Ransomware has been listed as one of the Engineering and technology good articles under the good article criteria. If you can improve it further, please do so. If it no longer meets these criteria, you can reassess it. | ||||||||||
|
This
level-5 vital article is rated GA-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
It is requested that a photograph be
included in this article to
improve its quality.
The external tool WordPress Openverse may be able to locate suitable images on Flickr and other web sites. |
Those ransomware criminals must be EXECUTED to DEATHS… — Preceding unsigned comment added by 50.68.214.237 ( talk) 15:34, 6 June 2019 (UTC)
This article seems to place an undue emphasis on public key cryptography: there is no particular need for anything so advanced to be used to create ransomware that will be effective in current real-world environments: or indeed for ransomware to work as advertised at all, if the goal is only short-term extortion.
Having said which, since prepackaged asymmetric crypto is so easily available in current environments, it's an obvious way to do it. The main technical challenges for the ransomware criminal are not performing the technical task of encryption and decryption, but maintaining the credibility of their threat of permanent data loss and promise of timely and reliable data recovery, and getting away with the payment without being caught, both of which require communication. -- Karada 12:02, 23 July 2007 (UTC)
Now I suppose I was being a bit foolish by editing the page without looking at the history... But I do feel that rogue software is very relevant.
Ransomware is computer malware which holds a computer system, or the data it contains, hostage against its user by demanding a ransom for its restoration.
Rogue software is malware... It pretty much holds a computer hostage (and the intention is to do so). And in demanding the purchase of an "antivirus", it is essentially demanding a ransom. So I put a section in about rogue software and it was reverted. I won't start an edit war, but I would like to discuss it... I believe that it is very relevant. Oh by the way, my edit was the one on the left of this one. I was not using this name as I recently updated Firefox and lost all my cookies. Elecbullet ( talk) 00:45, 3 May 2009 (UTC)
I understand the term "rogue software" as software which does not do the purpose it looks to be doing. Examples are e.g. Windows tools called something like "DiskSuperDefragmenter", which then do pseudo- work on the system (mainly displaying nice graphics for obsolete tasks) and running keyboard logger at the same time. I do not think this term can apply to ransomware like Petya that works completely different. More info: https://labsblog.f-secure.com/2017/07/04/how-eternalpetya-encrypts-files-in-user-mode/ Buddhaball 13:08, 22 July 2017 (UTC)
Should programs requesting a fake ransom go here? For example, Rogue:W32/DotTorrent.A scans the system for torrents and tries to trick the user to pay "licence fees" for illegally downloaded files. Kenzero works in a similar way, but it even lists porn movies downloaded by the user on a web page. -- Tgr ( talk) 07:33, 18 April 2010 (UTC)
I remember hearing about an old DOS virus where the requested ransom was help in spreading the infection: the virus locked the computer (threatening that it will erase everything if the machine is restarted), and the user had to insert a floppy disk which the visrus infected, use it to infect another computer (which was registered on the floppy disk by the virus) and reinsert the disk, all within some time limit. Does anyone know about such a virus? (It might just be an urban legend, of course.) -- Tgr ( talk) 07:41, 18 April 2010 (UTC)
The earliest use mentioned is a virus from 1989. In 1987, I wrote a simple program that does the same thing as the strings Unix utility and ran it on random programs. One of them included a long message stating that it detected it's a pirated copy and it's encrypting your entire disk, turning off the computer with the process will make it unrecoverable, and that to recover the data you have to pay $999 to its authors. Sadly, I don't remember the name of the program in question. KiloByte ( talk) 22:05, 29 September 2010 (UTC)
Somebody might want to include a paragraph in this article on basic defenses against Ransomware. Its so crippling, that it freezes the entire operating system. Theres no way to go into control panels to delete Ransomware files, although malware of a less-crippling nature can be deleted by going into system control panels to manually delete malware files. But Ransomware will likely require the user to re-boot, and then to restore the system to factory settings, which is what I had to do. Ransomware is the perfect incentive to back-up files to an external storage device. Of course, people need to act with some common sense with regard to the Ransomware that uses the FBI logo, or the logo of some other law enforcement agency. If FBI is aware of a child porn user, they will physically go to the person's home, confiscate the computer, and make an arrest. The FBI doesn't remotely go into the person's computer, and then request money. Marc S. Dania fl 206.192.35.125 ( talk) 12:59, 6 August 2013 (UTC)
