They want your money…..
There are some seriously clever bad guys out there that want your money and they’re pretty good at getting it.
We’ve seen two cases of “Ransomware” recently with two distinctly different outcomes. In the first case, the customer received an email with an attachment. The employee using the machine would not normally use a pc but he was providing some holiday cover. The email looked genuine enough but it had an attachment (described as an invoice) which he proceeded to open. He was then presented with the following screen:
As soon as you enable macros, which sadly he did, the virus was unleashed and every document it could find was encrypted. The encryption is so good it’s really not practical without a super-computer and a few years of processing to decrypt. Effectively at this point the door is wide open and the bad guys are given a warm welcome into your computer.
To add insult to injury the screen wallpaper was changed to this:
You have to admire their thorough approach to telling you how completely up the creek you are!
The particularly nasty bit with this virus is that it will encrypt anything it can see. In this case the customer left their backup USB disk in the computer. The backups were simple file copies (rather than using a dedicated backup program) which allowed the virus to sweep through them encrypting everything.
So where did this leave us? A computer, all files encrypted, the only backup encrypted. Worse still, the files were vital to this client.
Once we had a look, we could clearly see there was no hope of decrypting the files (an older version was successfully decrypted last year when the keys were seized by US authorities). In the case of the locky virus, the bad guys use a unique key just for you. The customer ended up paying the ransom – neither they nor I had any idea whether this would work but they simply could not afford to lose the files that were encrypted. The happy ending isn’t that happy – they did get their files back but it cost them literally thousands. They also had to endure gut wrenching stress.
Moving on to case number two, a small business. Exactly the same scenario with an attachment – the customer knew they shouldn’t open it but they did. Straight away they realised what was wrong and shut down their machine. It was too late to stop the virus doing its work – they then called us.
This time, the customer had backups created using backup software. They also had more than one disk that they rotated on a daily basis. It was then just a case of us restoring from backup and doing a bit of housekeeping to remove the damaged files. The stress was on me – we manage the system and this was a real life case to see if our plans and systems worked as planned. Fortunately everything went as planned. All back up and running in less than three hours.
Key lessons learnt: If you do use a backup drive to copy your files on, make sure you have another – if it’s plugged in, it is at risk.
Backup! Make a backup. Unless you really don’t care about your data.
If you’re in a company, what’s your disaster recovery plan? Do you check your backups to see if they work and do you have copies stored offsite.
Or you could just pay thousands in ransom money and hope for the best. I know which route I would take.