Ransomware As A Fundraiser (RAAF)

April 1st, 2017
Ransomware As A Fundraiser (RAAF)

Save Our Ugly PuppiesThere’s a new form of Ransomware hitting individuals and organizations.  That’s not necessarily a surprise, seeing as Ransomware is constantly technically evolving.  But this isn’t a new technique or delivery mechanism.  It’s much more confusing than that.

Ransomware…as a Fundraiser (RAAF)?

Ok, here at Simplex-IT we take the responsibility of security extremely seriously.  That’s why we’re having a Lunchinar later this month on it.  Ok, we also take lunch seriously.  But we want to be good citizens, and take this very seriously.  We’ve been talking about security and ransomware constantly for the past several years, whether it be blogs, emails, eNewsletters, webinars and seminars.

But we’ve always treated it as an evil thing, something that does no good for anyone except for the bad guys who make money at it.

Until now.

Switch topics (temporary jump, we’ll get back soon enough).  With today’s political climate, it’s no surprise that a lot of well-meaning non profit organizations are seeing their dollars dry up.  Whether it be the budget cutbacks that are expected or the highly-charged social order, some great causes are shutting their doors for good if they can’t find a new way to stay afloat.

Enter…Ransomware?

It’s a new idea, but not as crazy as it sounds.  “I got hit by Crypto-Locker about two years ago,” says Terry Saunders, CEO of Save Our Ugly Puppies, a non-profit specializing in finding homes for dogs that aren’t particularly attractive.  “It was brutal.  I had a ton of pictures of some great dogs…really great puppies that ok, weren’t the prettiest things, but still needed homes.  And I found I couldn’t get the pictures back without paying some creep somewhere $500, which we didn’t have.”

Terry had to cough up the money.  He wasn’t happy about it, but “I remember the sense of relief and accomplishment when, after paying the ransom, I was able to see the pictures again.  I mean, I was absolutely a victim here, but it still felt pretty darn good.”

Flash forward to late 2016.  “With the elections being over, nobody wanted to talk ugly puppies.  Face it, when you want just plain cute, the world turns to kittens.  Or those damn golden retrievers.  Nobody wanted to look under the skin of a dog that was absolutely fine and healthy, but looked like he was sprayed with a hose of drool and had fur that looked electrocuted and then bathed in acid.”

“And I was really starting to think we’d have to close down.  And I remembered my pictures, which made me remember my run-in with Crypto-Locker.  And it hit me.  Why does it have to be about money?  Why can’t we use Ransomware for good?  After all, it’s just a tool.  So I did some research.”

Which led him to meet with Alexander Obmah, a Russian developer of several CryptoLocker variants.

“I was intrigued” said Obmah through an interpreter.  “Our work has been very fulfilling economically, but I must admit I was starting to end my days feeling a bit empty, like part of my soul was being eaten.  Don’t get me wrong, being a multi-millionaire cures many ills, but this was a wonderful opportunity to be the good guy.”

Alex and Terry came up with a new product, RAAF.  It works like this:

Ransomware is traditionally deployed through some vulnerability, whether exploiting a user, a web site or application.  But the result is that a series of commands are run with the intent of encrypting as much data as that user can modify.  This renders the data completely unusable, although the computer is fully functional.  Left behind are the instructions on how to “pay the ransom” to get the key needed to unencrypt the data.

This is where traditional ransomware and RAAF part ways.  With RAAF (particularly Terry’s Save Our Ugly Puppies program) instead of a notification demanding money, a picture of one of Terry’s “Ugly Puppies” pops up.  The person needs to agree to receive and raise the puppy.  If the person agrees, the puppy will be drop-shipped to the infected users address, along with the decryption key.

“Yeah, they’re upset,” admits Saunders.  “I get that.  But then they get the puppy.  And they get their data back.  And they aren’t out a dime.  Everybody wins!”

Neither Saunders nor Obmah was willing to provide a list of companies that had fallen victim to this new ploy.  “Nobody wants to admit that their security wasn’t up to snuff.”  But they did arrange an interview with an anonymous victim (Saunders like to refer to them as “spontaneous supporters”), who went by the name of Dodie Smith.

“Boy was I mad,” Ms Smith began with a chuckle.  “I mean I was working my butt off nonstop on some quarterly reports.  And believe me, my boss doesn’t care about my life, just what I can get done.  So I cut some corners in terms of security, and wow, I thought I was toast.  It would’ve taken me two weeks at least to rebuild the data, and my backups weren’t up to date at all.”

“When I first read the message, I thought it was some stupid joke.  Like some of those popups you get?  It made no sense.  ‘Take the puppy, save your data?’  But the more I looked at my data, the more I saw the message.

“So I gave in.  To be honest, I didn’t know what to expect.  But what the heck, what other choice did I have?  I actually started rebuilding my data, because I just didn’t expect them to follow through.  I mean, they’re sending me a puppy?!”

“The next day, the box came.  With air holes.  Funny, the air holes made me realize they were serious.”  Dodie’s tone became softer.  “When I saw the air holes, my first thought was that the last thing I needed was a stupid dog, let alone an ugly one.  I just thought about getting my data back.  So I ripped open the box, intending on dropping the dog off to some rescue center somewhere…or worse.  I was in a bad way.”

“And out popped Pongo.  The ugliest dog I have ever seen in my live.  He jumped up on my lap and with about 3 licks melted my heart.  It honestly took about two hours to remember my encrypted data.  True to their word, the key to unlock the data was on Pongo’s collar.”

“I unencrypted the data, sent my boss his reports and gave two weeks notice.  Since then Pongo and I have been looking for another job, but so what?  With Pongo I’ve got a whole new perspective on life.”

Neither Saunders nor Obmah were willing to discuss the number of Ugly Puppies that have been distributed.