On 7/08/2014 11:29 PM, Russell Coker wrote:
On Thu, 7 Aug 2014 20:30:09 Jason White wrote:
Russell Coker <russell@coker.com.au> wrote:
I am not aware of any law against paying blackmail. Can you cite a reference? No, which is why I wrote "possibly illegal". There could well be conspiracy issues, and it certainly involves funding organized crime. It's illegal to pay someone to commit a crime against someone else and it's illegal to knowingly buy property that was stolen from someone else.
I'm not aware of any Australian law against paying a ransom. If you know of one cite a reference.
As for contacting tech support, I guess that the OP IS tech support... The reference was to tech support provided by the NAS vendor. They may well be able to recover the data, having analyzed the malicious code. If the data is actually encrypted then it's probably impossible to do that. Malware that uses public-key encryption to encrypt all files and then after running for some time (long enough to get backed up) destroys the local copy of the decryption key isn't anything new.
https://www.schneier.com/blog/archives/2014/08/synolocker_rans.html
Bruce Schneier blogged about this and neither the blog post nor the comments has any mention of a way to recover such data without paying.
Just to close the loop on this: The encrypted NAS is now decrypting. The keys supplied didn't work, so we contacted their help desk (believe it or not), got immediate support and they had fixed the issue remotely in a few minutes so that after a reboot the decryption process started. Apart from being dirty, slimy pieces of criminal shit, these guys run a quality support service. ;-) Needless to say, once the decryption is complete and we have verified that files are now readable, we'll be blowing away the O/S, re-loading from scratch and then pulling back just the user data. Hopefully this customer will be motivated to plug in their USB drives and cycle them daily offsite from here on too! Thanks again to all who contributed. Brian May in particular for going the extra 1.609344 km. with some off-list follow-up. I'll leave you guys to discuss the legal angles. cheers Brian