Tuesday, 29 October 2013

New ransomware in Malaysia-Singapore... Anti-Child Porn Abuse Protection 2.0

A new cyber threat called "ransomware" has hit Australian shores and is capable of fleecing millions of dollars from victims.

Cyber criminals use ransomware to take computer files belonging to individuals or businesses hostage and then demand a hefty payout for codes to unlock the files.
Earlier this month, financial data for Brenton Deane's NSW bus company was taken hostage by a surprisingly friendly hacker who told him he must transfer thousands of dollars to criminal syndicates abroad to retrieve it.
The hacker originally claimed to be "anti-child porn spam protection" and threatened to report Mr Deane to the FBI if he didn't pay a penalty.
"It was surreal," Mr Deane told Nine News.
"We were absolutely, totally disabled. Just couldn't do anything."
A typical "ransomware" message.
Haz clic para visitar la entrada original
A typical "ransomware" message.
After receiving no help from police, Mr Deane turned to local IT expert Denis Pecnik, who negotiated with the polite hacker who identified himself as "Jack Williams".
"He informed us that he didn't want copies of the files, that he didn't want to delete the files, he was simply doing a business transaction," Mr Pecnik from Ox Data Tech said.
Five days later, Mr Deane and Mr Pecnik decided to send a $3000 ransom to China and in return "Jack Williams" promptly emailed them the unlock codes for the server.
Symantec, which monitors nine million threats to Australian computers every day, estimates organised criminals are using ransomware to extort more than $5m a year.
But Sean Kopelke from Symantec said paying the hackers was extremely risky.
"You don't know who you're dealing with, you're transferring money overseas and you don't know if they're going to send you the unlock," Mr Kopelke said.
AusCERT information security analyst Marco Ostini said ransomware infections were widespread and the number of incidents was increasing rapidly.
"The cost of damage to small businesses that don't have dedicated IT staff and hire them on a time and materials basis makes them especially at risk," he said.
"Frequently, they may not devote the time and attention required to secure their systems and thus have sufficient weaknesses for cyber criminals to exploit.
"Once a cyber criminal has compromised the primary server of a small business and installed ransomware, then the road to recovery is a rocky and costly one."
How to protect your computer from ransomware:
1. Make sure your computer has the latest antivirus software and security updates;
2. Use memorable but complex passwords that are at least 12 characters long;
3. Back up all important information on your computer to a hard drive separate to your computer;
4. Restrict administrative privileges on your computer and don't browse the website using a host account with administrative privileges;
5. Disable unnecessary remote access and only allow secure remote connections;
6. Configure the host-based firewalls to block all access and to only allow external access to required services; and
7. Enable application whitelisting.
What to do if your computer is infected with ransomware:
1. Don't interact with cyber criminals;
2. Immediately disconnect the computer from the internet;
3. Tell the police;
4. Ask an IT professional to use a parallel live operating system to recover any essential data, wipe the infected computer clean by formatting and do a fresh install of the operating system and any required applications;
5. The IT professional should then make sure your computer has all security updates and necessary security or configuration changes before restoring all data.
Read some of the emails from friendly hacker "Jack Williams" below:
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 8.32am

Hello You can send me one not important file for decrypt for proof I have your password and I can decrypt this file.
Of course after payment you will be sure I am sending you passwords for decrypt and decrypt tool, you just need copy-paste this passwords and click start. You dont need decrypt each file manually.
To: Jack Williams, ausec222999@gmail.com
Tuesday, November 6, 10.03am

I have also read that some people claim once you send through the password and derypt software and I try and run the software it will immediately start deleting my data files?
How can I be sure this wont occurr??
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 10.13am

Lol where this you read, can i ask you?
What for i need to do this? I want money for passwords, i dont want delete any people information, why I need to do this?
And anyway if i want to do this, why after i got money i just not run off? Or why send passwords and decrypt tool? For just delete ppl files?
This is very illogical dont you think?
I think you understand what i am talking about.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 10.59am

I can give you discount and new price is 3500$
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 11.09am

Minimal price is 3200$. I can accept this only.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 11.48am

Like i said you before minimum is $3200 , i give you discount already for $800 !
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Wednesday, November 7, 6.27pm

Any news?
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Thursday, November 8, 3.46pm

Like i said you before i never trick any people. Yes i am understand maybe i am bad person anyway but i am not just swindler who never send passwords after got money.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Friday, November 9, 1.00pm

Try wm-center, they have Online Chat, you can ask them about all your questions :) There is no registration needed and a bit easy to make new order. just read.
But i think if you do this like you said they cannot pick up money from you.
To:Jack Williams, ausec222999@gmail.com
Saturday, November 10, 10.52am

Yeah I still have to contact them again like I did yesterday to now get the new Street Address for the new name on the account. It took forever yesterday to get the postal address for NAN GAO now I have to try and do it all over again for Weisi Liu and try and get it all done before postal office closes at 12pm EST here!!!!
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 10.55am

Oh ok. Good Luck. 
To:Jack Williams, ausec222999@gmail.com
Saturday, November 10, 11.01am

Sorry jack its a very invloved process to send the money fro australia to western union.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 11.05am

NP we are both waiting. Thanks
To:Jack Williams, ausec222999@gmail.com
Saturday, November 10, 11.43am

Hooray I just reprocessed the orders on Western Union and with Exhere to the new guys name. I spoke with Exhere and they said they will have it processed in 2 hours for me. So all Paid Jack. I hope this is ok.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 12.19pm

I need to go sleep now, i think this is not problem for you if i send you your all info after i am back?.. My eyes going down and i am sleeping on the keyboard wight now..but i love better to sleep in teh bed ofc.. :)
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 12.26pm

All will be ok in the end dont worry about this, i will give you your passwords and decrypt tool.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 12.30pm

I really cant stay more at the PC...when i am back i immediately send to you all info you need for decrypt. See You!
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 7.21pm

Hello. All is ok, DONT PANIC please. I got money from you, gimme 2 min i will send you all info.
Source: Nine News
Author: Alexandra Pleffer, Approving Editor: Nick Pearson

No comments:

Post a Comment