Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Other Choice: Paying the Ransom


  • Please log in to reply
5 replies to this topic

#1 ShinyViper

ShinyViper

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 17 April 2016 - 09:33 PM

OK, it's the worst possible case. You (or your client) have no backups, no decryption options, and you (or your client) have decided to pay up.

There's no guarantee you'll get the files back.

You're funding malware creators.

It's costly.

But at the same time, you (or your client) just want the files back. Pay up and get them, or don't and lose them forever. Time is money and the ransom is a pittance compared to lost productivity. It's a business deal: fine, you got me, here's my tithe or tax, now leave me alone. Same as paying a fine for a violation -- sometimes you get away with it, sometimes you get caught, but either way you exchange some money and move on.

--------======---------

Most/all of the ransomware out there requires Bitcoin.

This weekend I've started dipping my toe in the Bitcoin world and opening an account with a Bitcoin exchange. I've not yet funded it but have started to learn a bit about how the cryptocurrency works and how to go about paying a ransom if needed.

I have a current case with a client's PC that was hit by a ransomware variant that currently has no known decryption options, no backups, and as a businessperson, is just looking to minimize the loss of data and money. So they authorized me to pay the ransom as soon as possible (reimbursed by the client, but I'd do all the legwork).

What's a good place to start, and what are tips/tricks/pitfalls of using Bitcoin that experienced users know, but newbies in a time-sensitive bind are clueless about?

What are the most secure ways to obtain Bitcoin?

What risks are you exposing yourself or your client to by using a Bitcoin exchange?

Are there Bitcoin Exchanges that should be avoided?

Are there methods of purchasing Bitcoin that should be avoided?

What resources are available to users who are just wanting to get the files back, and not become walking encyclopedias on cryptocurrency?

Edited by ShinyViper, 17 April 2016 - 09:36 PM.


BC AdBot (Login to Remove)

 


#2 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:03:12 AM

Posted 17 April 2016 - 10:17 PM

What are the most secure ways to obtain Bitcoin?

https://localbitcoins.com/ is usually secure enough, as long as you choose a reliable seller. It's like the ebay of bitcoin.


What risks are you exposing yourself or your client to by using a Bitcoin exchange?

This needs clarification. Bitcoin exchanges have the same risks as any other site, but you seem to be talking about more than that...
 

Are there Bitcoin Exchanges that should be avoided?

There are always sites to be avoided, no matter what topic or service you are seeking. To be more speciffic, bitcoin transactions are irreversible, so you run just as much a risk of being screwed as you do dealing with hard cash.
 

Are there methods of purchasing Bitcoin that should be avoided?

As is above, there are always ways to be avoided. I would avoid any seller without a major company backing them that promises an unlimited availability of bitcoins, or any sellers with a bad reputation (google is your friend here). Some areas also have bitcoin ATMs. I would avoid these for the same reasons I avoid standard ATMs (card swipers and pinpad overlays.
 

What resources are available to users who are just wanting to get the files back, and not become walking encyclopedias on cryptocurrency?

One of my favorites: https://blockchain.info/wallet/bitcoin-faq
It's also worth noting that the ransom note of most ransomware contains the info you need - the hackers want to get paid, after all!

Finally, make sure that the ransomware you have doesn't already have a free decryptor. A lot of ransomware has massive flaws that have been found that allow victims to freely decrypt files.

EDIT: Check out the tool inhttp://www.bleepingcomputer.com/forums/t/608858/id-ransomware-identify-what-ransomware-encrypted-your-files/, as it will detect most RW infections and tell you if they can be freely decrypted.

Edited by ScathEnfys, 17 April 2016 - 10:20 PM.

Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#3 ShinyViper

ShinyViper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 18 April 2016 - 05:38 AM

What risks are you exposing yourself or your client to by using a Bitcoin exchange?

This needs clarification. Bitcoin exchanges have the same risks as any other site, but you seem to be talking about more than that...


Thanks for the replies. In response to this, the Bitcoin exchanges I've been looking into require a great deal of personal verification and (for credit card transactions) card verification. Including SSN, a recent utility bill, and actual photographs of yourself holding your ID/Drivers License and the credit card are often needed. These seem excessive, as no other credit card transactions on the internet require them, and they add time and hassle to obtaining Bitcoin when all someone wants to do is just pay a ransom and be done with it.