In the "Copycats" section, there's a clear mistake and several omissions regarding CryptoWall, as it is simply CryptoDefense's update under a different name. As far as I know, CryptoDefense spread first in the early days of March 2014, weeks afterwards one argentine hacker (namely Jose Vildoza) found a loophole whereby the malware left a copy of its keys pair in Windows Key Vault, where RSA Key Containers are stored by Window's Data Protetion API (CryptoAPI) by default. Although such key containers have both public and private key, the latter is securely encrypted by DPAPI. Jose Vildoza from Argentina and Fabian Wosar from Germany developed a tool that extracts the private key from the protected key container and proceeds to decrypt the victim's files without payment. These guys were quietly helping victims recover their files by Email but unfortunately, on March 31, Symantec published an article on its blog describing the loophole, which didn't take long to prompt the malware's authors to patch it. A few weeks later, "CryptoWall" emerged, which is just like CryptoDefense, though it has a better looking GUI on its "Decryption Service" webpage and the loophole IS patched. There are many sources for muy statement, like THIS one from PCWorld. ( http://www.pcworld.com/article/2142180/)stung-by-fileencrypting-malware-researchers-fight-back.html — Preceding unsigned comment added by 200.43.65.124 ( talk) 08:28, 16 October 2014 (UTC)
This comment violates guidelines for Talk pages, I would maintain that WP:IAR holds here, advice that might save some people's data. If it's thought that this section really shouldn't be on this page, just delete it. I've just seen (hence WP:Original research, not suitable for article) an encryption attack via a ZIP email attachment with a Javascript .js payload; I personally haven't come across a .js payload before. I let it infect a virtual machine, which it did very rapidly. Possibly it ran without needing to download malware over an Internet connection. I don't know if it genuinely encrypted and sent the key to a control center; it did replace many files with gibberish, appending ".vvv" to the filename. Plus lots of messages about my needing to connect to my personal (malware) page, presumably to be told how to pay, and to reassure me (truthfully or not) that they had the unique key for my files. Later: after doing an online virus check, I think the file is probably a downloader, not a direct-encrypting .js script as suggested above. HTH, Pol098 ( talk) 16:08, 23 December 2015 (UTC)
96.239.16.115 ( talk · contribs) keeps removing this saying "The timeline is incorrect. It starts with the flawed AIDS Trojan attack in 1989 followed by the secure ransomware attack introduced by Young-Yung in IEEE S&P 1996)"
It should be updated with the latest info if it's available, not removed as it's pretty good otherwise. Deku-shrub ( talk) 23:22, 20 April 2016 (UTC)
Wrong. There is a time-line. It was already in the text of the article. Adding to the article an incorrect time-line, that even worse, claims to be a "Complete history" makes no sense and misleads the general public. I am 110% in support of freedom of speech. But what you have been doing is re-uploading an incorrect time-line to this article. A graphic is a really nice idea so why don't you fix it?
References
It would be helpful to have a couple links to some example ransomeware code for documentation and research purposes.
FockeWulf FW 190 ( talk) 21:50, 31 October 2016 (UTC)
Yes, wouldn't it? — Preceding unsigned comment added by 5.22.134.186 ( talk) 09:15, 22 November 2016 (UTC)
Assuming good faith, it is probably best to leave that type of research to engineers in closed environments. For curious minds, here's analysis from developer perspective on one example of how ransomaware works: https://labsblog.f-secure.com/2017/06/30/eternal-petya-from-a-developers-perspective/ Buddhaball 13:42, 22 July 2017 (UTC) — Preceding unsigned comment added by Partaj1 ( talk • contribs)
This
edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
Wanna Cry needs update.More than 200,000 users affected in 104 countries. RathanKalluri 04:12, 15 May 2017 (UTC)
What level of protection do people think this page should have? It's currently fully protected which I think is too high, I think it should be lowered e.g. to semi-protected or pending changes. What do other people think please? Tom B ( talk) 10:14, 15 May 2017 (UTC)
Nowadays, such concept as "too much security" in my opinion doesn't exist. Buddhaball 13:47, 22 July 2017 (UTC)
Should the page image at WannaCry ransomware attack be used as the image? NightlyG ( talk) 11:32, 15 May 2017 (UTC)
In my opinion no, because some people confused Wannacry- attack with Cryptolocker that is isolated trojan from year 2014. It appeared as first hit on popular search machine when looking up ransomware. (This is not the case anymore). Therefore creating association of ransomware being specific type of malicious program can lead to generalization and misunderstandings. Buddhaball 13:53, 22 July 2017 (UTC) — Preceding unsigned comment added by Partaj1 ( talk • contribs)
