Although virus designers are the creeping crud in the moral bucket, they come up with some uniquely creative ways to piss people off.
This model is particularly good. The pain of losing your important work is almost greater than the pain of paying off the hostage company.
Again, good reason to back up your stuff (especially offsite!), but until it bites you, people won't do it. Eventually, OSes need to do backups by default. The bandwidth, connectivity and cheap drive space make this a no brainer.
What I wanna know is how they collect payments. Virtually any form of payment is traceable today and if you can pay with a CC, you can complain to your CC company about fraud and get your money back. I did hear that some scammer use "gold payment systems" but never looked into those payment systems myself.
Perhaps the scammer waits until the money is free and clear -- transferring to a different card, spending it, etc. Other options: the scammer might just use the email to arrange a physical cash transfer.
Is it really a bigger feat to encrypt with a 1024-bits encryption key than a 660-bits one? If not I don't understand why they didn't do 1024 in the first place. Or even why not use a 2048-bits one...
Given the situation the scammer probably doesn't care about performance, so might as well mitigate any attempts at decryption.
They do care about performance. If the victim could figure out what was happening before their files were completely "ransacked", they could simply shut off their computer and take it to the shop to extract however much of their data wasn't yet encrypted. If the value of what was encrypted so far was less than the ransom, why pay?
Also, another aspect you have to consider: strong encryption algorithms usually have large implementations, which means large viruses. Virus transmission rates are logarithmically proportional to their size (a virus that can get sent from one computer to N others in half the time spreads twice as fast each generation, and therefore exponentially (2^t) faster over time.)
This model is particularly good. The pain of losing your important work is almost greater than the pain of paying off the hostage company.
Again, good reason to back up your stuff (especially offsite!), but until it bites you, people won't do it. Eventually, OSes need to do backups by default. The bandwidth, connectivity and cheap drive space make this a no brainer.