Tech Support Horror Stories: Hackers Hold Files Hostage for Bitcoin Ransom


By Karl Bickmore, CEO

This week we continue our series “Tech Horror Stories.” Each post tells the story of a real-life tech-based horror story and explains best practices you can adopt to make sure it won’t happen to you. The names have been changed to protect the innocent. Last week we wrote about a disgruntled employee bent on causing harm on his way out the door. Here, we bring you the story of Walter, whose files were held for ransom by an unknown hacker.

Your Files have been Encrypted!

Walter stopped by Starbucks on his way to work. His day was jam-packed, and he needed a little caffeine to get through his big to-do list. He reached the office a little earlier than usual and was ready to hit the ground running.

Before he began tackling his list, Walter decided to check his email quickly. The day before, he had left a few messages in his inbox for follow-up. Then a new one caught his eye. It was some new fantasy football analysis.  He was doing well this year in the office pool and was interested in any information that could help him maintain his winning streak.  He opened the email and clicked the video link. It opened Walter’s web browser and then something strange happened.

First, he received warning notifications from his desktop anti-virus software that he didn’t understand.  Then it happened. A big red box filled Walter’s display and these words appeared: “Oops! Your files have been encrypted!” On the left side of the screen, a timer counted down the time until his files would be deleted unless he paid the required ransom. A box at the bottom of the screen contained the demand for a $4000 bitcoin payment that would execute an encrypted destination. At the bottom was a box demanding a bitcoin payment equaling $4000 to an encrypted destination. Walter couldn’t believe this was happening. He hoped it was a hoax.

Minimizing the warning box, he tried to open a spreadsheet that he’d worked on for about 50 hours. It wouldn’t open.  Panicking now, Walter turned to his “My Documents folder and attempted to open other documents. No luck. Fearing the worst, he navigated to the company’ shared server network.  The files were all encrypted. He felt sick to his stomach. This was going to be a big problem. Walter put in a call to his IT provider to see if anything could be done.

Resolving the Ransomware Attack

Snap Tech IT got involved in this incident after the fact. As it turned out the ransomware had attacked his computer and the server system. It had also discovered the location of the server backups and had encrypted them as well. This company had no choice but to pay the ransom.  Fortunately, after paying the ransom, they were able to decrypt their files. Often, paying the ransom doesn’t fix it.

After a thorough analysis, we discovered a similar scenario to many other companies. Walter’s company had some protections in place, but there were big holes. The outsource IT provider they hired was not up-to-date on the latest threats and tools and was still supporting his clients the same way he had for the past 10 years. This exposed them and his other clients to enormous risk.

What was missing that could have helped prevent this attack? We discovered that patches weren’t up to date, there was no anti-ransomware software installed, the firewall was not configured to filter content, the back-up system was poorly designed, etc. We recommended a mixture of new security tools and better IT operating procedures. Don’t let this happen to your company. Learn more in our blog post, 8 Things You Should Be Doing to Prevent Ransomware Attacks.