Just to recap from a recent eblast, a new client came to us just after being hacked with ransomware. The ransomware virus attacked every single file on the system and encrypted not only the single computer but any other shared drive on the network and the data files for the application the business used were now encrypted. The backup was last completed a month ago and after consulting with the business owner we decided to take the advice of the FBI and pay the ransom.
The purpose of the ransomware product is to extract money from a business to recover their files. Of course the only way this works is to be able to receive the money and actually recover the files.
The first step was to find out who it was that we needed to pay. This is of course anonymous but on each computer were instructions on how to pay the hacker network to get the files back.
The second step was to download and install a new TOR browser which allows your connection to be anonymous instead of tracked like Internet Explorer, Chrome of Firefox.
The third step was to create a bitcoin wallet. There are probably a dozen or more sites that you can use, but think of this like PayPal. The bitcoin wallet is an online wallet that stores your bitcoin for trading.
Next, at Step 4, we had to fund the account and this is where the process took a turn. If you are thinking we can just go buy bitcoins, you are wrong. First off each transaction is completely anonymous. There are several sites that will help you fund bitcoins but they will all have different rates. Bitcoin is a currency that is traded on the internet and not something you can hold in your hand. The quantity of bitcoins has been set and there are only a finite amount of them in the world. If you have a dime, you have ten cents. However, if you have a bitcoin it can be worth as much as someone will pay for this and the costs go up each day. Each site that we went to had a different conversion rate and fees to purchase. Overall the four bitcoins were going to cost us close to $2000 to obtain them.
This step above should be simple but it is not. To be a legitimate bitcoin sales site (if there is such a thing) you have to be treated like a bank. In order to open an account we had to give them two forms of ID with one being tied to your address like a utility bill. Once we scanned in all of this info we were now ready to fund the account. How do we pay them? Credit card? NOPE. PayPal? NOPE. Bank Transfer? NOPE. Western Union? NOPE. Cashier’s Check? NOPE. Cash? NOPE. None of these worked because none of the sites were allowed to sell to a NC resident.
Now we did find someone who would sell us a bitcoin but we would have to go to a bank, transfer money to their account, text them the amount, send a copy of the receipt, they would call the bank and verify, then they would transfer the coins over to us. Sound sketchy? Well it was.
Finally we were able to use an out of state license and fund the account from a bank transfer. Of course we now had our bank account information in an online anonymous TOR generated banking site. Freaked out yet? It is not over. Now that we are past step four and have funded the account this should be easy, right? NOPE.
Step 5 was to buy the bitcoins from the site. We did that but it took four business days to clear the account to get the coins. This is four days of the business being down without access to any of the important data they would need to run their business.
Step 6 after four days finally came through. We had the bitcoins in our account. We then contacted a seller and using our bitcoin wallet to transfer to them. Of course now we had just transferred $2000 dollars in virtual money to a person we did not know with the hope that they would follow through and decrypt the files.
Step 7 was to decrypt the files. We received a link to a key to decrypt the files about 12 hours after we sent off the bitcoins. The file was legitimate and did decrypt the files.
All in all it was a painstaking process and very stressful. Having gone through this I can tell you the short of it.
- Without backup you have no way to get your data back except to pay
- Have a contingency plan for something like this because it could happen to you.
- The overall process took almost 7 days to complete and to some businesses this could spell disaster.
- The cost of the bitcoins can change as well as the ransom request to get your data back.
- The cost of the bitcoins is the least expensive part if you consider this business was down for 7 days.
In the conceptual state bitcoins were designed to be easy to use all over the world. The theory of a universal money system traded and kept on the internet would be a wonderful idea. However, the downfall is the legitimacy of how to trade this back to real cold hard dollars you can hold. Can you imagine going to Las Vegas and sitting down at a $10 blackjack table and handing them a bitcoin receipt on your phone?
Don’t let this happen to you. The time, frustration, loss of revenue and payment was a bad experience. This could be avoided. We can help. Call IRIS Solutions and let us work with you on a better solution.