I woke this morning to a series of panicked emails and text messages. A client has been hit with Crysis Ransomware. After orienting myself to the day, I got a handle on the situation and began restoring the client’s files, swept the infected server with malwarebytes, and am well on the way to having everything back up and running. Some people may remember that I was on Fox News a few years ago speaking about ransomware as an I.T. specialist, warning everyone then to back up their stuff, a sentiment mirrored by an FBI agent who participated in the same special. We are now something like four years later, and the link I provided a moment ago contains many people stating that their clients have been infected, and they want to know how they can go about finding decryption software.
If you’re an I.T. vendor, it’s your job to know about ransomware. It’s literally your job to know about it, and to protect against it. For at least five years now, the only foolproof prevention is to have current backups. That’s why I don’t sweat it. A client panics and tells me they’ve been encrypted? No problem. Connect to the infected machine, identify the ransomware, google it, scan to remove it, restore files, done. This one might be more complex since it also encrypted programs and possibly some Windows features that no sane I.T. vendor would back up, but there’s absolutely no chance that the client is going to a) lose their files, or b) pay the ransom (currently $5100).
And just in the past 30 days, we’ve seen several “professional” I.T. vendors amateurishly asking about decryption utilities. I can’t blame them for not having found my website, to read my discussions about ransomware and the value of backups, or to read about my general indictment of I.T. people and their tendency to view security as an afterthought at best, but no professional should be caught with their pants down these days. As for decryption, no. It’s not happening. You have two options: pay the ransom, or lose the files. New variants are constantly being released–it’s a multi-billion dollar industry–do you really think that there’s any chance they’re going to let their encryption software be reverse engineered?
I know the hopeful feeling, the denial, of a first-time ransom attack. I was sure that I was always just a step away from the magical solution that would undo everything. Of course, through this I was also using Western Union to send $547 to Tel Aviv, Israel to buy Bitcoin and pay the ransom. Since the typical ransom is still “one bitcoin” and Bitcoin is currently at $5100, I’m not sure that the same client would go for it today. If they did, we’d be fired. That would be appropriate, I think, given that any I.T. vendor, at this point, should be aware of ransomware.
This is your job. This is what you do for a living. You’re supposed to be the experts. Your clients pay you to keep them protected from stuff like this.
Do your jobs.
If you’re hit with ransomware and you don’t have current backups for your clients, then you can go ahead and fire yourself. I’d fire you, especially if I, the client, googled things and found that ransomware has been around for several years, and that the solution is simply to back stuff up, and you couldn’t be bothered to do that. Make peace with it–your only options are to pay the ransom and hope that the people on the other end are honorable (they were in the case of CryptoWall, but that was a long time ago), or to say goodbye to all the files. They’re not recoverable and chances are that they never will be.
Just check out the full list of decryption tools that Kaspersky has available. Six. They have decryption tools for six (out of probably six thousand) variants of ransomware. CryptoWall 2.0, which released in 2014, still isn’t on there. Holding your breath for a decryption utility is like hoping to win the lottery. It requires tons of people to pay the ransom and receive the decryption utility, and for those people to provide those tools to Kaspersky, Bleeping Computer, or someone else, and for those people to laboriously reverse engineer the encryption algorithm. It’s called encryption for a reason, dude. That’s not easy to do.
To give you an idea of the task, start with your public key of “100.” Now, figure out the algorithm (the calculation) that I used to turn “100” into the private key of “2,114.” As you can immediately say, there are infinite ways to turn 100 into 2114. The larger your sample size–if you know that 300 also becomes 900, 52 becomes 1,433, and 91 becomes 30–the better your chances of finding the algorithm that will produce all of these results, but even if you have all of these public and private keys, the task is monumental. And that’s what you’re asking of Bleeping Computers because you can’t be bothered to do your job.
If there is anything that I’ve learned in the past week or so, as random clown sightings populate my Facebook feed, it’s how tremendous Stephen King’s legacy really is. I don’t know if people have really thought about it, but prior to the King’s It, absolutely no one gave any thought whatsoever to clowns. They were just happy dudes who wore makeup, did goofy things, juggled, and performed acrobatics to make kids smile and laugh. They were people who liked kids and people who liked being funny, and they brought happiness to the world.
Thanks to Stephen King, each day my Facebook feed is swamped with news stories of what are being called “Clown Sightings.” People are seeing clowns around the country, and are terrified of it. Mass hysteria has ensued, to the extent that a school here in Mississippi was actually locked down simply because parents were discussing a nearby clown. No sighting, no picture, no anything. Just a discussion. School was locked down.
