Ransomware is about to get a lot worse, by holding your operating system hostage

[Oceander]

Do you remember 2k's release?? Or XP gold through SP-2? O.M.G! Horror highway (exponentially so with no ready bootdisk available). I was buried under bugs for months, literally working around the clock to try to keep up.

This unexpected lull is well worthy of mention.

I managed to miss the initial release of each one.  When 2k was released, I was using school systems that ran NT.  My first system, which I bought from Dell in 2000, ran Windows ME.  I didn't do much with that other than occasional goofing off because I started working at a large shop right after that and had little personal time to do anything else.  We used computers at work, but I don't recall what system it was.  It was, however, a large enterprise system and not the pithed consumer versions.  My next personal system after that was an XP-based Sony system that I purchased in 2003.  I do remember installing the SP2 service pack to it.

[Taxcontrol]

That's true, but, if they do anything that protects the MBR with a password, they're probably losing most of their  "customers".  Once an infected system is rebooted, if you can't access the MBR you can't get to the message about where to send your money.

Of course, if they're not after the money...

What you describe, sounds similar to what can be done with the GRUB2 boot loader.

http://askubuntu.com/questions/370693/how-to-add-the-grub-password-protection-to-the-os-load-process-instead-of-when-e

[InHeavenThereIsNoBeer]

What you describe, sounds similar to what can be done with the GRUB2 boot loader.

http://askubuntu.com/questions/370693/how-to-add-the-grub-password-protection-to-the-os-load-process-instead-of-when-e

Remember, grub lives inside the MBR.  So if I boot off alternative media, move the disk to another system, etc, I can simply comment out the passwd line, chroot, and run grub2-mkconfig to overwrite the MBR with a grub that doesn't require a password.

The alternative for the ransomware guys would be to do something to the disk to restrict access at a firmware level, but if they do that then as soon as I reboot I can't get far enough to see their ransom demands anymore.

So they can lock things down so tight that pretty much no one can get in without paying, but if the victim reboots they will no longer be able to pay (and the victim loses their drive).  Or they can lock things down so that most users can't fix it and hope that some/many/most of them pay, but then they have to leave an out which allows some to get away completely.  My point (ok, guess) was that they would probably overwhelmingly choose the latter.