June 25, 2015

Your Files Have Been Encrypted… Now What?

You’re a typical internet user. You’ve heard a lot about internet hacking, and you are rightly concerned about it. You’ve read about celebrity photo hacks. You’ve heard of multi-million dollar corporations reduced to snail mail. You know about “hacker armies” in North Korea and you suspect that they can bring down an entire power grid in a series of keystrokes. You are fatalistic. You worry about identity theft, but you figure there isn’t much you can do. You stare at your computer. You run a perfunctory anti-virus scan. You sigh, and log off.

You are uneasy about security, but you have a feeling that “it” won’t happen to you – whether “it” means losing your identity, losing your computer, or both, you aren’t sure. You were once told that browsing the internet is like walking through Times Square with your passport stashed in your back pocket. It’s not exactly safe, but it’s not exactly dangerous either. You can appreciate the risk, but you don’t fully apprehend the consequences. Then, one day, it happens to you.

6:00 AM Tuesday

You are at home with a cup of coffee in one hand and a computer mouse in the other. You open Gmail and scan your inbox. You notice an email from your bank and wonder if you’ve missed a bill payment. You open it and see an attachment marked “Receipt.” You click it.  Your computer, generally fast, freezes and stalls. The monitor blinks. The fan whirrs. You shake the mouse. It doesn’t move. You tap the screen. It doesn’t change. You press “ctrl alt del.” Nothing happens. You scowl. You sigh. You stare at the wall. You realize that you haven’t restarted your computer for weeks and decide that this must be the problem. You power down, accept a raft of software updates, and wait.

6:30 AM Tuesday

A dialog box announces that “Your personal files are encrypted!” and can only be retrieved using a unique private key.  You are told that in order to obtain this key, you must pay 2 bitcoins within 96 hours, or the key will be destroyed and all your files will be unrecoverable. You are also advised that any attempt to remove or damage the CryptoLocker software will lead to the immediate destruction of the private key by the server.

You stare at the dialog box. Again, you press “ctrl alt del.” It doesn’t solve the problem. You try “Esc.” Nothing. “Esc.” “Esc.” “Esc.” Nothing. You click a recent Word document. It is encrypted. You try a JPEG file. Same thing. You slide your chair away from your desk. The dialog box counts down the 96 hour grace period. You have 95 hours, 26 minutes, and 3 seconds until your documents are essentially destroyed. You pack your briefcase and go to work, leaving the laptop behind.

11:00 AM Tuesday

“What is cryptolocker?” you query Google, using your office computer. “CryptoLocker is a ransomware Trojan that targets computers running Microsoft Windows.” Oh. You open your phone. “Siri,” you say, “How do I get rid of CryptoLocker?” Siri doesn’t know. You Google further and learn that there is no way to get rid of CryptoLocker except by paying the ransom (but even this does not guarantee the return of your files). CryptoLocker is bad, you discover. You learn that a law firm in North Carolina once lost its entire cache of legal documents as a result of a CryptoLocker attack. You read about a town hall in New Hampshire that lost 80 years’ worth of documents to the malware. You discover that a police department in Massachusetts recently had to pay $750 USD to recover its encrypted records. You check your watch. You have 88 hours, 52 minutes, and 27 seconds until you lose your files.

8:00 AM Wednesday

You miss work. You have a client meeting on Friday and you urgently need to recover your files. You have decided to pay the hackers, but you aren’t sure what a bitcoin is or where to find it. You walk to a local library and use a computer so old that it looks like a microwave. “What is a bitcoin?” you query Bing (your library uses Internet Explorer). “1 Bitcoin equals 320.12 Canadian Dollars.” It replies. “Where do I find bitcoin?” you type. “Bitcoin is a payment system invented by Satoshi Nakamoto, who published the invention in 2008.” This doesn’t answer your question. You switch to Google and learn that you can acquire bitcoins from an ATM downtown, but you must pay in cash. You drive to the bank and withdraw $640 Canadian dollars. The teller looks at you suspiciously. You smile and say “Bitcoin,” feeling well-informed but stupid at the same time. The teller shrugs and passes you an envelope full of money. You leave feeling like a character in the Bourne Identity. You don’t realize how long it will take you to actually make the payment.

10:30 AM Thursday

You are playing it cool. You’ve now recovered all your documents and you feel pretty clever for figuring the whole thing out. “I can’t believe you actually paid them,” your coworker says, “I mean, that’s like financing a criminal organization.” You shrug. What were you supposed to do? You had sensitive information on your hard drive. “On principle, I wouldn’t have paid,” your coworker says. You nod, even though you doubt this is true. “Doesn’t it make you crazy?” he says, “Knowing that now you’re part of the problem?” You agree, and amble away, wondering if you should have done things differently. As you return to your desk, someone curses loudly. “What is CryptoLocker?” you hear them say. You sit down and open your inbox. Fifteen minutes pass until you receive a message from the IT department explaining that someone within the organization has been infected with CryptoLocker and that the shared network drive may be corrupted. You disable the drive, feeling slightly vindicated. “See?” you think to yourself, “It can happen to anyone.” Good luck finding the bitcoins.