Someone editing from an IP address seems to be very keen to push references to cryptovirology into this article, particularly into the lead section, and restores them whenever someone else takes them out. While cryptovirology is important and relevant to this article, and needs to be mentioned in the section related to technical details, it is not central to the concept of ransomware. This is why we have a separate cryptovirology article. -- The Anome ( talk) 16:13, 15 May 2017 (UTC)
Having more Google hits on the word 'ransomware' as opposed to cryptoviral extortion/cryptoviruses does not change the fact that all the malware discussed on this page falls within the field of cryptovirology. To expand on this: In regards to your statement: "I note that the article has a subsection on non-encrypting ransomware." It is not clear how that fits into the discussion. Cryptovirology introduced the concept of an adversarial protocol in which the attacker deploys malware and uses it to extort payment from the victim over-the-wire in the form of crypto-currency. The leakware cryptovirology attack is about transporting the victim's data outside the victim's machine/organization and threatening to publish it, not encrypting it in place as a form of kidnapping. This was presented at West Point in IEEE IAW 2003. As it stands this article mimics very much the skin-deep content of tabloid articles on ransomware and significantly ignores the informative scientific literature on the subject. But it has been improving over time. Why don't we turn this discussion around and try to reach consensus on some text. Based on your rational arguments, I now agree with you that "cryptoviral extortion" may be too narrow for the first sentence. So, I believe the following is perhaps closer to what we are after: "Ransomware is a type of malicious software from cryptovirology that blocks access to data or threatens to publish it until a ransom is paid." — Preceding unsigned comment added by 173.52.199.201 ( talk) 23:31, 17 May 2017 (UTC)
Steel, The Anome, and Snori, the first line that you three are insisting on is wrong. This is it: "Ransomware is a type of malicious software that blocks access to the victim's data and threatens to publish or delete it until a ransom is paid". In the case of the attack that threatens to publish the victim's data, the victim is not denied access to his/her own data. Have you read the cryptovirology paper that was presented at West Point in IAW 2003 and the related text in Malicious Cryptography? Snori, you stated: "Not only is it logically wrong, (not all ransomware is crypto-based)". You are the one who has it backwards. You are making the assumption that all cryptovirology attacks use crypto offensively. This is not the case. The non-zero sum games attack (that the populace has relabeled as Doxware over a decade later) does not use crypto offensively (in the sense of cryptoviral extortion); the threat is publication of the victim's data. The malware exfils the victim's data and threatens to publish it from afar. The core aspect of the cryptovirology attack has no crypto at all. Ransomware attacks overwhelmingly more widely are cryptovirology attacks and therefore cryptovirology, the field that the attacks are in, belongs in the first line of this page. — Preceding unsigned comment added by 173.56.74.61 ( talk) 16:05, 9 July 2017 (UTC)
Steel, this is not about what you are interested in. This is about giving society accurate information on ransomware. I asked you if you read the IAW 2003 cryptovirology paper and the related text in Malicious Cryptography. You decided not to answer. This suggests that you have not read scientific literature that is critical to understanding the depth and breadth of ransomware. This is further supported by your erroneous belief that ransomware that threatens to publish the victim's data blocks access to the victim's data (this was in your incorrect version of the line we are talking about). Had you read the original cryptovirology works you would have understood this and not conveyed this false information to society in the article. Having "from cryptovirology" does not detract from the accessibility of the article. In fact, I have shown that it will help people from making the same mistake as you. So, in summary, we have established that: (1) you feel the article should reflect your interests rather than what is helpful to society, and (2) you are not a subject matter expert in ransomware and are not qualified to address cryptovirology because you have not studied it sufficiently. — Preceding unsigned comment added by 173.56.74.61 ( talk) 02:05, 12 July 2017 (UTC)
The WannaCry section erroneously suggests that The Shadow Brokers are responsible for the attack. They were not, and nowhere in the cited article is it mentioned either. They were merely the publishers of the ETERNALBLUE attack that WannaCry used. -- 118.208.108.64 ( talk) 07:43, 26 May 2017 (UTC)
I am missing a section on ransomware that plants false incriminating evidence on computers. See e.g. this https://www.cbc.ca/news/technology/computer-virus-victims-framed-for-child-porn-1.851399 or https://www.computing.co.uk/ctg/news/2416521/did-hacking-team-sell-software-to-plant-child-porn-on-suspects-pcs
Or is there a separate article about this? Zezen ( talk) 09:42, 22 December 2018 (UTC)
"Ransomware" of course - cannot fix it on mobile UI. Zezen ( talk) 09:44, 22 December 2018 (UTC)
Reading in
Simple English, why ransomware became popular in Russia?
