Uncategorized

Hello, am Ransomware!

Hello, am Ransomware!

In a Tech’s life, nobody guarantees a smooth ride, and if they do, there is some problem with the syntax. One day you sleep smiling at 11.28 PM, you have been trying out your hand on web programming, and finally, at 11.24, you press refresh on the browser, and after some short wait, “Hallo World” appears. You are happy, you sip down the remaining coke, crush the can and hit the blankets. Sleep comes easy, and you dream programming drones and space ships.

You are startled minutes before the alarm goes off, and the first thought is your alarm is crazy and acting like town cockerels which don’t know the time. It’s the office admin, Jane, who you rarely even talk to because she always complains that her internet is slow.

“Wake up, I forgot to tell you something yesterday after work..” She sounds hysterical.

“Can’t it wait Jane?” You ask, still struggling with your voice. She ignores you.

“Last evening my PC was acting up when I left, I couldn’t access the server or any other PC and there was this funny message too..” You hate how she keeps calling them PC and not ‘Comp’ like every other normal Kenyan.

“What message?”

“Not sure I remember, but something about files being encrypted…”

“Ooh crap…” You cut her out absent-minded.

“What…?” You can hear her breathing rate increase.

“Aaah… It’s no biggie, I will sort it out first thing. Tell me, was any other comp acting up?”

“Not sure, you know everyone left early for Friday. Please sort me out earliest possible. I have a tender I was finishing up, and it means I have to go to work today.” She says and hangs up. You remember it’s the second Saturday of the month, the only Saturday you don’t go to work. A Saturday you had a hike with the boys at Gong Hills, and Hiram had made it clear the repercussions for anyone who missed.

It’s now 6.00 A.M, and the alarm goes off, so you head off to the shower, brew some black coffee, and minutes after 7.00 you head off for work with a pair of sweat pants, t-shirt and sneakers in a backpack for the hike. You get to the office, and Jane is there, her eyes have a distant shade of red, with her slender arms holding onto a large mug of coffee. She is fighting a terrible hangover.

She has already powered up her comp, so you pull a seat next to her, and you can smell traces of mint in her breath, probably to mask the whiskey.

“There is the message I was telling you about,” She says.

The message looks back at you, with a mean smile.

(All your files have been encrypted!

If you want to restore them, write us an e-mail at decrypthelp@qq.com.

You have to pay for decryption in bitcoins. The price depends on how fast you write to us.)

As a wise tech, you hurriedly disconnect the network cable, rush to the server room, log in, and there, the same message stares back. You disconnect the server too, with trembling hands, then go to all user comps. They are fine, except for the lonely old computer in the marketing department. If you are a smoker, you walk out to the balcony overlooking the city, light a stick and smoke in silence. The smooth morning breeze caresses the back of your ears, and in a distance, you can see a slight rise of ground representing the gong hills. It looks majestic under the young rays of sunlight. In the corner of your eyes, you will see Jane’s horrified face as she joins you at the balcony.

 “Can I work now…?” She will ask.

“Not really, I don’t think you will work today Jane, maybe Monday.”

“What’s wrong?”

“Something bad but am working on it.”

“I can keep you company, to help out where I can.” She says and in the sense of teamwork, goes to the kitchen and fixes you a cup of coffee, drops in two spoons of sugar. The second of the 10 cups of coffee you will need that day, and you will get down to work with your not so helpful teammate on your side. She will mostly be on Snapchat, and Instagram, taking selfies with the black screen whenever you try to run down some commands.

You have heard about Ransomware before, in some boring workshop, your manager insisted you attend. They had taught the importance of backup systems, and luckily, that is the only thing you learned there and pushed the management to acquire a number of NAS drives. You sneer at the blinking message one last time, and they are demanding for $1800, and threatening to either double the sum in 24 hours or destroy the files.  That’s how they roll, on threats.

You rummage through the backup drives, two are okay, with all the crucial data safe, since you had set the full backup to run on Friday evenings, and they had obeyed their master. You smile for the first time that morning. You can happily clean the server, re-install the system and ensure by Monday everyone, including Jane, can work.

This happened to me a few months ago and has been happening to ICT Techs all over the world for decades past. According to (www.thedigitalguardian.com), the first documented case of ransomware was reported in 1989 and was named “AIDS Trojan”, since it was spread to AIDS research groups and initially demanded a sum between $189 to $378 for decryption. The ransomware has evolved with time, with the introduction of Bitcoin providing a dark haven for the malware creators. Unlike the original ransomware encryption codes, the current crop is more sophisticated and practically impossible to crack, so you can release that software you have downloaded to try decrypt.

Who are you Ransomware?

For techs, ransomware is the nightmare you would actually wish on your bad enemies. Its origin must have been a pack of broke hackers, somewhere in some lonely island with a broken-down boat, an internet connection, a laptop, and beer. The concept is easy, they created malware that encrypts the most important file types (databases and document files) in a victim computer and demand an amount in ransom for the decryption key.

Should I pay?

There are arguments about this. Someone has just managed to inject malware into your system, the person is a stranger, and they demand payment via bitcoins, meaning you have no trace-back to them. Once payment is done, there is no guarantee that they will decrypt your files, and if they fail to send the decryption key, there is not much you can do. The sum they demand is between $1500 – $5000. It’s up to an organization do decide whether to play with the coin around a toilet hole. Some have paid and received the decryption key, but consider those who paid and never heard a word from the attackers.

Another risk into paying, the attackers mark you as a soft spot and will try again and again, making you a potential cash-cow. Nobody fancies being that.

The best solution?

The best way to save your mind from blowing is ensuring a near perfect backup system for all users, paying much attention to database files and critical files related to ERP’s and finance software. With a good backup system in place, your dollars are safe, the only thing you lose is the time you will spend cleaning out all the affected systems and setting them again. Antivirus software is also crucial, with most major antivirus brands, such as Kaspersky, Norton, and Bitdefender offering an anti-ransomware solution.

Firewall software/Systems can be installed in the case of major organizations dealing in critical data, to offer an efficient first level of security, by screening the network’s incoming and outgoing traffic.

In the case of an attack, it’s advisable to first dismantle the network system, and leave all PC’s independent from each other. Nas drives and other backup systems should be a top priority and should only be accessed using a machine that was not previously on the affected network.

On Sunday at around 3.00 PM, you will run the final tests, which will run successfully, the server can now ping all the computers after the fresh set up, and the ERP’s are working fine. You even managed to set up the Marketing department old computer and restored the pink flowery wallpaper Agnes, the marketing department manager likes. You don’t want anyone learning of the attack, because if they did, some will freak out, others will think the ICT department is to blame, and you will have to spend the whole day Monday glued to a seat in the boardroom explaining to some old folk what Ransomware is, why it attacked, and how it attacked even after the huge investment in Antivirus software. You will, therefore, open Outlook, and open a new email and address to the CEO, then CC everyone else:

“Hello all,

Over the weekend we had a slight upgrade to the systems, so expect a few changes on Monday. The IT desk will be available for any support needed. Personal data should not have been affected.

Regards,

ICT Office.”

You will leave the office and call the boys to some choma, to make up for the failed hike.

Leave a Reply

Your email address will not be published. Required fields are marked *