I helped a local company pay off hackers.

From time to time I get called by small organizations, law firms and companies in my local area to do some consulting on security issues.  Yesterday afternoon <redacted organization> called me and told me they were getting this pop up on one of their computers:


That pop-up is known as CryptoLocker and once your machine is infected with CryptoLocker it will then begin to scan all physical or mapped network drives on your computer for common picture and office files and when it finds these types of files it encrypts them with a basically unbreakable encryption and gives you 72 hours to send them $300 or they will destroy the key to unlock your files.

I had a hard time figuring out what to suggest <redacted organization> do.  They only backed up their files on Friday evenings and so they were looking at loosing 3 full days worth of work if they didn’t pay.

After a lot of back and fourth they decided that it was worth a $300 gamble to try to pay off the hackers knowing that it might not work.  So they went down to WalMart and bought a Green Dot MoneyPak loaded with $300 and followed the somewhat complicated instructions to transfer the money.

<redacted organization>’s IT guy called me this morning when he got back into the office and said their files had been decrypted successfully and they removed the infected machine from the network. 

I think this is a turning point in Security.  There were some steps that <redacted organization> could have done to protect themselves better:

  • Better Share Managment
  • Better E-Mail Filtering
  • Better AV
  • Better Backup Schedule
  • Security Awareness Training

Overall <redacted organization> is just a normal small company though.  They try to be security aware but they dont have the time or resources to do everything the way they should and in the end it made sense for them to pay $300 to recover their files.

If I had to guess Cryptolocker is just the start of a wave of malware that holds your files hostage until you pay.  I dont like it but I doubt this is the last company I help pay off hackers.

Site Footer