--
206.116.72.144 (
talk) 17:36, 19 May 2020 (UTC)
Possible to add the following research data to the "Operation" section of the page?
Under the penultimate paragraph (about the different types of payloads and the various ways ransomware restricts systems):
"In May 2020, vendor Sophos released data showing that in almost three quarters of ransomware attacks (73 percent), cyber criminals succeeded in encrypting data [1]."
Following the final paragraph in that section (about ransomware payments), we could also include these:
"In May 2020, vendor Sophos reported that the global average cost to remediate a ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity and ransom paid) is $761,106. Ninety-five percent of organizations that paid the ransom had their data restored [2]. Hanahdj ( talk) 20:53, 14 September 2020 (UTC)
-- 2001:569:7D81:3000:B0E4:B656:EA4:A655 ( talk) 12:20, 16 November 2020 (UTC)
Deleted some content that was breaking the page. Someone had a long URL to KnowBe4.com -- on trying to fix it, I discovered that KnowBe4.com is on the blacklist (and has been blacklisted since March 2014). (Maybe the poorly formatted URL -- which didn't actually link to anything -- was an attempt to get around the blacklist?) So I deleted it. If someone wants to restore it, maybe bring it up to the folks who run the blacklist. RexSueciae ( talk) 14:47, 8 June 2021 (UTC)
The steadily increasing ignorance of computer and network security is appalling.
Generalized theft of data accompanied by an extortive threat (assuming the data--more specifically, assurance against its divulgence--is valuable) is not ransomware.
Anyone with a brain in his head would immediately recognize that the one has nothing to do with the other. Of course, if anyone actually gave two cents' worth about computer security, systems would not be penetrated left and right. Witness the recent JBS attack. They pay $40M annually for consultants to protect their systems but succumbed (according to a television 'authority') to an overlooked VPN connection (shakes head at wording, let alone at implication). Their administrators--the typical lazy type who can't be bothered to write anything down because they're too lofty and superior--should be boiled in oil. The consultants--who failed to detect an open communication pathway--should be tarred and feathered. But the customers are as witless as the consultants, and heaven forfend that any executive should admit to a mistake, let alone learn from it. — Preceding unsigned comment added by 2601:589:4b00:c200::1bf6 ( talk • contribs)
The result was: promoted by
MeegsC (
talk) 09:45, 18 July 2021 (UTC)
Created by Jesswade88 ( talk) and Victuallers ( talk). Nominated by Victuallers ( talk) at 09:53, 22 June 2021 (UTC).
I thought it was innovation or revolution. Its 😃👍 and Curable maybe. 2603:6080:7D03:1D47:E92D:DEFB:F97C:20E4 ( talk) 00:54, 28 January 2022 (UTC)
These might be notable, and the links useful for expanding the article:
-- Beland ( talk) 16:45, 15 December 2022 (UTC)
I think that this article puts way too much emphasis on the concept of 'cryptovirology'. This term has no significance whatsoever apart from the work published by Adam Young and Moti Yung, of which the first one is not even a notable academic. That work was published before ransomware was widespread but since it has become widespread, that terminology has not been widely adopted. There was also a major conflict of interest editing by Adam Young and Moti Yung, see Special:Contributions/Adamlucasyoung. I would like to hear the input of other editors. PhotographyEdits ( talk) 10:54, 18 April 2023 (UTC)
The redirect Ransomware (malware has been listed at redirects for discussion to determine whether its use and function meets the redirect guidelines. Readers of this page are welcome to comment on this redirect at Wikipedia:Redirects for discussion/Log/2024 February 21 § Ransomware (malware until a consensus is reached. Utopes ( talk / cont) 06:44, 21 February 2024 (UTC)
Ransomware has been listed as one of the Engineering and technology good articles under the good article criteria. If you can improve it further, please do so. If it no longer meets these criteria, you can reassess it. | ||||||||||
|
This
level-5 vital article is rated GA-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
It is requested that a photograph be
included in this article to
improve its quality.
The external tool WordPress Openverse may be able to locate suitable images on Flickr and other web sites. |
Those ransomware criminals must be EXECUTED to DEATHS… — Preceding unsigned comment added by 50.68.214.237 ( talk) 15:34, 6 June 2019 (UTC)
This article seems to place an undue emphasis on public key cryptography: there is no particular need for anything so advanced to be used to create ransomware that will be effective in current real-world environments: or indeed for ransomware to work as advertised at all, if the goal is only short-term extortion.
Having said which, since prepackaged asymmetric crypto is so easily available in current environments, it's an obvious way to do it. The main technical challenges for the ransomware criminal are not performing the technical task of encryption and decryption, but maintaining the credibility of their threat of permanent data loss and promise of timely and reliable data recovery, and getting away with the payment without being caught, both of which require communication. -- Karada 12:02, 23 July 2007 (UTC)
Now I suppose I was being a bit foolish by editing the page without looking at the history... But I do feel that rogue software is very relevant.
Ransomware is computer malware which holds a computer system, or the data it contains, hostage against its user by demanding a ransom for its restoration.
Rogue software is malware... It pretty much holds a computer hostage (and the intention is to do so). And in demanding the purchase of an "antivirus", it is essentially demanding a ransom. So I put a section in about rogue software and it was reverted. I won't start an edit war, but I would like to discuss it... I believe that it is very relevant. Oh by the way, my edit was the one on the left of this one. I was not using this name as I recently updated Firefox and lost all my cookies. Elecbullet ( talk) 00:45, 3 May 2009 (UTC)
I understand the term "rogue software" as software which does not do the purpose it looks to be doing. Examples are e.g. Windows tools called something like "DiskSuperDefragmenter", which then do pseudo- work on the system (mainly displaying nice graphics for obsolete tasks) and running keyboard logger at the same time. I do not think this term can apply to ransomware like Petya that works completely different. More info: https://labsblog.f-secure.com/2017/07/04/how-eternalpetya-encrypts-files-in-user-mode/ Buddhaball 13:08, 22 July 2017 (UTC)
Should programs requesting a fake ransom go here? For example, Rogue:W32/DotTorrent.A scans the system for torrents and tries to trick the user to pay "licence fees" for illegally downloaded files. Kenzero works in a similar way, but it even lists porn movies downloaded by the user on a web page. -- Tgr ( talk) 07:33, 18 April 2010 (UTC)
I remember hearing about an old DOS virus where the requested ransom was help in spreading the infection: the virus locked the computer (threatening that it will erase everything if the machine is restarted), and the user had to insert a floppy disk which the visrus infected, use it to infect another computer (which was registered on the floppy disk by the virus) and reinsert the disk, all within some time limit. Does anyone know about such a virus? (It might just be an urban legend, of course.) -- Tgr ( talk) 07:41, 18 April 2010 (UTC)
The earliest use mentioned is a virus from 1989. In 1987, I wrote a simple program that does the same thing as the strings Unix utility and ran it on random programs. One of them included a long message stating that it detected it's a pirated copy and it's encrypting your entire disk, turning off the computer with the process will make it unrecoverable, and that to recover the data you have to pay $999 to its authors. Sadly, I don't remember the name of the program in question. KiloByte ( talk) 22:05, 29 September 2010 (UTC)
Somebody might want to include a paragraph in this article on basic defenses against Ransomware. Its so crippling, that it freezes the entire operating system. Theres no way to go into control panels to delete Ransomware files, although malware of a less-crippling nature can be deleted by going into system control panels to manually delete malware files. But Ransomware will likely require the user to re-boot, and then to restore the system to factory settings, which is what I had to do. Ransomware is the perfect incentive to back-up files to an external storage device. Of course, people need to act with some common sense with regard to the Ransomware that uses the FBI logo, or the logo of some other law enforcement agency. If FBI is aware of a child porn user, they will physically go to the person's home, confiscate the computer, and make an arrest. The FBI doesn't remotely go into the person's computer, and then request money. Marc S. Dania fl 206.192.35.125 ( talk) 12:59, 6 August 2013 (UTC)
