By the end of the first day, we had exhausted all possible sources of backup copies of their server and data files and it was obvious that their only option was to trust the hackers word that if we paid the ransom they would send the decryption key to restore the data.
The ransom can only be paid in one of two ways. Send them 2 Bitcoins (value about $460) or use a Green Dot prepaid debit card to transfer $300 to them through the malware program itself.
First through, for the first time in our 25 year history, we actually had to re-install the malware that had been partially removed by the first company to pay the ransom. Then we had to wrestle with the CryptoLocker payment screen to get it to accept the payment before finally getting the decryption process started. The decryption program has been running for 2 days so far and has reported that it has restored over 75,000 files and failed on about 50.
We can't tell whether the decyption is working fur sure because it's still running and it looks like it's going to run another day or so based upon a rough estimate of the number of files the client thinks are lost.
So far, the client has lost 3 days of office and technical staff productivity.
This was a hard lesson to learn and even if paying the ransom worked and the client gets back most of their data it's going to be an expensive one. We've probably still got a day of work left cleaning up this mess across the network on the server and all of the other workstations and then installing a reliable data protection system.
Stay tuned, the program is still running. Find out if the hackers were true to their word and if the data comes back after the ransom was paid.
Have similar concerns about the safety of your business data?
Call ACT today @ (847) 639-7000 for a free consultation.
No comments:
Post a Comment