We’ve all heard about big online hacks – credit cards stolen, people’s private photos exposed, and then, of course, hacks like Ashley Madison and the fallout from that.
There are other hacks that are on the rise which are considerably smaller, yet provide those folks who are behind them with a nice pile of cash.
I’m referring to ransomware.
What is ransomware? There are several types, but in the end they’re all the same. There’s a demand for a fee to resolve the problem created by the hacker.
Very recently, as in 4 days ago, a client of mine faced this exact situation. I received a panicked phone call telling me that all of a sudden all his pictures, documents, presentations, zip files and more had been renamed to .crypz. I told him to shut the computer off immediately and come to my office.
In the past I’ve dealt with many different degrees of viruses and hacking. Most notably, thwarting the Chinese government DDoS (Denial of Service) attacks on a client’s server. So, it’s not surprising that this other client thought to call me first.
After conducting a thorough analysis and bit-depth file retrieval attempt, it became clear that the RSA 4096 encrypted files were not going to be retrieved. I connected with a number of industry experts and international security firms. To-date, nobody has been able to decrypt files from what my client was suffering – version 3.0 of cryptXXX.
My client had three options.
- Restore files from a backup and laugh. The problem with this, is his backup was too old. Not only that, but his Dropbox files were caught in this mess as well.
- Wait for a company to break the encryption algorithm and then use their utility to resolve the situation. It could be weeks, if not months, before that could happen. My client used his computer for both personal and business purposes, and had a number of tight deadlines coming up. This was not an option.
- Pay the ransom and hope that the hackers were honest enough to provide a legitimate decryption key to relieve the situation. They wanted 1.2 Bitcoins, and gave 99 hours to make payment before it would double.
What to do? What to do??
Would they provide the key at all? I mean, what they did wasn’t exactly nice – who’s to say that they wouldn’t try to extort my client for more money?
This was the dilemma my client was facing. He opted to buy a new laptop and external drive. Then go with my expert opinion, and install a specific antivirus/malware/encryption protection package to prevent this from happening again. I bought the Bitcoins and paid the ransom on his behalf.
With a number of horseshoes beside me I waited. During this time, I installed the offline version of the protection software so that I could do another deep analysis of the system.
Nearly 90 minutes later the encryption key was provided and I was off to deal with his files. All the pictures, documents, videos, presentations, zip files and such were restored to their original state. The real issue is that this affects all drives that were connected to his computer in the first place. The good news, was that he didn’t have any network or USB drives connected at the time. His Dropbox files were restored as well.
Tried, tested and true
The old fashioned way is still the best way to protect yourself.
Have three copies of everything. One of which is stored in a disconnected and offline manner. If a drive isn’t connected or powered on, hackers can’t get to it. However, thieves and EMP’s can (electromagnetic pulses). So be sure to store your backups appropriately.
Mitigate your risk and update your backups frequently.
It’s with this approach that I take caution with all of my personal, business and client’s files. I suggest you do the same.
What are your thoughts? How do you store your backups?
David Pisarek is a leading digital strategist, based in Toronto, Canada with a strong interest in technology, innovation, design, programming, problem solving and communications. Examples of his work can be found on his website.