Another Look Inside Ransomware

This is a post series on cyber crime. For more posts click here or the cybercrime tag below.

Recently this excellent post showed up.

 

Why Friends Don’t Let Friends Run Windows: Cryptolocker Downloader

He actually dismantles the script that enables a typical ransomware to run right through your computer.  What bothers me isn’t how simple the script is, but how there is nothing in the OS to prevent the script from executing. That is in Windows. Which is the OS that 90% of the people who have computers use.  The fact is that even with task manager open, it nay not be obvious that the program that the script will call in is even there running as a resident program, perhaps for months.  once it gets the right permissions, which the OS will happily provide to every software, but not let the user see, then even anti malware software can’t touch it and short of crashing the system the user may not be able to terminate the program.

MS and Apple have been living in a false world where they want to have access to people’s computers and control them.  The problem is that they have also made available to developers the keys to the kingdom and the poor user can’t even lock anybody out of his own machine for fear that MS may not be able to send “security updates” for a system that has been fundamentally insecure from the beginning.

It’s not that the cybercrooks and the rest of the hackers are super smart. The problem is that in order to maintain the business model that MS has been running on since the internet became a thing, MS had to avoid making the users’ machines fundamentally secure. So they haven’t.  Up to now the consequences haven’t been disastrous unless you  are Hillary trying to hide emails.  With the onrush of ransomware, that’s changed.  We and MS are learning the hard way, why making the net secure was  essential.

So how do things go from here?  Well hopefully somebody will come up with a utility that enables file security.  From now on people are going to need to check in the most valuable files into their own vaults and separate them from the day to day running platform. Having backups will not be enough as all too frequently, the backup system fails, or something gets screwed up.  The vault will have to be something that is always there, but only the user will see it and it will have to separate one way or another from the running  platform.  The malware can’t hit stuff it can’t see and keeping things separate will be the only way.

Here’s the wiki on CryptoLocker. Which apparently is out in the world again.  Hopefully the new crop of infectors didn’t change the encryption algorithimn.

 

https://en.wikipedia.org/wiki/CryptoLocker

The week in ransomware.

http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-30-2016-princess-locker-locky-switching-to-odin-decryptors-and-more/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s