Edited by ShinyViper, 18 April 2016 - 05:38 AM.


#4 purat111

purat111

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 18 April 2016 - 06:15 AM

 

 

 

What risks are you exposing yourself or your client to by using a Bitcoin exchange?

This needs clarification. Bitcoin exchanges have the same risks as any other site, but you seem to be talking about more than that...

 

 


Thanks for the replies. In response to this, the Bitcoin exchanges I've been looking into require a great deal of personal verification and (for credit card transactions) card verification. Including SSN, a recent utility bill, and actual photographs of yourself holding your ID/Drivers License and the credit card are often needed. These seem excessive, as no other credit card transactions on the internet require them, and they add time and hassle to obtaining Bitcoin when all someone wants to do is just pay a ransom and be done with it.

 

I've had a look at a few exchanges and all of them require this. I believe it's because they are legally registered as financial institutions and the authorities need proof of identity etc - similar to setting up a bank account. The criminals like Bitcoin because it is anonymous - so it's a bit counter intuitive that we need to prove our identities! Although if you do need your files back just try and power through the bureaucracy.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:12 AM

Posted 18 April 2016 - 06:42 AM

As I have stated in various topics...most security experts will advise against paying the ransom demands of the malware writers because doing so only helps to finance their criminal enterprise and keep them in business. The more people pay the ransom, the more the attackers are encouraged to keep creating ransomware for financial gain. Further, there is no guarantee that paying the ransom will actually result in the restoration (decryption) of your files. And since ransomware can be responsible for dual infections that means paying both ransoms in order to decrypt data. Decreasing your chances for recovering data with dual infections is that files may get encrypted multiple times, especially if the victim had tried to fix the files by renaming them first while the malware was still active...resulting in further problems and complicating possible decryption.Grinler, (aka Lawrence Abrams), the site owner of Bleeping Computer has said this...

...Though the loss of your data and computer can be devastating, sending the ransom could be even more so. Depending on how the criminals want you to pay the ransom could put you at risk for Identity Theft as the information you send may contain personal information. Therefore, we suggest that you never pay a ransom unless it is absolutely necessary for data recovery...Last, but not least, it is important to remember that paying the ransom only continues to fuel the release of new variants of these types of programs.

Since many victims know there is no guarantee with paying the ransom, some ransomware developers and Hackers are now offering customer support and live Support Chat to help with decryption. Then the question becomes....should I trust that support?

With that said...We understand some folks may feel they have no other alternative but to take a chance and pay the ransom in hopes of recovering irreplaceable photos and other personal or important data. That is a choice and a decision each affected victim will have to make for themselves. We will not make any judgments for doing so.

As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups. These types of infections typically will delete all Shadow Volume Copies so that you cannot restore your files via System Restore, native Windows Previous Versions or using a program like Shadow Explorer...but it never hurts to try in case the infection did not do what it was supposed to do. It is not uncommon for ransomware infections to sometimes fail to properly delete Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work.

If that is not a viable option and if there is no fix tool, the only other alternative is to save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution so save the encrypted data and wait until that time.

Grinler, (aka Lawrence Abrams), the site owner of Bleeping Computer has said this...

If you are affected by ransomware and do not plan on paying the ransom, the best bet it to immediately image the drive before doing anything else. Then in the future if there is a way to decrypt the files you have everything you may need to do so.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 vilhavekktesla

vilhavekktesla

  • Members
  • 918 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:12 AM

Posted 10 May 2016 - 12:12 AM

Hi, shiny, I add to all above, you seem to be quite informed.

 

send me a pm, and we can discuss some. You may post back her on the forum, If you find any interesting info in what I say,

and I add less clutter to this topic for now.

 

You have had many answers already and they are quite accurate

 

Regards


The signature points to post one in each topic. Post one is very important to read.

Now Teslacrypt may be decrypted with Blooddolly's Tesladecoder version 1.0.1b or newer (if needed)

The master key is released so there is no need to pay to get the key.

About 200 550 different ransomwares exist so think safe backups at all time.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users