When was the last time you were forced to negotiate with international cyber-criminals?
For me, it was just a few weeks ago.
It was one of the worst things that's ever happened to me...
I consider myself a pretty techie kind of a guy. In fact, technically, I'm Technical Director on the Mike Hosking Breakfast at Newstalk ZB - a pretty technical role.
I write tech reviews for the ZB website. Sometimes I'm interviewed as a tech expert for the New Zealand Herald.
Turns out, I didn't know squat.
I thought I did. In fact, I was arrogant about it - especially in terms of my personal cyber security. I don't feel that way anymore.
We have a pretty decent desktop PC at home. Over the years I've pimped it up with lots of RAM and massive amounts of storage for things like music and photos. Important things.
Obviously you need to protect important things like those and yes, I had an external backup drive so I could regularly copy all that important stuff across. But here's my big mistake; I left that backup drive plugged in. Turns out, even a drive connected by USB is vulnerable to attack.
When I type that, it's so obvious but at the time, I never gave it a second thought. Arrogant.
My arrogance extended to my browsing and downloading habits. Sure I would go incognito to keep my browsing private (it doesn't really). And of course I was using an up to date antivirus (provided by my ISP for free)
That didn't protect me.
Turns out, visit the wrong site, download the wrong file, next thing you know, you're encrypted.
The first sign something was seriously wrong was a series of browser windows opening themselves all at once. It was astonishing how fast it all happened. While I was trying desperately get control of my browser back, everything else was being taken away from me; photos, pictures, the lot.
The sense of instant regret was overwhelming. How could I have been so stupid? Why wasn't I running a proper cyber security suite like Norton Security? More importantly, if I'd been running cybersecurity software like Norton Secure VPN and Norton Security Premium, I wouldn't have been able to download this cyber chaos into my life in the first place.
Unfortunately, Norton didn't send me Security Premium or Secure VPN to review until after this had happened!
I spent days researching what to do. I tried everything to restore those precious files. Recovery programs that can undo recent modifications. I ran about every decryption tool available. I consulted specialist data recovery experts. I even notified government agencies.
Nothing worked. The Hermes 2.1 ransomware I was doomed by is relatively new and therefore completely uncrackable. Sure I could rebuild my PC from scratch. My 15 year-old gaming daughter wouldn't be happy about it, she'd lose her progress in a lot of her virtual spaces. But she'd get over it. My music library would be mostly retrievable from the cloud. I'd have to re-catalogue everything, but again - that's just time, not the end of the world.
What made me sick to my stomach though, what was keeping me awake day and night, was losing all those photos. Not just photos, but memories.
Priceless, priceless memories.
Why oh why hadn't I been running better security software and a VPN?
There was nothing else for it. I had to ask the price.
Fearing it might be thousands, the demand via untraceable email was $500USD, to be paid in Bitcoin.
Still a lot of money and the obvious question was, "How do I know you'll decrypt my files once I pay?"
Apparently, international cyber-criminals have systems in place to answer such concerns. I sent them an encrypted photo and they returned it to me, back in it's original state.
As luck would have it, it was a photo of the birth of one of my daughters. I pleaded my case, pointing out how important these pictures were to us. Somehow I managed to negotiate the price down to $300USD. I took a deep breath and decided to pay.
I figured given the bad guys had already programmed their software to unlock my files, there was really no reason for them not to send it to me.
Then I had to figure out how to buy Bitcoin. That's a whole other story that involved a very dark moment when I thought I'd lost all my money with no Bitcoin to show for it at the other end. Luckily, that was just a verification issue and after one of the most stressful afternoons of my life, the transaction was complete.
I notified my friendly extortionist and waited. And waited. And waited.
Another sleepless night passed.
After almost 24 hours I had all but resigned myself to losing the money when finally, after about 15 increasingly desperate emails from me, I was sent a link to the decryption software.
I was using a VPN and a more sophisticated anti-virus now, let me assure you.
Was it all over?
Sadly, decrypting hundreds of thousands of files takes a long time and, as it turns out, doesn't always work.
The sleepless nights just kept stacking up.
After a few more begging, pleading, groveling messages, I was sent a revised app to try.
Hallelujah! I could access my files again, although they had all been renamed and I would have to spend many further hours using specialised software to restore them to their previous forms.
Of course, a lot of damage had been done in the meantime, much of which I'm still cleaning up now, weeks later.
This really was one of the worst things that's ever happened to me. It may sound over dramatic to compare it to a death in the family, but losing thousands of memories of the people closest to you feels like that in so many ways.
And as for being forced to deal with anonymous criminals in the dark corners of the internet, that ain't no picnic either.
Heed my advice, it's so damn simple.
Back up your precious stuff. Either in the cloud, or even better on a separate drive YOU CAN DISCONNECT!
Don't download dodgy files. It's simply not worth it.
And most importantly, run a decent cyber security suite and keep your browsing safe and invisible with a VPN like Norton Secure.
Norton Secure VPN let's you choose your region, including New Zealand, which is important for streaming services like Netflix. You can subscribe up to 5 devices and best of all, it didn't slow me down at all - I've tested my download and upload speeds and there's not issue - in fact, many of my streaming services work better with Norton Secure VPN activated.
Avoid my nightmare. Practice safe net.