On Ransomware

“They can beg and they can plead
But they can’t see the light
Coz the boy with the cold hard cash
Is always Mr. Right”

Material Girl, Madonna

I was planning to write about Ransomware for a long long time but I don’t know where to start. Will I start with the email that my childhood friend sent me in 2015 (frantically pleading “Halpppp me, I got this HELP_YOUR_FILE Virus and I’m doomed)? Or when ransomware first pique my interest (shout out goes out to Bundespolizei police ransomware c. 2012)? When?  What to share? Help!!!

But of course I’m good at procrastination, so as of February 2017 still zero post on ransomware 🙂 . But let’s end that because I promised that I will do more articles this year on all my blogs and I want to start it right. This is also in support of my all my infosec post belong to AVSecurityProductManager Blog, so here we go. For starters I’m sharing this Youtube video

Sorry I’m really a sucker for digital-DIY kitties. OK maybe just the bad kind of DIY kits (blame it on Vicodines of the macro poppy kit fame, sorry I’m old school virus dude mon!). Honestly I’m torn between sharing and suppressing this ransomware video advertisement in youtube. But sadly, this is a good demo to show how easy it will be creating/modding a ransomware (even dummies can do it huh). Not sure on how long this one will be up in youtube though.

I know Stampado/Philadelphia is kinda old (I think it may be active around September 2016). Maybe a decryptor is out already. But given the dynamics and motivations for ransomware (cold hard cash + someone is still paying the ransom) is here to stay, I guess this Ransomware problem will not go away easily.

Ruining Madonna’s lyrics

They can beg and they can plead
But they can’t decrypt it right
So the boys with the cold hard cash
Will buy bitcoins right???

(Please don’t kill me if my lyrics mod skills sux)

Lastly, I support NO More Ransom!!! Visit No More Ransom for more solutions and insights.

I will do a part 2 on ransomware soon…

Video credits to Youtube. Thanks goes out to Brian Krebs for his post on this topic.