Ransomware Negotiation: How Hackers Target SMBs

By

It was a Tuesday afternoon. Liz, a local attorney with 26 years of experience, had given up.

She was easily over 20 hours in to trying to free her computer, with all of her files, from a ransomware attack. She just spent a few thousand dollars on a local IT team to break the encryption and remove the malware. They ultimately couldn’t succeed, but charged $2,000 for their time anyway.

Law enforcement and a local FBI contact both shrugged their shoulders. They only offered sympathy instead of a commitment to investigate. With all of her client files locked, she did what roughly 5 percent of small businesses did this year: contact the hacker via the email address in the ransom note.

Shortly later, a message came through: “Hi, the price to decrypt your files is 1.5 bitcoin.”

With icy fingers, she proceeded to converse with the hacker, via a Russian-based email address, who was going by the name Alkash; possibly an Armenian slang term for “alcoholic.” She began to negotiate with him by acting as an elderly person with little money. She told him she had about $350. His reply was simply, “No.”

She didn’t give up. She replied, “I am supporting my kids and I have to use my computer to earn money. Why are you doing this? Don’t you have family?”

He didn’t bite. He replied, “You live in a rich country. I give you 3 days after which I delete the keys to your files.”

She didn’t flinch. She came back and told him to look at the news on how the government treats the poor and how rich people keep their money to themselves. She said her healthcare was being taken away and she was very sick.

“You own a server with open access,” he said. “Why would a poor sick woman own a server?”

This reveals how she was infected. A lot of us think we are too small to be a target, but in the end, all of us our IP and email addresses that will eventually be found. She had little in the way of security, only endpoint antivirus; an easy target.

She convinced the hacker that she could borrow money from a relative to make it $500. The attacker agreed and instructed her to send a few files that he would unlock as a guarantee he will unlock them all when she pays.

Two days after the initial exchange, Liz was able to buy the right amount of bitcoin from a problematic dealer in South America. She finally unlocked her files.

It was done. Her files were back. She sobbed.

It took around 50 hours to get to this point. Fifty hours of living in fear her client files were gone forever. Fifty hours of lost productivity. Fifty hours of being at the mercy of a thief.

Liz was able to return to work and eventually took time off to recuperate from the attack. Later, while on vacation, she received a call from someone who shared an office with her.

“Are you remotely accessing your computer from your vacation spot?” they said.

The answer was solid: “No!”

Someone, possibly Alkash, was accessing her computer and eventually stole her personal credit card information saved in her browser. She returned from her trip and went right back to work to remediate another breach of her system.

A call to the IT team, a security vendor and the FBI gave her another 20-hour headache, a stack of bills and quotes. Between both attacks, Liz estimated she lost around $50,000 in consultant fees and lost productivity alone.

Feeling like she was getting the run around, Liz called someone she knew at SonicWall. The team went to work to segment her office network and set her up with a firewall. It included the Advanced Gateway Security Suite, which comes with the SonicWall Capture Advanced Threat Protection cloud sandbox service,  to stop known and unknown malware attacks, as well as intrusion attacks, against her server.

So, how are things today?

“Great!” says Liz.

She doesn’t have to worry about follow-on attacks, ransomware attempts and deflating calls to the FBI.

Studies have shown that when a small business is hit with a critical cyber-attack, one in six have to stop business for more than 25 hours. Liz knows the truth to that.

Moreover, roughly 60 percent of small companies that experience a crippling cyber attack are run out of business. A fear that Liz mulled over for 50 hours in June 2017.

To better arm yourself against these forms of cyber attacks, please read our eBook, “How ransomware can hold your business hostage.”

SonicWall Staff