[RichardHeart]

Evil Ransomware improvements we may see:

1. New address per machine (easier to detect payments made, hides profit total.)

2. Deterministic wallet stores all profit in a simple 12 word seed "password."

3. Phone numbers directly to bitcoin vendors. (people running insecure systems love phones.)

4. Phone number to tech support company that bills your credit card to walk you through paying the ransom.

5. Delayed symptoms. Secretly encrypt backups (windows efs might be able to do it nonobviously) Then once all your backups are secretly encrypted, it encrypts the key, and now you can't use backups to save yourself.

6. Advertise affiliated antivirus (I hear this is what cloudflare does by hosting bad actors, they inflate their demand from protection from bad actors, just a rumor though.)

7. Infect a friend. Get a discount on your ransom if you infect a friend and they pay.

It doesn't seem reasonable that 300k infections= less than 1 in 1000 payments. Are peoples files really so worthless, or bitcoin really so hard, or people so untrusting of unencrypt. I imagine they could have sold their 0 day idea for more money to a whitehat perhaps? Maybe more generalized bug bounties could be deployed to offer financial incentive to harden systems and be non evil.

[sp00ls]

I don't know a single person who would pay upwards of $300 to get their files back if they got hit with ransomware. Hell, I've got something like 10 years of personal files on my machine and I wouldn't pay that much for them. I would bet a lot more people would be willing to pay if the fee was more like $50. That takes it out of the category of 'a lot of money for computer files' for a lot of people and puts it in the category of 'minor inconvenience'.

I sometimes fix friends & older family members computers as a favor and I've noticed that they usually don't really have any files anyway. I always make a backup before reformatting them and usually it includes their bookmarks and maybe 2-3 random files scattered in their 'Documents' folder, none of which are important. Their machines are more like just gateways to the internet than anything.

Through machines moves over the years I'm sure I have multiple copies of the most important ones anyway (keys, etc). If not oh well, life goes on. Shoulda made backups in the first place if they were that important to me.

[SmellyGeekBoy]

> Their machines are more like just gateways to the internet than anything.

I've been in the same boat and how absolutely right you are. Generally everything they do online is tied to their webmail-based, ISP-supplied email address too, making for a total nightmare when they want/need to change ISP.

[RichardHeart]

Sounds like it would be more profitable to just lock out the device than encrypt the files, for its internet browsing value may exceed its file storage value.

[paradite]

It's much easier to recover from lock out (without losing data) than decrypting the file.

[RichardHeart]

You can do both.

[scraft]

Hmm, I'd certainly consider it, most based on not wanting to deal with the consequences of formatting the machine and starting again (installing programs, set up various setting/configuration options, etc.)

I can't 100% say I would, but maybe.

[scott00]

If I got ransomwared I would definitely reformat the drive and reinstall the OS. There's no telling what kind of malware garbage they leave behind. Seems like it would make a lot of sense for the criminal to add you to their botnet, even after decrypting your files.

[scraft]

This is a good point I hadn't really considered - for the massive attacks typically there are pretty thorough write ups about exactly what it does, etc. so that maybe reassurances enough.

[ransom1538]

"Are peoples files really so worthless, or bitcoin really so hard, or people so untrusting of unencrypt."

I think that is super small subset. Average people use a ton of cloud software nowadays: google docs, dropbox etc. Let alone use a desktop for anything besides work. The files they super care about (photos) are usually on their device or scattered all over facebook. Work files/computers, well they don't care about, that is some IT's guys job.

So the probability to get paid = [their ability to get bit coin] * [inability to have it already backed up] * [value of file[s]]. That does seem like a high bar. I also don't see an IT guy convincing a corporate attorney / accountant that wiring money to obtain bitcoin as an easy feat.

[RichardHeart]

I think its funny that your real last name is Ransom. I wonder if someones last name influences what they focus on in life. In my case, I guess not, I've punished my heart with cheeseburgers more than I care to count, hehe. Maybe I've just focused on it the wrong way.

[davotoula]

"2. Deterministic wallet stores all profit in a simple 12 word seed "password."

You don't want the seed distributed to all victims. There is risk it will be reverse engineered.

There is a way to ge

[RichardHeart]

"although you certainly can securely hand out child keys with no risk to the parent key, and you can hand out master public keys with no risk to the master private key, you cannot do both at the same time. " https://bitcoinmagazine.com/articles/deterministic-wallets-a...

[awqrre]

8. use AI to find files that might be of value to the victim or to everyone else and "steal" those to be able to increase the ransom?

[fokinsean]

> 7. Infect a friend. Get a discount on your ransom if you infect a friend and they pay.

This is great lol

[kristofferR]

It exists:

https://www.bleepingcomputer.com/news/security/new-scheme-sp...