This is one reason why I tell people to have both offsite backups (in case of fire, theft, etc.) and <i>offline</i> backups. There are a lot of us that are just one SSH worm away from having all of our files destroyed.<p>I've been thinking about ways to create an offline-equivalent backup, so that it can be automated. One way would be to have a computer that is only connected via serial cable, which only accepts new files to be backed up. (No ability to delete via the serial cable.)
Ransomware crypto fail:<p><pre><code> The number has 128 digits, which could indicate a (big)
mistake from the malware author, who wanted to generate
a 128 bytes key.
Finally, we simply deal with RSA-464 encryption, which
can easily be broken on a standard PC in a matter of hours.</code></pre>
Every article on security ends with:<p>* Update your anti-virus software
* Apply all software updates
* Pick a hard password<p>Rarely do these matter: ransomware, Target, etc., are exploits unrelated to these defenses. Why do we push them so hard? Does anyone feel safer and more righteous from advocating this security theatre?
Malware aside, it's annoying that people still think Bitcoin payments come "from" an address. It's not something you can rely on or expect in Bitcoin, and certainly shouldn't be used to identify payments by a client. A unique address per payment requested is the proper, expected method.
Malware author probably uses a multitude of wallets, but the one shown in that screenshot has received a few actual payments:<p><a href="https://blockchain.info/address/1HKCHx1RFhNHuF3NxLviHdrjNFzJbCTvrC" rel="nofollow">https://blockchain.info/address/1HKCHx1RFhNHuF3NxLviHdrjNFzJ...</a>
>So, things were clear: the cybercriminal wants 0.4 Bitcoin, which made about 260 Euros at the time of infection, but only 89 Euros at the time of writing (Once again this shows how unreliable the Bitcoin money is, but that is something else).<p>Sigh. The author is using the MtGox price. Mtgox is one of the smaller Bitcoin exchanges these days. Due to their legendary incompetence, they got hacked a while back and disabled Bitcoin withdrawals. As a result, their "Bitcoin" trading price fluctuated from 1/2 to 1/6th that of other exchanges. The current market value of Bitcoin on <i>all</i> other exchanges is actually 400+ euros right now.
Is it just me, or a random new aes pwd for each file makes perfect sense? Otherwise once you brute force one file you could decrypt all the other ones.
nb: crashplan will encrypt & back up your stuff locally & remotely (in multiple locations) and keep a version history, which pretty much nips this sort of crap in the bud.<p>(not affiliated with those guys, just a happy user)
> So, things were clear: the cybercriminal wants 0.4 Bitcoin, which made about 260 Euros at the time of infection, but only 89 Euros at the time of writing (Once again this shows how unreliable the Bitcoin money is, but that is something else).<p>Fail.