
The No More Ransom Project - kawera
https://www.nomoreransom.org/en/index.html
======
Asdfbla
How common is it that paying the ransom doesn't work? Seems bad for the
business model of ransomware, though I guess competing malware writers don't
necessarily feel compelled to keep the market intact if they can squeeze out a
bit more for themselves without the effort of writing a functional decryption
routine.

~~~
croon
I believe the common rule is that paying works, as per the business reasons
you mention.

The issue is the victims on aggregate would rather not support the viability
of that business. If no one has to pay, the business dies out. Perhaps a pipe
dream, but less money at least means fewer actors in the space.

~~~
LeifCarrotson
This is why the phrase "We do not negotiate terrorists" makes sense as a
general policy to advocate. It's weakened when we ignore it in individual
cases.

~~~
crdoconnor
The good friday agreement was essentially brokered by ignoring it. That seemed
preferable to me to the decades of sustained bombings.

It seems to me that no government can make a fully plausible promise that they
won't yield under pressure and, in any case, terrorism is extremely ill
defined.

~~~
alextheparrot
I believe the phrase is rational for and applied to ransom situations - just
generally pursuing peace with opposing parties is not encapsulated in that
phrase, to my understanding.

~~~
geofft
What distinguishes an opposing party from a terrorist?

(My answer would be, the success of their terrorism. If you are mostly
unsuccessful, nobody needs to negotiate with you.)

------
tgb
I just want to know one thing: is Dropbox a sufficient backup strategy to
prevent this problem? Obviously it's enough to prevent a naive ransomeware.
Can they get around Dropbox's automatic 30 day version history by some means?
They can presumably have total control over my account.

~~~
derekp7
The only protection I would trust, is a separate system makes inbound
connections to my computer to pull a backup. Or push a backup to another
computer, through a login ID that lets me write a backup but not delete /
alter previous ones.

~~~
tgb
Yes, that sounds like what I'd like. But where can I find something like that
accessible to consumers? Are there roll-your-own methods using AWS or similar
that have reasonable costs?

~~~
sekh60
What I do is a little complex, but works fairly well. I store my data in
CephFS, mount that read-only (CephX permission also allow only read access) on
a Linux box with a ZFS array which uses borg to copy from the mount to the
array. The backup box also runs crashplan to back up from the mount.

------
LeonM
The ransom is usually quite small (i.e. <1k), so it might be considered a
'cheap' lesson to learn that you should keep your software up-to-date and
secure your network. (With the exception of 0-days, but you can't blame anyone
falling victim to that)

My point is, the ransomware is just 'prove' that your computer is insecure. If
criminals can encrypt your files, they can also steal it (i.e. upload it
somewhere). So in some sense, the ransomware creators expose vulnerabilities
that would have otherwise gone unnoticed.

~~~
sarreph
I'm not sure if you're trying to say that the ("cheap lesson to learn") should
be paid or not; ≈$1,000 is _a lot_ of money for most people. I think the shock
of having to pay it is enough to have the same effect — those affected can
then hopefully use the decryption tool without having to directly fund
criminals.

~~~
geofft
The target market of ransomware is supposedly businesses, not individual
people—partly because businesses can afford the ransom and have clear
incentives to get their data back reliably.

I guess I have no idea who it targets in practice. Are there lots of
individual home users who fall victim to ransomware?

~~~
yeukhon
Yes. WannaCry is one such.

Randsomware is pretty common to home users in the past, at least. Back then it
was quite easy to convince someone to click on “Warning! Your computer maybe
infected! Try our software” pop-up. Then if your computer gets locked up, the
screen will say “call tech support!”

There was a claim against Kaspersky [1]. I don’t know if it is really true,
but I personally believe that the AV industry does shady things out there, pay
some blackhat to spread virus/malware, so consumers can rely on AV.

[1]: [https://www.reuters.com/article/us-kaspersky-
rivals/exclusiv...](https://www.reuters.com/article/us-kaspersky-
rivals/exclusive-ex-employees-russian-antivirus-firm-faked-malware-to-harm-
rivals-idUSKCN0QJ1CR20150814)

------
nukeop
What if there was a rapidly spreading ransomware that would not decrypt the
user's files after ransom is paid? Ransomwares paradoxically require a certain
level of trust in the attacker, that's why they often have their own tech
support people and actively answer victims' questions. If there was a
deceitful ransomware in the wild, it could help reduce trust in future
attackers, reducing the chance of future victims paying up, and helping to
make ransomware a thing of the past.

~~~
bunderbunder
Consider 419 scams. They have nearly zero credibility, and also lack the kind
of leverage you can get out of threatening that someone will never see their
kid's baby photos again. Yet even they are still profitable enough that many
people think they're a worthwhile operation to run.

Ransomware might have a higher bottom line, owing to the greater technical
skill involved in operating such a racket, but still, in a world where 419
scams persist, it's hard for me to believe that you can damage ransomware's
credibility to the point where it's no longer profitable.

More likely, such an endeavor would end up destroying more people's data than
it saves.

~~~
Fnoord
The reason 419 scams have near zero credibility (with grammar errors, terrible
English, etc) is to increase the signal to noise ratio _for the scammers_. The
less intelligent people who fall for it and are scammable won't be put off
since the red flags and bells are ringing. So if _they_ reply, the scammer
knows he's got bait. Bots make clever use of this M.O. as well; they tend to
behave a bit clumsy, fitting the character of a replier, and get away with it.

------
stablemap
Lots of discussion last time; quite a while ago, though:

[https://news.ycombinator.com/item?id=12831430](https://news.ycombinator.com/item?id=12831430)

------
campuscodi
Also check out: [https://id-ransomware.malwarehunterteam.com/](https://id-
ransomware.malwarehunterteam.com/)

------
kome
For those interested, there are also commercial alternatives to help with
ransomware decryption:
[https://products.drweb.com/decryption_from_ransomware/](https://products.drweb.com/decryption_from_ransomware/)

But I have no idea about the cost.

------
b3lvedere
Heh.. weird coincedence. I'm currently busy restoring customer backup files,
because a funny little program decided to transform everything in to
...johntrudl.com].java files.

------
brndnmtthws
I would just dispose of my computer if were hacked. All my valuables are
backed up anyway. If my machine becomes compromised, why on earth would I want
to continue using that machine?

~~~
skygazer
Because you're clever enough to restore from a clean backup, and double check
you're patched up and not running untrusted code. You're on HN, after all.

~~~
brndnmtthws
Figuratively dispose (i.e., reinstall the OS).

------
chrisaycock
A repo of decryption keys is very useful because it obsoletes specific attacks
without relying on the user to patch his computer ahead of time.

Additionally, ransomware encryption can be stopped at the file-system level:

[https://www.cryptodrop.org](https://www.cryptodrop.org)

