I saved a company with my Bitcoin knowledge! The first time I made money with Bitcoin besides trading.
It happened two days ago. I just got home and was preparing dinner with Bianca when my phone rang. The caller ID showed me that it was a long-time client of mine. I picked up the phone.
‘Hey Mark! This is Jack. I’m not calling for myself but for a big company I work for. They got hacked and are now looking for somebody that knows how to get Bitcoins. Do you know anybody that knows anything about that?’
‘Say no more!’, I said. Give them my number.
After working like a dog all week this will be me today, burgers are also on the menu!
CryptoLocker
Before I got the call I already knew what was going on. This must be CryptoLocker. I’m waiting for the call.
For those unfamiliar with CryptoLocker. CryptoLocker is a virus that will slowly encrypt all your files in the background (without you noticing) and when it’s done demand a ransom of amount X in Bitcoin to decrypt your files. It’s impossible to decrypt the files without the decryption key.
Getting a call from the Boss
Ten minutes later I have the boss of this 80 men company on the line. He’s explaining to me that their files got encrypted and that they have a ransom message on the screen asking for 500 euro in Bitcoin. He says that 13 years of files are encrypted. The whole company history.
The first thing I ask him is if they have any backups? They do but the backup is on a one-day schedule (omg) and it also got encrypted. I said you only have one choice and that is to pay and hope you get the decryption key.
Send me a screenshot of the message I ask him:
First of all, I am impressed it’s completely in Dutch. Second, it gives good instruction what to do and where to pay. It threatens to raise the ransom-price after 116 hours and they made a big green button at the bottom that will probably do something the moment the Bitcoin arrive on the provided address.
Their IT guy tried to do buy/send Bitcoin but couldn’t do it. I realize then that my knowledge about Bitcoin is actually very valuable.
I said to the boss: I can help you but I’m taking a big risk her. First I don’t know you and second I don’t even know if paying will get you a decryption key.
He said don’t worry about the money (By the way he said it I knew it would probably be OK but I'm not an idiot I am taking a risk).
I bought the bitcoin on the open market and send them to the address the that’s provided in the ransom-note. What happened next impressed me most.
The page changed (on the top it says Bitcoin received) and a download link for the decryption program became available
The aftermath
I got a call yesterday night. The boss of the company told me that all the files are back and that they wanted to pay me as soon as possible and I should send my bill so they could process it on Monday. He also said they invested straight away in a 30 days backup solution.
Smart thinking.
I also told them they need to check their entire network for leftovers and if needed reinstall. I don't know if they will do this.
From a professional standpoint (although I shouldn't) I am pretty impressed by the professionalism of this hack. It seems to me they automated the whole process. And I do like the fact that when you pay that you get your files back.
From a personal standpoint, the creators should be in jail.
Of course, 500 euro for a company is absolutely nothing. But I have seen this crypto locker strike consumers as well and then it's a different matter. Paying 500 euro of your own money is NOT fun.
Seriously if you value your data (and I don't mean just company data, think family pictures too on your local PC) make sure you have a decent back-up. It's very important! Make one today if you haven't.
Have a good weekend everyone.
Follow Me @exyle
Bah, what a crappy thing to happen. Very good advice about the back-up and a good thing they've invested in a better back-up solution right away!
I agree with you, it all looks pretty professional and they really help you through the whole part of stealing your money. Seems like they used google translate or something though, as it's Dutch, but not exactly well written.
Super crappy! And nobody should have a one-day backup especially a company. I think it's google translate as well. It's very understandable, though. Thanks for your nice comment!
As my friends would say in the UK, you're the "top dawg"!!! Very well done in helping out. That must have been so stressful for the poor guy. Bitcoin knowledge is still in it's infancy and the complete helplessness you would feel if that happens to us, is horrible!
@exyle saves the day yet again! Awesome job and a totally awesome guy. Great stuff!!!
lol @ top dawg! They were mega stressed. Glad I could help them out. And thanks for another amazing comment!
Well done Dude. I agree with the "Professional Standpoint."
This makes it a pure Criminal Business deal.
It means, they are not in it for anything else but the Crypto Moola.
You pay your money you get your files back.
The company getting it's files back is then a great advertisement, for every other company infected, to pay the Ransom.
This worked for the Somali Pirates,as I remember it.
As soon as they got paid everybody including the ship was released.
The company will, afterwards, back up it's files.
But the Locker Boyzz know they will be back again with a newer updated version.
Again the company will just pay, "any amount," as,* they know,* they will get their files back.
Until of course comes the day, when they don't.
Yes indeed, an interesting story.
I haven't thought about this but you are right! The fact that you get your files back keeps the machine rollin rollin rollin. Pretty interesting business model.
Yes, it worked pretty well, back in the Knights of Old days.
You got captured and Ransomed.
Your Country/Family paid a small fortune to get you released.
Everybody was happy.
Genghis Khan pretty much ruined all this.
As his business model was expansion, grass plains for his horses and he had no use for Gold.
So he slaughtered everybody.
We may arrive at that scenario, with the Locker scripts pretty soon.
I have just written my take, on Cryptocurrencies.
If you have the time, go check it out.
https://steemit.com/steemit/@franks/rise-of-the-crypto-alchemists
Isn't there the decryption keys already for that? http://www.thewindowsclub.com/list-ransomware-decryptor-tools
I think those are for older versions. Not 100% sure. Thing is, if you are a company and need to be up and ruinning the next day you don't want to 'try' anything if you can get rid of a problem for 500 euro. Imagine looking at 80 people not being to work the next day...500 euro is nothing.
Glad you could help. I got hit with an encryption virus last spring myself. I was tired, yet still working, and when a little screen popped up to update my Adobe whatever, I just clicked on it to get rid of it. Boom! And it was the day before I was leaving for a week+ of work travel. Ouch! At least it was just my personal machine and not my work laptop that was hit - and I had unplugged my external hard drive where I back up my photos and videos.
Thankfully, during that week, Kapersky Labs came up with an unecryption tool. I just had to have an unencrypted version of one file -- the larger the better. It compared the two and computed the encryption key, and used that to unencrypt every file that size or smaller. So I got everything back except 5 video files. I was relieved. Here's the message I got:
Wow! What a story. I am sorry you got that virus but good to hear Kaspersky Lab came to the rescue. It's so easy to 'misclick' and BOOM you got it. I had several consumers clients hit with this virus and a tool like that has never worked for them. Thanks for the screenshot! very informative.
BOOM is so right! If I hadn't been on work travel, I would have thought I was doomed and wiped my whole machine. But it was fortunate timing. They developed the tool that week, it was free, and it worked perfectly. It was more efficient to unencrypt everything, including all my applications, than wiping and re-installing. What about a restoring a backup? Well, let's just say I learned my lesson and make backups now. Good luck with helping your clients with these viruses!
This post has been ranked within the top 25 most undervalued posts in the first half of Feb 04. We estimate that this post is undervalued by $5.38 as compared to a scenario in which every voter had an equal say.
See the full rankings and details in The Daily Tribune: Feb 04 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.
If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.
Well done!
Thanks!
That was a horrible situation to be at, but hey you saved the day like a hero!! Well done @exyle, you totally deserved a good reward on this :)
Haha thanks, @rea. I was just the right person at the right time!
☆☆☆☆☆😎
I've read about a few incidents of this sort of piracy. Thank you for the warning. I will be investing in an external drive with my next paycheck.
Congrats on helping out a small company too. That would have seriously been devastating.