It was a dark and stormy Sunday evening. Sophie, an editor in chief for the local paper, was up late catching up on some work after celebrating a Halloween weekend out of town. She scanned through her mass of unopened emails, when she came across one urging her to open an attachment. Sophie, like most well-trained employees, was up to date on how to avoid ransomware attacks—however, in her haste to open all of her unread emails, she clicked the untitled PDF without hesitation. Immediately a message displayed across the screen,
Sophie instantly froze in terror, she never thought she would be the target of a hacker. As the message has stated, Sophie needs to pay 0.5 bitcoins within 72 hours after encryption in order to have her files back unharmed. A wave of fright washed over her as she realized not only how many files she had on her computer for work, but that the deadline for Monday's paper was looming and her master file was encrypted.
0.5 bitcoins has the dollar value of $349.05—although this may seem like a small price to pay, it's more than Sophie was willing to give a stranger with a stranglehold on her files.
The clock was ticking. Without panic, Sophie began to Google how to recover encrypted files from CryptoLocker.
She tried to remain calm, then saw a sign of relief when she scrolled down to this piece of information,
Sophie stood up from her computer in excitement, remembering that all of her work files were backed up by their local managed service provider. Without hesitation, Sophie gave Omega Computer Services a call. However, it was 11 o'clock on a Sunday night. "What kind of MSP would be open this late on the weekend," she thought. Sophie was surprised and relieved to find a human actually answered the phone instead of a voice recording.
The on-call technician walked her through step-by-step in order to gain remote access, and assured she wasn't going to have to deal with this on her own. Once the technician had access to her computer, the backup process had begun.
Within a few hours, the backed up files had been completely restored. Sophie was forever grateful that all of her work had been saved. She couldn't believe that her precious files were almost lost because of her carelessness in opening an untitled email attachment.
Sophie was one of the few lucky enough to have her files backed up, however that's not always the case. It has been said that although CryptoLocker itself is readily removed, files remained encrypted in a way which researchers considered unfeasible to break. Many said that the ransom should not be paid, but did not offer any way to recover files; others said that paying the ransom was the only way to recover files that had not been backed up. Some victims claimed that paying the ransom did not always lead to the files being decrypted.
For peace of mind, have your important files backed up by a local MSP, otherwise you could live to tell the tales from the Crypt-olocker.
*Disclaimer: no actual files were harmed in the making of this blog post.