We’ve all heard about big online hacks – credit cards stolen, people’s private photos exposed, and then, of course, hacks like Ashley Madison and the fallout from that.

There are other hacks that are on the rise which are considerably smaller, yet provide those folks who are behind them with a nice pile of cash.

I’m referring to ransomware.

What is ransomware? There are several types, but in the end they’re all the same. There’s a demand for a fee to resolve the problem created by the hacker.

Very recently, as in 4 days ago, a client of mine faced this exact situation. I received a panicked phone call telling me that all of a sudden all his pictures, documents, presentations, zip files and more had been renamed to .crypz. I told him to shut the computer off immediately and come to my office.

In the past I’ve dealt with many different degrees of viruses and hacking. Most notably, thwarting the Chinese government DDoS (Denial of Service) attacks on a client’s server. So, it’s not surprising that this other client thought to call me first.

After conducting a thorough analysis and bit-depth file retrieval attempt, it became clear that the RSA 4096 encrypted files were not going to be retrieved. I connected with a number of industry experts and international security firms. To-date, nobody has been able to decrypt files from what my client was suffering – version 3.0 of cryptXXX.

My client had three options.

  1. Restore files from a backup and laugh. The problem with this, is his backup was too old. Not only that, but his Dropbox files were caught in this mess as well.
  2. Wait for a company to break the encryption algorithm and then use their utility to resolve the situation. It could be weeks, if not months, before that could happen. My client used his computer for both personal and business purposes, and had a number of tight deadlines coming up. This was not an option.
  3. Pay the ransom and hope that the hackers were honest enough to provide a legitimate decryption key to relieve the situation. They wanted 1.2 Bitcoins, and gave 99 hours to make payment before it would double.

What to do? What to do??

Would they provide the key at all? I mean, what they did wasn’t exactly nice – who’s to say that they wouldn’t try to extort my client for more money?

This was the dilemma my client was facing. He opted to buy a new laptop and external drive. Then go with my expert opinion, and install a specific antivirus/malware/encryption protection package to prevent this from happening again. I bought the Bitcoins and paid the ransom on his behalf.

With a number of horseshoes beside me I waited. During this time, I installed the offline version of the protection software so that I could do another deep analysis of the system.

Nearly 90 minutes later the encryption key was provided and I was off to deal with his files. All the pictures, documents, videos, presentations, zip files and such were restored to their original state. The real issue is that this affects all drives that were connected to his computer in the first place. The good news, was that he didn’t have any network or USB drives connected at the time. His Dropbox files were restored as well.

Tried, tested and true

The old fashioned way is still the best way to protect yourself.

Have three copies of everything.  One of which is stored in a disconnected and offline manner. If a drive isn’t connected or powered on, hackers can’t get to it. However, thieves and EMP’s can (electromagnetic pulses). So be sure to store your backups appropriately.

Mitigate your risk and update your backups frequently.

It’s with this approach that I take caution with all of my personal, business and client’s files. I suggest you do the same.

What are your thoughts? How do you store your backups?

David Pisarek is a leading digital strategist, based in Toronto, Canada with a strong interest in technology, innovation, design, programming, problem solving and communications. Examples of his work can be found on his website.

David Pisarek dmpp : David Michael Pisarek Productions | Ontario Canada web design webdesign graphic design photography databases html dhtml portfolio canada loves ny canada loves new york durham college university of ontario institute of technology design programming software operating systems hardware computer sales consulting adobe photoshop macromedia flash cgi javascript lingo maxscript mysql perl homesite corel draw 3d studio max quark xpress express microsoft windows apple osx macintosh iphone linux operational excellence the crossways complex art of noise dmpp.net davidpisarek.com pisarek.com canadalovesny.com dtworx incorporated web manager web master professor ceo networking cat5 cat 5 5e webcam ftp update site development develop Thornhill Richmond Hill Oshawa Whitby GTA Greater Toronto Area Pickering Ajax North York Downsview ralph gerhardt Ralph Gerhardt pisarek.com dmpp.net davidpisarek.com design canada dmpp david toronto ontario editing loves ralph webcam york productions blog pisarek photography gerhardt gta ago rss twitter company portfolio people adobe ajax apple art audio broadcasting business canadalovesny cat cat5 ceo cgi college complex computer consulting corel corporations crossways database databases davidpisarek deployment designing developing dhtml downsview draw dtworx hrs michael bookmarks categories mac pisarek's read required durham personal cad enterprises excellence feedback news new 10rpsn annoy bit boards businesses cancel cannot cell chars clients cloud continue david's deals del digg eat entries exchange bruceadam esilverstein heartattack niche restaurant stuff facebook family wedding flag form friend work functions baseball imax ordered house humour rants ahhhhhhhhhhhh attempts blame blue crappy didn dream stats ask attacking bunch car chaotic completely crazy designmoo digs hockey madclan mins post sgsmith2001 sport sports staff strike umutm video 100gb anyways apparently bonefire clean colleges contest council emissions exhaust firehost game generate
%d bloggers like this: