden foreign server, forever erasing the only string of numbers that could ever bring your affected files back from the dead. At that point, the only thing left to do would be to delete the encrypted data as it was lost forever.

Contrary to the creators’ explicit claims, it is possible to confound the viral counter simply by setting back your system’s internal clock. It’s a temporary solution to be sure, but some users have reported that they have been able to delay transmission of the three-day deadline message by simply tricking the virus into thinking that no time has passed. That only keeps you in the smaller of the two tiers of victim, however, and requires that you keep your system living the same three days repeatedly, like a digital Groundhog Day not exactly an ideal solution.

To a bunch of screen-tanned Eastern European hackers, three days probably seemed like more than enough time to complete a simple money transfer, but it’s proven restrictive for the demographics that mostly contract a virus like this. It turns out that an enormous component of the infected are either senior citizens or employees on corporate networks, they are seldom computer-savvy individuals (and neither group is known for quick decision-making when it comes to technology). Many individual victims simply cannot set up a BitCoin account and transfer the money in time, while bloated corporate bureaucracies can run out the clock before even deciding whether or not to pay.

Every time the viral deadline expires on a victim that might have been willing to pay, these crypto-scammers lose money. A less ambitious crew might have simply extended the deadline by a few days, or written a stepby step BitCoin guide to make sure every user had the smoothest possible digital fleecing experience. These hackers, though, were smart enough to see that easing their deadline would also ease the urgency that made their virus so successful. They needed something that let customers pay while still inducing panic at the earliest stages of the infection. Their eventual solution is among the most cynical and cutthroat moves in the history of cybercrime.


The Cryptolocker Decryption Service will unlock your files! Of course, it locked those files in the first place.


If a victim does not pay up in time, the hackers simply raise the ransom –by a lot. At current BitCoin values, Cryptolocker’s post-deadline victims will have to shell out over $2000 to retrieve access to their files though after the three days have expired they can take time to mull that decision without further penalty. In the more expensive phase of the virus, users must upload any encrypted file from their system and wait up to 24 hours for Cryptolocker’s almost cheerful support team to match you to your key.

The future of cybercrime


This reveals a lie in the original threat, as it’s now clear that all keys are in fact not deleted after the three day time limit. Particularly stubborn members of the infected could thus try to wait this problem out, holding on to the useless, encrypted files and waiting for the criminal server to be someday seized by the authorities. That’s certainly the route the security industry would like to see people take, since any ransom paid is a de-facto encouragement to hackers to write a similar virus again or indeed to re-infect the same companies twice, just as soon as they’ve paid the first time.


Still, holding fast might not be an option for those who are facing the loss of critical payroll documents or irreplaceable family photos. Suddenly the decision has become not whether you want to pay to get your files back, but whether you will act fast enough to get them back for the lowest possible price. Cryptolocker now engages the frugal side of human nature, “Sure, I didn’t want to send hundreds of dollars to Russian cyber-mobsters today, but at least it’s not thousands!”




For those who simply have to pay, the viral infection on their local machines becomes the only line to retrieving the locked data; in some cases, security companies are having customers get intentionally re-infected, after anti-virus software hastily removed it. Once Cryptolocker has sprung its trap, removing the virus accomplishes nothing but erasing the sole means of paying the lower of the two ransom amounts. By the time you realize you’re infected, the damage has been done, deleting the virus amounts to little more than shooting the messenger.

Protecting yourself from Cryptolocker is simple. Regular backups to off-network machines that do not auto-sync will minimize the virus’ potential for damage. The best defense is even simpler: Cryptolocker infects computers via a bogus email attachment disguised as a PDF file, so simple email safety should keep you immune. The days when a system-killer like this could get in through your browser are mostly gone, and at this point you have to actually run the infected executable to get the virus.



Hand of a Thief is another particularly brazen bit of the online criminal underworld.

Cybercrime allows oddly personal connections to spring up in traditionally distant relationships, like Cryptolocker’s forced detente between victim and perp. There seems to be a widely held assumption that the authors of this virus reside somewhere in a formerly Eastern bloc nation, mostly just because their behavior seems typical for that set. Earlier this year, a Russian group released a bank-hacking malware called Hand of Thief and supported it with an almost Adobe-like subscription service; pay a monthly fee and receive regular updates to stay one step ahead of browser developers. The internet has turned dragnet digital theft into a banal, anonymous service complete with faceless sales reps and hidden customer service staffers.

Soft-spoken internet developers are becoming some of the world’s most successful criminals, and when free to act in a comfortably online setting they often carry out their crimes with a matter-of-fact efficiency; they almost seem to view their actions as fair, just a particularly harsh extension of forum trolling. Welcome to the internet, they seem to say, in messages peppered with leet-speak and passive-aggressive smiley faces.

The internet can make even the most outrageous of cyber-heists banal and (seemingly) safe you can literally rob a bank in your underpants, or sit in a local coffee shop while facing down the NSA. You can extort a retired couple while jogging through the woods. With that near-total lack of accountability and such a profound disconnect between criminal and victim, don’t be surprised to see more scams this shameless and brazen.

In the world of online crime, things are poised to get a whole lot worse before they have the slightest chance of getting better.



Next page:Firefox's Lightbeam Brings Web Trackers Out of the Dark

0 comments:

Post a Comment

Get every new post delivered to your Inbox.

 

Copyright © 2015 Tracktec. All rights reserved.

Back to Top