An ordinary writer wishes they could have that kind of legacy!
Holy crap, when you stop to think about it.
Stephen King has made entire generations of people batshit terrified of clowns. Clowns. The happy dudes who wear makeup, do goofy things, juggle, and perform acrobatics to make kids smile and laugh. Those guys. Prior to It, if you were driving down the street and saw a random clown, you smiled, maybe laughed, and waved. Now, you check that your doors are locked and reach for your .38.
Now, that generation of kids who grew up terrified of clowns because of the book and movie It are police officers, mayors, and school administrators. Now, talk of a clown sends schools into lockdowns and launches actual police investigations.
Because someone saw a clown.
State police in Huntingdon County are now investigating reports of a suspicious clown spotted throughout the area, and urge residents to “use restraint,” should they have a sighting.
Need I remind you that we are talking about a clown.
It’s probably not a good time to be a clown, and my sympathy goes out there to all the clowns who are just trying to make a damned living and who are watching Americans gear up in a post-It hysteria strangely reminiscent of the post-9/11 hysteria targeted at Muslims. In fact, the way people are talking about these clown sightings, you’d think people were seeing Muslims running around with dynamite strapped to their chests while shouting “Allahu akbar!”
Now, to be fair, if I looked out of my window right now and saw a fucking clown, I wouldn’t hesitate to grab my shotgun and fill him with buckshot. However, such a clown would also be trespassing, and I would fill pretty much anyone with steel balls if I looked out of my window and saw them loafing around. And this brings me to my next point:
There is something inherently creeping about a clown stalking the side of a road at night, and anyone doing it is asking for trouble. That’s one of the things I haven’t been able to ascertain from any of the articles I’ve seen, though: has there been any trespassing? I would bet almost everything that there has not been. You may be curious why I would make that bet.
I would make that bet because I’m convinced this is a marketing strategy for the upcoming remake of Stephen King’s It. Just look at how terrified we are! We are launching actual police investigations over damned clown sightings, for crying out loud. We are clearly on the verge of shitting our pants in terror. In a few more weeks, we’ll start seeing ads, “Revisit the movie that filled you with fear…”
That’s all this is. Bound to be.
The movie studio almost certainly reached out to local clowns to do this–surely paying them handsomely, since one figures this isn’t going to help their business much for a while and being a clown probably isn’t a particularly. In actuality, though, it seems that it wouldn’t really take very many clowns to get this particular ball rolling. Look at the first news article I linked, the one from Mississippi. There was no clown sighting. A few random “clown sightings” across the country, and people start jumping at shadows. The more people who jump at shadows, the more it spreads and the more people who start jumping at shadows.
It’s fucking brilliant. And, of course, you have people like this who are intentionally stoking the fires of paranoia and fear:
Only in the comments did the initial poster confess that he’d taken the picture off the Internet. By then, it had been shared by friends and family, exactly as he wanted, and probably only one in ten bothered to look in the comments to see the whole thing was a hoax. So now we have people in XXXXXXX, MS who think that a friend of theirs saw a clown just off the road. They’ll see something odd, pareidolia will kick in, they’ll be convinced they saw something, and then they’ll post about it on Facebook. It will spread further and further until someone finally does something stupid and actually attacks a clown who is just trying to do their job.
In all likelihood, there was no clown. Or, if there was, there were only a few in random places throughout the country, and that proved enough to kick off a chain of false clown sightings inspired by fear, getting us all talking about clowns and the number one reason we’re afraid of them. Go ahead, ask someone. Ask someone why in the world they’d be scared to see a clown. A clown.
They’ll all give you the same answer.
“The movie It.”
Which just so happens to have a remake hitting theaters almost exactly a year from now, while freaking “clown sightings” are popping up all over the country and sending people into sheer terror and panic. Hm. Coincidence?
I’m betting it’s not.
Although it does seem that someone jumped the gun a bit. I wouldn’t be surprised, though. I imagine the plan was to start small, with a bit of a test run with a few clowns throughout the country, to gauge how people reacted. They undoubtedly planned to ramp it up slowly over the next year, finally erupting in an epic trailer reminding us all of how terrified we are of clowns–so terrified that we’ll jump at shadows and lock everything down just because someone said the word.
Well played, movie studio.
And well played, Mr. King.
It’s been suggested that I’m wrong, and that the clown sightings are much more sinister, because a clown in Tennessee stabbed a teenager.
