More Ransomware

On Monday I wrote about ransomware and how more and more instances of it have been surfacing over the past few years.

Yesterday, this popped up on my radar.

Scammers were exploiting a bug in IOS (iPhone and presumably iPad) Safari to make it appear as if a user’s device had been hijacked, and that they had to pay to get access back. The ransomware was installed on some porn sites.

Ars Technica has a less technical description here.

As the first article calls it, this is more “scareware” than “ransomware.” It’s possible to get control of Safari back, and Apple just patched the exploit with the latest IOS upgrade. I had another site inadvertently do this my iPhone via some crappy web coding.

(By the way, if your site uses pop-ups, I will very likely never visit it again. If your mobile site uses pop-ups, fuck you. I will positively never visit it again.)

The interesting bit here is the social engineering. Cracking (what the unethical kind of hacking is more properly called) has also been more about social engineering than clever tech. This is a prime example.

Be careful out there, and if you find yourself paying a “policeman” with gift cards, think again.

And put your pants back on. Please.

 

Ransomware: Scary Stuff

In case you’re not already familiar with it, “ransomware” is software that installs itself on your computer, scrambles your files so you can’t use them anymore, and then holds them ransom until you send money to the ransomer. (Via bitcoin, so (s)he cannot be identified.)  Depending on who “sent” the software, sending the money may not get control of your computer back for you; some of the attackers are just scammers and don’t bother.

According to the FBI, this “business” is generating about $1B a year in economic activity. Some high-profile clients have fallen prey to it, like hospitals, universities, yes, even police departments.

It’s not going to get any better. Corporate IT departments think that running antivirus software (much of which is sold by companies that make and release viruses to hurt their competition,) making employees change passwords frequently, and making their systems difficult to use, is what security means. For most companies IT security is not a skill or a practice, it’s a to-do list executed by professional managers.

Ransomware is going to get worse because people with no computer skills (even less than that required to run IT!) can literally buy it and point it at an enemy now.

And then there’s this guy and his ideas about where the technology could go.

One of the characters knocking around in my head is an I.T. detective/forensic type, and the possible targets for a ransomware attack, why they are targets, and the kind of film noir mess my investigator could be walking into is a veritable gold mine.

Writing is turning out to be a great coping mechanism.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