One of the linked articles notes that, to this point, the bastards aren’t being bastards about it, and do you send you the key once you pay. It makes senses, too, when you think about it. If word got out that paying up made no difference, then no one would pay and there’d be no profit in it for them.
Blame the victim, eh? I see, it’s all their fault. Do you really think it’s all about stupidity? That nothing else might be at play? That everyone has the awareness of the need to, and the ability, money, connections, confidence, etc, to back up adequately? I get it though - it’s just easier to call it stupidity.
I think you and the article are using unjustifiably rosy glasses to look at the world and this virus.
edit: Other articles I read were not willing to vouch for the claim that the hackers did hold up their end and past performance is not an indicator of future behavior. As for the impeccable logic tower of “They have to give up the key or no one would pay,” well, when was the last time you heard of a nigerian prince coming through for someone? There are plenty of people who will pay without a second thought with half the world screaming in their ear that it’s a scam.
Scammers like this don’t expect or need repeat business. It costs next to nothing to set up. They only need a relative handful of successes before they’ve made a tidy profit and can move on to the next scam. If they get your money they don’t need you any more, if they don’t it’s no skin off their noses.
Scam would be over when the word gets out? If that were true there would be no more Nigerian scams.
“Stupidity” is a strong word, but let’s be honest: there have been one of these types of attacks making the news a couple times a month for the last two decades. That’s hundreds of news stories. Every one of those articles says: “install a virus checker, and keep backups.” Computer viruses, particularly in the PC world, are at this point basically a force of nature.
At what point are we allowed to say “being able to protect yourself is a basic requirement of using a computer in this era,” and not be “blaming the victim?” It’s not like we’re asking them to set up a firewall or produce valid subnet routing tables: this is “click a couple of times to install something” and “either pay a service to back stuff up for you (another couple of clicks), or just burn a bloody disk/USB stick with your data once in a while.”
TimeWinder: I appreciate what you’ve said. Whenever something this happens I think of my ex-wife, or her mother, both of whom are perfect examples of computer/internet users who have almost no clue about anything like viruses, back-up, and so forth. I’ve made sure they have stuff like Malwarebytes and Iantivirus installed but beyond that (and general principles of safe browsing), there’s nothing. They are naive but not stupid.
They are even performing tech support to assist with some that had problems decrypting. They have been monitoring message boards and some people have been able to communicate with them that way to resolve issues.
So, I should trust them because they’ve been such nice, upstanding guys? No, wait, they’re not; they’re shaking down people for at least hundreds of bucks a pop. If I judge them by their past performance, then I judge them as evil scamming scum, and so my expectation is that they’re not going to play fair.
There is something darkly humorous about malicious hackers providing better customer support than most legal computer service providers, you must admit, though.
For people who are not living on the internet, bitcoin is something new and different; so the person I heard about with the virus (client of an associate) they were having trouble rounding up $300 in bitcoin.
Stupid? Of course not, neither is driving long distance without a spare tire. Neither is leaving your wallet on the dash of the car. Neither is leaving the house unlocked, or not wearing a lifejacket in the boat. As long as nothing goes wong, heck, you’re OK.
Seriously, a 1TB drive costs less than $100. If your digital life consists of more than your high scores, you should make a backup. Put the device at the other end of your house, or the garage, or safety deposit box, or somewhere where a fire around the PC won’t also ruin the backup.
(When I get home I’ll go unplug my backup drive from the PC, honest).
If you have files on you computer that are important to you and are not aware the hard drives can fail and they can be backed up then yes, you’re too stupid to have a computer.
Even if they make with the keys, “Pay them the money they’re both illegally and immorally extorting from you and they’ll give you your files back,” is a bad fix.
Agreed, but it’s a cheap lesson on the importance of backups. I know two people who paid drive recovery companies to recover their un-backed-up data after the drives failed - one was $3000, the other $1800.
Okay, assume you have cloud backup. And assume that something like CryptoLocker encrypts your files. What stops the backup program from uploading the encrypted files to your backup location? Does it encrypt the file names too, or something, so that they don’t overwrite the original files?
I keep a couple of external had drives. Switch one on and back up files to it then turn it off again.
Next time I use the other drive. For day-to-day stuff a couple of 32Gig thumb drives. Also several different clouds and rotate between five computers, not networked so an attack can never infect more than two machines at any one time.
I have had attempts by these guys but they failed miserably as I use different variants of Linux and just deleted their page. I do have a locked XP machine from a workmate from a similar attack - recovered his files before the damage was too severe and once he has verified that all files are correct the machine will be wiped and Linux installed, his files restored.
I have never tried it but did read some time back about a similar thing, the person affected just re-encrypted the files with a different encryption system that restored the files to their original unencrypted state. Sheer luck but there may be something to try there.