The “AIDS” Trojan

Tech
A screenshot of a ransomware message

Your ringing phone startles you minutes before the alarm goes off. It’s the office admin, Jane, who you rarely talk to because she always complains that her internet is slow.

“Wake up, I forgot to tell you something yesterday after work..”

“Can’t it wait, Jane?” You ask, still struggling with your voice.

She ignores you.“Last evening my PC was acting up when I left, I couldn’t access the server or any other PC and there was this funny message too..” You hate how she keeps calling them PC and not ‘Comp’ like every other normal Kenyan.

“What message?”

“Not sure I remember, but something about files being encrypted…”

“Ooh crap!”

“What…?”

She now sounds distraught and you immediately know your exclamation did not help.

“Tell me, was any other comp acting up?”

“Not sure, you know everyone left early for Friday. Please sort me out ASAP. I have a tender I was finishing up, and it means I have to go to work today.”

“Aaah… It’s no biggie, I will sort it out.”

“Awesome!” She says and hangs up.

At that moment you thank heavens for that thing. That one which makes you say things like ‘no biggie’ when you know all hell just broke loose.

Before you even celebrate yourself for calming Jane down, you remember it’s the second Saturday of the month. The only Saturday you don’t go to work. A Saturday you had planned a hike with the boys at Ngong Hills.
It’s now 6.00 A.M, and the alarm goes off, you jump into the shower, brew some black coffee and minutes after 7.00 you head out for work. You carry with you a pair of sneakers for the hike, though in the back of your mind, you know the chances of making the hike are near nil. You don’t call the boys to warn them of the possibility.

In a tech’s life, schedules are never fixed. A day off or a day at work is not something you can really plan for because anything can happen. Some days you sleep smiling because you did everything on your to-do list for that week and you can take the weekend to chill with bae. On other days though, the tech world reminds you that it never sleeps and it could not be any less bothered by your plans. Today is one of the latter.

You get to the office, and Jane is there. Her eyes have a distant shade of red with her slender arms holding onto a large mug of coffee. She is nursing a terrible hangover.

She has already powered up her comp, so you pull a seat next to her, and you can smell traces of mint in her breath, probably to mask the whiskey.

“There is the message I was telling you about”

The message looks back at you with a mean smile.
(All your files have been encrypted!
If you want to restore them, write us an E-mail at decrypthelp@qq.com.
You have to pay for decryption in bitcoins. The price depends on how fast you write us.)

As a wise tech, you hurriedly disconnect the network cable, rush to the server room, log in and guess what? the same message stares back. You disconnect the server too, this time with trembling hands because you realize shit just got real. Then go to all user comps. They are fine, except the lonely old computer in the marketing department.
Being a smoker, you walk out to the balcony overlooking the city, light a stick and smoke in silence. The smooth morning breeze caresses the back of your ears, and in a distance, you can see a slight rise of ground representing the Ngong hills. It looks majestic under the young rays of sunlight. In the corner of your eyes, you see Jane’s horrified face as she joins you on the balcony.

“Can I work now…?” She asks

“Not really, I don’t think you will work today Jane, maybe Monday.”

“What’s wrong?”

“Something bad but am working on it.”

“I can keep you company, to help out where I can.” In the spirit of teamwork, she goes to the kitchen, fixes you a cup of coffee and drops in three spoons of sugar. The second of the 10 cups you will need today. You get down to work with your not so helpful teammate on your side. She’s mostly on Snapchat, and Instagram, taking selfies with the black screen whenever you try run down some commands.
You have heard about Ransomware before, in some boring workshop, your manager insisted you attend. They had taught the importance of backup systems. Luckily, that is the only thing you learned there and pushed the management to acquire a number of NAS drives. You sneer at the blinking message one last time. They are now demanding $1800 and threatening to either double the sum in 24 hours or destroy the files. That’s how they roll, on threats.
You rummage through the backup drives, two are okay. All the crucial data safe since you had previously set the full backup to run on Friday evenings, and they had obeyed their master. You smile for the first time that day. You can happily clean the server, re-install the system and ensure by Monday everyone, including Jane, can work.

According to The Digital Guardian, the first documented case of Ransomware was reported in 1989 and was named “AIDS Trojan”, since it was spread to AIDS research groups and initially demanded a sum between $189 to $378 for decryption. Ransomware has evolved with time, the current crop is more sophisticated and practically impossible to crack.(so you can release that software you have downloaded to try decrypt it).

For techs, Ransomware is the nightmare you would actually only wish on your worst enemies. Its origin must have been a pack of broke hackers, somewhere on some lonely island with a broken-down boat, internet connection, a laptop and lots of beer. The concept is easy, they created a malware which encrypts the most important file types (databases and document files) in a victim computer and demands an amount in ransom for the decryption key.

Whether or not to pay the demanded amount remains an active debate. Someone has just managed to inject a malware into your system, the person is a stranger, and they demand payment via bitcoins, meaning you have no trace-back to them. Once payment is done, there is no guarantee that they will decrypt your files, and if they fail to send the decryption key, there is not much you can do. The sum they demand is between $1500 – $5000. It’s up to an organization to decide whether to play with the coin around a toilet hole. Some have paid and received the decryption key, but consider those who paid and never heard a word from the attackers.

Another risk of paying is that the attackers can mark you as easy prey. This means they will hold you ransom, again and again, making you a potential cash-cow. Nobody fancies being that.

The best way to save your mind from blowing is ensuring a near-perfect backup system for all users, paying much attention to database files and critical files related to ERP’s and finance software. With a good backup system in place, your dollars are safe, the only thing you lose is the time you will spend cleaning out all the affected systems and setting them up again. An antivirus software is also vital, with most major antivirus brands, such as Kaspersky, Norton, and Bitdefender offering an anti-ransomware solution.
Firewall software/Systems can be installed in the case of major organizations dealing in critical data, to offer an efficient first level of security, by screening the network’s incoming and outgoing traffic.
In the case of an attack, it’s advisable to first dismantle the network system, and leave all comps independent of each other. NAS and other backup systems should be a top priority and should only be accessed using a machine which was not previously on the affected network.

 

On Sunday at around 3.00 PM, you run the final tests, which run successfully, the server can now ping all the computers after the fresh set up, and the ERP’s are working fine. You even managed to set up the Marketing department old computer and restored the pink flowery wallpaper Agnes, the department manager likes. You don’t want anyone learning of the attack, because if they did, some will freak out, others will think the ICT department is to blame, and you will have to spend all of Monday glued to a seat in the boardroom explaining to some old folk what Ransomware is, why it attacked, and how it attacked even after the huge investment in Antivirus software. You, therefore, open a new email on Outlook, address to the CEO, then CC everyone else:

Hello all,
Over the weekend we had a slight upgrade to the systems, so expect a few changes. The IT desk will be available for any support needed. Personal data should not have been affected.
Regards,
ICT Department.”

You leave the office and call the boys for a nyama choma treat to make up for the failed hike, and the million and one missed calls and unanswered messages.

Wamugi.
(wamugi@tuketi.co.ke)

 

Leave a Reply

Your email address will not be published. Required fields are marked *