In the "Copycats" section, there's a clear mistake and several omissions regarding CryptoWall, as it is simply CryptoDefense's update under a different name. As far as I know, CryptoDefense spread first in the early days of March 2014, weeks afterwards one argentine hacker (namely Jose Vildoza) found a loophole whereby the malware left a copy of its keys pair in Windows Key Vault, where RSA Key Containers are stored by Window's Data Protetion API (CryptoAPI) by default. Although such key containers have both public and private key, the latter is securely encrypted by DPAPI. Jose Vildoza from Argentina and Fabian Wosar from Germany developed a tool that extracts the private key from the protected key container and proceeds to decrypt the victim's files without payment. These guys were quietly helping victims recover their files by Email but unfortunately, on March 31, Symantec published an article on its blog describing the loophole, which didn't take long to prompt the malware's authors to patch it. A few weeks later, "CryptoWall" emerged, which is just like CryptoDefense, though it has a better looking GUI on its "Decryption Service" webpage and the loophole IS patched. There are many sources for muy statement, like THIS one from PCWorld. ( http://www.pcworld.com/article/2142180/)stung-by-fileencrypting-malware-researchers-fight-back.html — Preceding unsigned comment added by 200.43.65.124 ( talk) 08:28, 16 October 2014 (UTC)
This comment violates guidelines for Talk pages, I would maintain that WP:IAR holds here, advice that might save some people's data. If it's thought that this section really shouldn't be on this page, just delete it. I've just seen (hence WP:Original research, not suitable for article) an encryption attack via a ZIP email attachment with a Javascript .js payload; I personally haven't come across a .js payload before. I let it infect a virtual machine, which it did very rapidly. Possibly it ran without needing to download malware over an Internet connection. I don't know if it genuinely encrypted and sent the key to a control center; it did replace many files with gibberish, appending ".vvv" to the filename. Plus lots of messages about my needing to connect to my personal (malware) page, presumably to be told how to pay, and to reassure me (truthfully or not) that they had the unique key for my files. Later: after doing an online virus check, I think the file is probably a downloader, not a direct-encrypting .js script as suggested above. HTH, Pol098 ( talk) 16:08, 23 December 2015 (UTC)
96.239.16.115 ( talk · contribs) keeps removing this saying "The timeline is incorrect. It starts with the flawed AIDS Trojan attack in 1989 followed by the secure ransomware attack introduced by Young-Yung in IEEE S&P 1996)"
It should be updated with the latest info if it's available, not removed as it's pretty good otherwise. Deku-shrub ( talk) 23:22, 20 April 2016 (UTC)
Wrong. There is a time-line. It was already in the text of the article. Adding to the article an incorrect time-line, that even worse, claims to be a "Complete history" makes no sense and misleads the general public. I am 110% in support of freedom of speech. But what you have been doing is re-uploading an incorrect time-line to this article. A graphic is a really nice idea so why don't you fix it?
References
It would be helpful to have a couple links to some example ransomeware code for documentation and research purposes.
FockeWulf FW 190 ( talk) 21:50, 31 October 2016 (UTC)
Yes, wouldn't it? — Preceding unsigned comment added by 5.22.134.186 ( talk) 09:15, 22 November 2016 (UTC)
Assuming good faith, it is probably best to leave that type of research to engineers in closed environments. For curious minds, here's analysis from developer perspective on one example of how ransomaware works: https://labsblog.f-secure.com/2017/06/30/eternal-petya-from-a-developers-perspective/ Buddhaball 13:42, 22 July 2017 (UTC) — Preceding unsigned comment added by Partaj1 ( talk • contribs)
This
edit request has been answered. Set the |answered= or |ans= parameter to no to reactivate your request. |
Wanna Cry needs update.More than 200,000 users affected in 104 countries. RathanKalluri 04:12, 15 May 2017 (UTC)
What level of protection do people think this page should have? It's currently fully protected which I think is too high, I think it should be lowered e.g. to semi-protected or pending changes. What do other people think please? Tom B ( talk) 10:14, 15 May 2017 (UTC)
Nowadays, such concept as "too much security" in my opinion doesn't exist. Buddhaball 13:47, 22 July 2017 (UTC)
Should the page image at WannaCry ransomware attack be used as the image? NightlyG ( talk) 11:32, 15 May 2017 (UTC)
In my opinion no, because some people confused Wannacry- attack with Cryptolocker that is isolated trojan from year 2014. It appeared as first hit on popular search machine when looking up ransomware. (This is not the case anymore). Therefore creating association of ransomware being specific type of malicious program can lead to generalization and misunderstandings. Buddhaball 13:53, 22 July 2017 (UTC) — Preceding unsigned comment added by Partaj1 ( talk • contribs)
Someone editing from an IP address seems to be very keen to push references to cryptovirology into this article, particularly into the lead section, and restores them whenever someone else takes them out. While cryptovirology is important and relevant to this article, and needs to be mentioned in the section related to technical details, it is not central to the concept of ransomware. This is why we have a separate cryptovirology article. -- The Anome ( talk) 16:13, 15 May 2017 (UTC)
