2014.10.22 Tech Corner

A Real-Life Cyberlocker virus story

Article By: Rich Silva – Founder – Pain Point IT Solutions, Inc.

In this article, I will tell you a true story of something that I recently was indirectly involved with and witnessed.

What is Cyberlocker ?

For those of you who don’t know what Cyberlocker is, it is a nasty virus / malware that is also referred in the rags as “RANSOMWARE”. It was a big deal late in 2013 and is making an unwelcomed comeback here in late 2014. Basically what happens is, someone in the office or at home clicks on something they probably shouldn’t have and a bad program is installed on the computer that encrypts all of the Microsoft Word and Excel files in not only the local hard drive, but also on all of the drives that are either physically (i.e. a USB disk drive), or virtually (i.e. a mapped server or Network Area Storage(NAS)) attached.

Let’s go back 6 months..

I re-aquainted in passing with a very well-versed IT friend of mine who is doing some part-time IT consultation work for a local company here in Dutchess County. When we were talking, naturally we circled around to what we do at Pain Point IT Solutions and for purposes of this article, I’ll discuss the part where we discussed our Managed Intelligent Business Continuity (Data Backup and Recovery Services). I discussed how our solution does imaged based backups as well as file based backups at regular intervals throughout the day. That the advantage of doing both is that we can quickly restore an “oops, I overwrote my file” issue, as well as maintain a historical file backup that will allow us to restore files to where they were a week or month back. The big enchilada about our solution though was the ability to restore an entire computers or server image (this includes all the software, drivers, files, desktop, etc..etc) that is also being recorded twice a day. This ensures that a system can be recovered if a hard drive fails. Lastly, we manage and maintain the entire solution so a company who invests in our solution has peace of mind knowing that backups are not being missed and that if they are, someone will make sure they get back on the schedule. He thought this was really cool, and as an IT person had the hindsight to recognize this would be a time (and possibly) life saver for any IT person or company that they do services for. So he pitched the idea to the company he is doing this part-time IT consultation service for.

I didn’t hear back from him UNTIL…

The company got the Cyberlocker virus a few weeks back. The virus converted a large majority of their MS-Word and Excel files to encrypted files that now ask the end user to send money to the author for the unlock code. To make matters worse, the virus is designed and in fact did, infect all of the targeted files on their physically and virtually attached drives.

My friend called me to ask what I knew about the virus. Other than some generic knowledge, I didn’t know too much. After reading some information on it, I suggested that the best course of action is to simply restore the backed up files. When he replied “I was afraid you’d say that”, I knew he was in for a marathon and in a hard to win situation as this, according to all that I’ve read is not simply one of those put a disc in the machine and clean it up sort of propositions.

So where did all this go wrong ?

The company, after hearing his pitch and “ballpark” figures on our solution a few months ago decided they would be content spending less and instead just having backups of their files off the computers, done daily. He spoke with them about the benefits of Pain Point IT Solutions offering and they looked solely at the price and said no. He then suggested off-site cloud based backups of their files. His timing sucked because this was at the time all those celebrities were getting their nude pictures hacked from their cloud storage sites, so the company punted on that one too. The company didn’t like the idea of paying for monthly subscriptions either, so his options were limited. What they ended up with a for a few hundred dollars is a NAS that allowed the computers and servers in the office an externally mapped drive (albeit the NAS was in their server room). My IT friend set up schedulers to run every night to backup the important files from their computers and servers to this NAS drive. There was no routine physical displacement or rotation schedule put in place to occasionally take the NAS off-site and replace it with another so that a restore point, no matter how out-of-date it may be was at minimum available. Not sure why; but I can only assume it was either because he; or they didn’t think about it; thought it was too much work; or they never got around to doing it.

The end result

I’m not really sure. I don’t talk with my IT friend that much unless we run into one another. I think eventually they paid the ransom. No matter what they ended up doing, I think everyone who has read down to this point, gets the point. Call us if you want to talk. It’s free to talk; what do you have to lose ?