Re: [luv-talk] Can anyone help with an urgent bitcoin transaction?
From: "Russell Coker" <russell@coker.com.au>
On Wed, 6 Aug 2014 13:24:36 Brian Parish wrote:
Useful info. And yes the hole has been closed on this and every other NAS we know of out there, but of course that's just this hole...
So they directly attacked the NAS? Can you provide any information on how that happened? I'm sure I'm not the only person here who has clients using NASs for important stuff and not backing it up well.
http://forum.synology.com/enu/viewtopic.php?f=108&t=88770 http://www.zdnet.com/ransomware-attacks-synology-nas-devices-7000032335/ Regards Peter
Peter Ross <Petros.Listig@fdrive.com.au> wrote:
http://www.zdnet.com/ransomware-attacks-synology-nas-devices-7000032335/
this article quotes the vendor as recommending that affected customers should contact their technical support department, a far preferable option to the (possibly illegal) alternative of funding organized crime by paying the amount demanded.
I am not aware of any law against paying blackmail. Can you cite a reference? As for contacting tech support, I guess that the OP IS tech support... On 7 August 2014 8:38:33 AM AEST, Jason White <jason@jasonjgw.net> wrote:
Peter Ross <Petros.Listig@fdrive.com.au> wrote:
http://www.zdnet.com/ransomware-attacks-synology-nas-devices-7000032335/
this article quotes the vendor as recommending that affected customers should contact their technical support department, a far preferable option to the (possibly illegal) alternative of funding organized crime by paying the amount demanded.
_______________________________________________ luv-talk mailing list luv-talk@luv.asn.au http://lists.luv.asn.au/listinfo/luv-talk
-- Sent from my Samsung Galaxy Note 2 with K-9 Mail.
For both sides: How bout having some respect for the users that are suffering as a result of this.... and drop this "administrator genitalia war of comparison" right now. ...this is not the right place or time and IMHO it disrespects the originators very bold and admirable call for community assistance. BW On Thu, Aug 7, 2014 at 4:57 PM, Russell Coker <russell@coker.com.au> wrote:
I am not aware of any law against paying blackmail. Can you cite a reference?
As for contacting tech support, I guess that the OP IS tech support...
On 7 August 2014 8:38:33 AM AEST, Jason White <jason@jasonjgw.net> wrote:
Peter Ross <Petros.Listig@fdrive.com.au> wrote:
http://www.zdnet.com/ransomware-attacks-synology-nas-devices-7000032335/
this article quotes the vendor as recommending that affected customers should contact their technical support department, a far preferable option to the (possibly illegal) alternative of funding organized crime by paying the amount demanded.
_______________________________________________ luv-talk mailing list luv-talk@luv.asn.au http://lists.luv.asn.au/listinfo/luv-talk
-- Sent from my Samsung Galaxy Note 2 with K-9 Mail. _______________________________________________ luv-talk mailing list luv-talk@luv.asn.au http://lists.luv.asn.au/listinfo/luv-talk
Russell Coker <russell@coker.com.au> wrote:
I am not aware of any law against paying blackmail. Can you cite a reference?
No, which is why I wrote "possibly illegal". There could well be conspiracy issues, and it certainly involves funding organized crime.
As for contacting tech support, I guess that the OP IS tech support...
The reference was to tech support provided by the NAS vendor. They may well be able to recover the data, having analyzed the malicious code.
On Thu, 7 Aug 2014 20:30:09 Jason White wrote:
Russell Coker <russell@coker.com.au> wrote:
I am not aware of any law against paying blackmail. Can you cite a reference? No, which is why I wrote "possibly illegal". There could well be conspiracy issues, and it certainly involves funding organized crime.
It's illegal to pay someone to commit a crime against someone else and it's illegal to knowingly buy property that was stolen from someone else. I'm not aware of any Australian law against paying a ransom. If you know of one cite a reference.
As for contacting tech support, I guess that the OP IS tech support...
The reference was to tech support provided by the NAS vendor. They may well be able to recover the data, having analyzed the malicious code.
If the data is actually encrypted then it's probably impossible to do that. Malware that uses public-key encryption to encrypt all files and then after running for some time (long enough to get backed up) destroys the local copy of the decryption key isn't anything new. https://www.schneier.com/blog/archives/2014/08/synolocker_rans.html Bruce Schneier blogged about this and neither the blog post nor the comments has any mention of a way to recover such data without paying. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
On 7/08/2014 11:29 PM, Russell Coker wrote:
On Thu, 7 Aug 2014 20:30:09 Jason White wrote:
Russell Coker <russell@coker.com.au> wrote:
I am not aware of any law against paying blackmail. Can you cite a reference? No, which is why I wrote "possibly illegal". There could well be conspiracy issues, and it certainly involves funding organized crime. It's illegal to pay someone to commit a crime against someone else and it's illegal to knowingly buy property that was stolen from someone else.
I'm not aware of any Australian law against paying a ransom. If you know of one cite a reference.
As for contacting tech support, I guess that the OP IS tech support... The reference was to tech support provided by the NAS vendor. They may well be able to recover the data, having analyzed the malicious code. If the data is actually encrypted then it's probably impossible to do that. Malware that uses public-key encryption to encrypt all files and then after running for some time (long enough to get backed up) destroys the local copy of the decryption key isn't anything new.
https://www.schneier.com/blog/archives/2014/08/synolocker_rans.html
Bruce Schneier blogged about this and neither the blog post nor the comments has any mention of a way to recover such data without paying.
Just to close the loop on this: The encrypted NAS is now decrypting. The keys supplied didn't work, so we contacted their help desk (believe it or not), got immediate support and they had fixed the issue remotely in a few minutes so that after a reboot the decryption process started. Apart from being dirty, slimy pieces of criminal shit, these guys run a quality support service. ;-) Needless to say, once the decryption is complete and we have verified that files are now readable, we'll be blowing away the O/S, re-loading from scratch and then pulling back just the user data. Hopefully this customer will be motivated to plug in their USB drives and cycle them daily offsite from here on too! Thanks again to all who contributed. Brian May in particular for going the extra 1.609344 km. with some off-list follow-up. I'll leave you guys to discuss the legal angles. cheers Brian
participants (5)
-
Brent Wallis -
Brian Parish -
Jason White -
Peter Ross -
Russell Coker