Having more Google hits on the word 'ransomware' as opposed to cryptoviral extortion/cryptoviruses does not change the fact that all the malware discussed on this page falls within the field of cryptovirology. To expand on this: In regards to your statement: "I note that the article has a subsection on non-encrypting ransomware." It is not clear how that fits into the discussion. Cryptovirology introduced the concept of an adversarial protocol in which the attacker deploys malware and uses it to extort payment from the victim over-the-wire in the form of crypto-currency. The leakware cryptovirology attack is about transporting the victim's data outside the victim's machine/organization and threatening to publish it, not encrypting it in place as a form of kidnapping. This was presented at West Point in IEEE IAW 2003. As it stands this article mimics very much the skin-deep content of tabloid articles on ransomware and significantly ignores the informative scientific literature on the subject. But it has been improving over time. Why don't we turn this discussion around and try to reach consensus on some text. Based on your rational arguments, I now agree with you that "cryptoviral extortion" may be too narrow for the first sentence. So, I believe the following is perhaps closer to what we are after: "Ransomware is a type of malicious software from cryptovirology that blocks access to data or threatens to publish it until a ransom is paid." — Preceding unsigned comment added by 173.52.199.201 ( talk) 23:31, 17 May 2017 (UTC)
Steel, The Anome, and Snori, the first line that you three are insisting on is wrong. This is it: "Ransomware is a type of malicious software that blocks access to the victim's data and threatens to publish or delete it until a ransom is paid". In the case of the attack that threatens to publish the victim's data, the victim is not denied access to his/her own data. Have you read the cryptovirology paper that was presented at West Point in IAW 2003 and the related text in Malicious Cryptography? Snori, you stated: "Not only is it logically wrong, (not all ransomware is crypto-based)". You are the one who has it backwards. You are making the assumption that all cryptovirology attacks use crypto offensively. This is not the case. The non-zero sum games attack (that the populace has relabeled as Doxware over a decade later) does not use crypto offensively (in the sense of cryptoviral extortion); the threat is publication of the victim's data. The malware exfils the victim's data and threatens to publish it from afar. The core aspect of the cryptovirology attack has no crypto at all. Ransomware attacks overwhelmingly more widely are cryptovirology attacks and therefore cryptovirology, the field that the attacks are in, belongs in the first line of this page. — Preceding unsigned comment added by 173.56.74.61 ( talk) 16:05, 9 July 2017 (UTC)
Steel, this is not about what you are interested in. This is about giving society accurate information on ransomware. I asked you if you read the IAW 2003 cryptovirology paper and the related text in Malicious Cryptography. You decided not to answer. This suggests that you have not read scientific literature that is critical to understanding the depth and breadth of ransomware. This is further supported by your erroneous belief that ransomware that threatens to publish the victim's data blocks access to the victim's data (this was in your incorrect version of the line we are talking about). Had you read the original cryptovirology works you would have understood this and not conveyed this false information to society in the article. Having "from cryptovirology" does not detract from the accessibility of the article. In fact, I have shown that it will help people from making the same mistake as you. So, in summary, we have established that: (1) you feel the article should reflect your interests rather than what is helpful to society, and (2) you are not a subject matter expert in ransomware and are not qualified to address cryptovirology because you have not studied it sufficiently. — Preceding unsigned comment added by 173.56.74.61 ( talk) 02:05, 12 July 2017 (UTC)
The WannaCry section erroneously suggests that The Shadow Brokers are responsible for the attack. They were not, and nowhere in the cited article is it mentioned either. They were merely the publishers of the ETERNALBLUE attack that WannaCry used. -- 118.208.108.64 ( talk) 07:43, 26 May 2017 (UTC)
I am missing a section on ransomware that plants false incriminating evidence on computers. See e.g. this https://www.cbc.ca/news/technology/computer-virus-victims-framed-for-child-porn-1.851399 or https://www.computing.co.uk/ctg/news/2416521/did-hacking-team-sell-software-to-plant-child-porn-on-suspects-pcs
Or is there a separate article about this? Zezen ( talk) 09:42, 22 December 2018 (UTC)
"Ransomware" of course - cannot fix it on mobile UI. Zezen ( talk) 09:44, 22 December 2018 (UTC)
Reading in
Simple English, why ransomware became popular in Russia?