This makes such a remarkable case study on hysteria, doesn’t it? Fascinating stuff. For one, we don’t have a shred of evidence that there even is a single clown, much less several. Despite that, schools have locked down, and there is now a police report of a teenager saying that a clown attacked him with a knife.
I love it!
Beautiful. Muy perfecto!
Far from being evidence that I’m wrong, as the person who shared this with me suggested, this is precisely what we would expect to find once hysteria had swept through the nation. Whether there are clowns or not, this is exactly what we would expect to find, so it is evidence of nothing. It could mean that the clowns are real and that at least one of them is vicious, but it could also easily mean that the clowns are fake, and a teenager was swept up in hysteria.
“But he was attacked with a knife!” I hear people saying. “He filed a police report! You can’t seriously think he’s making that up!”
Well, let me tell you a story about a friend of mine when I was 18 or 19. I’m not going to use the friend’s name, because I’ve talked about him before, and his name is really distinctive. One night after we got high and went our separate ways, he gave a ride to a hitchhiker. During the ride, the hitchhiker told my friend–let’s call him “Tim”–that he, the hitchhiker, had committed armed robbery and was wanted, so he really appreciated the ride. A few minutes later, Tim was terrified. He’d worked himself up into a terror. Tim cried and begged the guy to just get out. The hitchhiker directed him to a gravel road; they were basically in the middle of nowhere. Tim cried and begged, offered the hitchhiker all of his money and his cigarettes, if he would just get out. The hitchhiker took the stuff and got out. Tim went and filed a police report.
According to Tim, the hitchhiker pulled a gun on him while they were riding, and directed Tim to the gravel road. Once stopped, the hitchhiker demanded Tim’s money and cigarettes. He had the passenger door open, and told Tim to get out of the car. Tim frantically moved and jumped up, kicked the guy out of the car, and sped away. That was the actual police report. That was how Tim characterized the event in the actual honest-to-fuck police report. The police report had Tim doing some Bruce Lee shit and kicking the hitchhiker out of the car while staring down the barrel of a gun. The real world had Tim crying and begging, while the hitchhiker never said or did anything aggressive.
Tim eventually rectified this with the police department and explained that he had become hysterical, and the police report was fixed. The cops confessed that they hadn’t taken him seriously anyway, because it sounded like the hysterical pitch of a kid, and they guessed that things played out very differently than they had appeared in the police report.
With talk of clowns and clown sightings spreading all over the Internet, I’m sorry to say, but it’s far more likely that this teen “pulled a Tim,” and that there was probably no clown at all. It absolutely is not proof of anything, and it is exactly the sort of thing we’d expect if it was merely another symptom of widespread hysteria. After all, when the police investigated, they didn’t find the clown. It’s not like clowns are hard to spot. It’s a little hard to believe that someone dressed as a clown could attack a teenager with a knife and then escape without anyone else noticing. So no. I’m sorry, but this smells much more like hysteria than it does like the clowns–which may or may not even exist–are a threat.
We like to think that we’re super-evolved and reasonable, and that we could never get swept away in a psychotic hysteria. We look at the Salem Witch Trials, and we say, “That could never happen today! We’d never allow that!” Yet the people suggesting that anyone whose name ends up on an FBI Watch List at any point should never have their name removed and should never be allowed to buy a gun keenly remind us that we are never more than a few poor decisions away from a hysteria-driven witch hunt. We like to think that we could never watch our town get swept up in a frenzy, that we would never have random people lying and saying that they saw someone dancing out under the moonlight drinking blood.
Yet look at this again:
Oh, yes, America. Take a good, long look at it.
That is someone from Salem in the 1600s telling the town that they saw a group of women dancing in the forest and drinking goats’ blood. And without looking into whether or not it was true, other villagers began talking about how their friend saw women dancing in the forest and drinking goats’ blood. Suddenly there’s an entire town full of people desperately hunting down those horrid women, those foul witches, who were committing such abominations in the good town of God-fearing Salem. And by then it’s far too late for this someone to come forward and say that he never saw anything, that he was lying. Even if he did, people would simply say that the witches had gotten to him and were using their black, Satanic magic to make him lie.
Hysteria is a threat today, just as it was a threat four hundred years ago. We must be more vigilant than this.
So now, because some kid filed a police report, the story is spreading across the Internet that these clowns aren’t just out there standing–they are an actual threat, carry knives, and will attack kids.
It is hysteria. It is almost certainly hysteria.
It may not be.
But until we have hard evidence, be mindful of the hysteria. Do not give in to it.