I saw Cryptolocker in action, and what surprised me about it was how professional it was. For those not familiar, it would come as an attachment in an email, and once run, would encrypt files locally and on any shared drives. Particularly useful against companies, with many unsuspecting users and lots of sensitive stuff to encrypt.
It left behind lots of text files giving you instructions and an address you can access via Tor. When you went to that address, there was a web app to allow you to upload an encrypted file to confirm if it was Cryptolocker. If you pay the ransom, they would send their "decrypter tool" that had the encryption key embedded in it.
The real criminal breakthrough, in my opinion, is that all of these utilities worked. When people are able to do some research and find out that if they pay up, they really will get their stuff back, often times they will pay up. It's certainly very disturbing.
Ditto. I just helped a neighbor with some issues they had on their laptop. He managed to get one of these Crypto viruses (Crowti) and it was a royal pain to try to remove. Luckily he didn't really use nor have many needed personal files on the machine and the criminals allow you to restore one file to show you they can in fact decrypt your files. He only needed one file from the machine, that's the one we restored. After getting the file and pointlessly trying to remove the virus and other junk that got installed I realized I couldn't trust the machine even if I truly thought I removed it completely so I wiped it, repartitioned it and reinstalled everything.
When people are able to do some research and find out that if they pay up, they really will get their stuff back, often times they will pay up.
Everything old is new again. Back in the late 17th/early 18th century, with no police, ransoming stolen possessions back was a fairly common and accepted practice.
Why would you suspect that? Just because criminals more often commit crimes that do not allow for easy A/B testing (or dont offer a worthwhile return on it) does not mean smart criminals wouldn't do such testing. If you want to get technical about it american banks have been doing A/B testing for a long time, and often are just as big of crooks as extortion virus creators.
It left behind lots of text files giving you instructions and an address you can access via Tor. When you went to that address, there was a web app to allow you to upload an encrypted file to confirm if it was Cryptolocker. If you pay the ransom, they would send their "decrypter tool" that had the encryption key embedded in it.
The real criminal breakthrough, in my opinion, is that all of these utilities worked. When people are able to do some research and find out that if they pay up, they really will get their stuff back, often times they will pay up. It's certainly very disturbing.