--
206.116.72.144 (
talk) 17:36, 19 May 2020 (UTC)
Possible to add the following research data to the "Operation" section of the page?
Under the penultimate paragraph (about the different types of payloads and the various ways ransomware restricts systems):
"In May 2020, vendor Sophos released data showing that in almost three quarters of ransomware attacks (73 percent), cyber criminals succeeded in encrypting data [1]."
Following the final paragraph in that section (about ransomware payments), we could also include these:
"In May 2020, vendor Sophos reported that the global average cost to remediate a ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity and ransom paid) is $761,106. Ninety-five percent of organizations that paid the ransom had their data restored [2]. Hanahdj ( talk) 20:53, 14 September 2020 (UTC)
-- 2001:569:7D81:3000:B0E4:B656:EA4:A655 ( talk) 12:20, 16 November 2020 (UTC)
Deleted some content that was breaking the page. Someone had a long URL to KnowBe4.com -- on trying to fix it, I discovered that KnowBe4.com is on the blacklist (and has been blacklisted since March 2014). (Maybe the poorly formatted URL -- which didn't actually link to anything -- was an attempt to get around the blacklist?) So I deleted it. If someone wants to restore it, maybe bring it up to the folks who run the blacklist. RexSueciae ( talk) 14:47, 8 June 2021 (UTC)
The steadily increasing ignorance of computer and network security is appalling.
Generalized theft of data accompanied by an extortive threat (assuming the data--more specifically, assurance against its divulgence--is valuable) is not ransomware.
Anyone with a brain in his head would immediately recognize that the one has nothing to do with the other. Of course, if anyone actually gave two cents' worth about computer security, systems would not be penetrated left and right. Witness the recent JBS attack. They pay $40M annually for consultants to protect their systems but succumbed (according to a television 'authority') to an overlooked VPN connection (shakes head at wording, let alone at implication). Their administrators--the typical lazy type who can't be bothered to write anything down because they're too lofty and superior--should be boiled in oil. The consultants--who failed to detect an open communication pathway--should be tarred and feathered. But the customers are as witless as the consultants, and heaven forfend that any executive should admit to a mistake, let alone learn from it. — Preceding unsigned comment added by 2601:589:4b00:c200::1bf6 ( talk • contribs)
The result was: promoted by
MeegsC (
talk) 09:45, 18 July 2021 (UTC)
Created by Jesswade88 ( talk) and Victuallers ( talk). Nominated by Victuallers ( talk) at 09:53, 22 June 2021 (UTC).
I thought it was innovation or revolution. Its 😃👍 and Curable maybe. 2603:6080:7D03:1D47:E92D:DEFB:F97C:20E4 ( talk) 00:54, 28 January 2022 (UTC)
These might be notable, and the links useful for expanding the article:
-- Beland ( talk) 16:45, 15 December 2022 (UTC)
I think that this article puts way too much emphasis on the concept of 'cryptovirology'. This term has no significance whatsoever apart from the work published by Adam Young and Moti Yung, of which the first one is not even a notable academic. That work was published before ransomware was widespread but since it has become widespread, that terminology has not been widely adopted. There was also a major conflict of interest editing by Adam Young and Moti Yung, see Special:Contributions/Adamlucasyoung. I would like to hear the input of other editors. PhotographyEdits ( talk) 10:54, 18 April 2023 (UTC)
The redirect Ransomware (malware has been listed at redirects for discussion to determine whether its use and function meets the redirect guidelines. Readers of this page are welcome to comment on this redirect at Wikipedia:Redirects for discussion/Log/2024 February 21 § Ransomware (malware until a consensus is reached. Utopes ( talk / cont) 06:44, 21 February 2024 (UTC)