Time to Pay the Cryptolocker Ransom: All in a Day’s Work?

The day started out like any other, with coffee and a calendar full of the usual tasks. However, it soon became evident that the next 24 hours – which would culminate in a ransom payment – would be anything but routine. Yes, contrary to the stereotype of the computer geek staring at a screen all day, the life of a Senior Systems Engineer can sometimes be an adventure … especially in a world where cybercriminals are able to deploy malicious software designed to make a company pay up or lose all it holds dear. For this client, that meant months of data.

The adventure began when a client (We’ll call them Client X) called to report that no one on their team could open their billing system. We logged in to discover that the program wasn’t running properly on the server, so we reached out to the billing vendor. What we heard was something you never want to hear: “It looks like all these files have been corrupted.” When the tech tried to restore the files from the backup, it turned out that the backups didn’t exist. More unsettling news.

Meanwhile, a user at Client X’s office said he was getting strange pop-ups on his computer. So another tech set out to troubleshoot THAT issue, and found out that the machine was infected with a virus – which was soon determined to be Cryptolocker – a malicious program that runs on an infected computer and encrypts all the files it can get its hands on. The only way to get such files unencrypted is for the user to pay a ransom; the alternative is for the targeted business to live with the loss. We now knew what was corrupting Client X’s billing system; the only question was whether they could live with the loss. The answer was no, so together we determined that the only thing to do was to pay the ransom.

That sent me on a quest to obtain BitCoin, an anonymous online currency -read more here https://www.network-support.com/bitcoin-and-paying-ransom-to-cyber-criminals/ that is available through online BitCoin exchanges. An added challenge was to obtain BitCoin quickly enough both to meet the criminal organizations demands and to get the business operating again ASAP. Because our client is in New York, we actually had access to one of the few BitCoin ATMs around, in Brooklyn. After establishing an account – which involved my sending a photograph of myself holding a photo ID, like some spy movie – I jumped in a car with only an address and the ransom money I was to exchange for BitCoin. Relying on Google Maps, I found the building in which the ATM was purportedly located, which turned out to be a workshare space. In the middle of the workshare space was an old style phone booth, and in it – there was the ATM, a small Android-based device with a slot in which to feed cash, like a vending machine! Very odd, indeed. The strangest part about it was that there was no CoinCafe or employees, just this random device in which to feed $100 bills. After figuring out how to interface with the machine, I proceeded with making payment and a colleague was able to remote into the infected machine to pay the ransom with the BitCoin I just deposited. And, within just a short time, all of Client X’s data was restored.

Suffice it to say, this is not something we want to do again. No business should. So, here are some ways to protect against these cyber-thugs using Cryptolocker and other malicious software or viruses.

  • It’s important to back up all server systems rather than just “the important ones”; having servers that aren’t backed up just creates an opportunity for data loss
  • It’s important to limit file permissions to only the data that is relevant to a user’s job, so that, if their machine does get infected with a virus, it limits the scope of what files the virus can destroy.
  • Defense in depth (Employing several layers of security) is critical to protecting yourself from these threats; a company qualified in cyber-security, such as The Network Support Company, can provide solutions to help protect your business.
  • It’s important to have protection at multiple points of entry into your network: spam filter, web filter and a firewall.
  • Train users on how to limit risk. For example, users should never open an attachment to an email without being 100% certain of what it is and where it came from.