How I Accidentally Hack-N-Slashed One of the Most Destructive Computer Viruses in the World


A couple weeks ago, I was running down an Irvine trail after work, distracting myself from the pains of aerobic exercise by listening to one of my all-time favorite podcasts, Radiolab.

This particular episode, called "Darkode," pretty much blew my mind (highly recommended).

It was about a woman who's personal computer suddenly started acting slow.

Ok, that's just about every computer.  But it didn't end there.

After rebooting and doing some troubleshooting, her computer wouldn't speed up. So, she left the computer alone for the weekend and figured she'd try again on Monday.

Monday came.

And boy, was it a Monday.

When she hopped back on her computer, she suddenly found that none of her files, photos, videos, or kitchen sinks were accessible.  Each time she'd click on one, an error message appeared saying the file format could not be read.

What the heck?

Then, a big red popup sprung onto her screen.  It read, "Your personal files have been encrypted" and said that unless she paid $500 US within 7 days in a digital  currency called bitcoin, she would never access her files again. Her files would remain eternally encrypted, or in other words, corrupted to anyone who didn't have the key to un-corrupt them.

Unfortunately, that key sat only with the encryptor -- some computer hacker punk across the rolling seas, all the way over in ever-trustworthy Russia.

What then ensued was a 7-day mad dash as this poor woman, desperate to get her files back, painstakingly followed all instructions to try to convert $500 US to bitcoin and pay the ransom. And I swear, all the forces were against her -- it's quite the story.

In the end (*spoiler alert*), she got the ransom paid, and her files were restored.

Her $500, of course, was not.

For those who have never heard of this kind of thing before, it's known as "ransomware" -- a type of computer virus that permanently blocks access to all your files unless you pay a sum of money within a designated time frame. 

Fail to pay? Bye bye, files.

Apparently ransomware has been around for a few years now, and is becoming more and more common. It can infect your computer through email links, attachments, or even popup ads on websites. Even that cute animated GIF of a puppy you save from Google Images could come with one of these less cute infections, and you and your anti-virus software won't even realize it until it's too late.

And no, unfortunately your dark-rimmed-glasses-wearing-ultra-tech-savvy neighbor can't do squat to help you. Once your computer has been infected and your files have been encrypted, only the hacker with the key can give them back to you.

Terrible, right?

And so, hackers from all over the world continue to target sweet grandmothers' family photo files, graphic designers' Adobe project libraries, and business people's spreadsheets. They tell you to pay the fee, or you'll never see the photos of your first dog or the expense reports you haven't yet turned in, ever again.

Many of these hackers apparently come from standard business environments outside the United States -- with cubicles, HR departments, and possibly even "employee of the month" parking spaces.

The way these businesses make money? By demanding ransoms for our files.

I hope they sleep well at night.

Cuz they probably won't in the next life.

Anyway, while I was listening to the podcast, I counted my blessings that I had never been a victim of ransomware, nor had any of my friends or family members, as far as I knew.

So it must not have been that common. Thank goodness.


My Turn

I work in multimedia, which means I overuse lots of RAM and hard drive space to manage the many digital projects my team and I work on for the company.

A few days ago, I was working on a multimedia project and all was fine and dandy, when I did exactly what I do all the time.  I double-clicked on a picture file to preview it before pulling it into a project. But instead of the picture opening, I got an error message:

"File format is unsupported and cannot be read."

Cannot be read? Why?

I tried again. Same error message.

Suspicious, I tried to open a different picture in the same folder. Again, I got the same error message, and the file wouldn't open.

Odd, especially since that same file had opened without any problems just a minute ago...
I quickly tried to open a couple other file types, and each time, I was greeted by the same error.

So, I looked deeper into the file structure. Strangely enough, I noticed 3 new files that hadn't been there before -- they were all labeled with the same name, but one was a text file, one was an HTML file, and one was some other action-file type I didn't recognize.

Being the meticulously detail-OCD weirdo that I am, I knew that I hadn't put these files on my computer.  And I knew no one else on my team had put them there, either...

And then it hit me.

No way... it couldn't really be that.

I cautiously opened the unknown text file, and sure enough, it only took a second for me to recognize instructions for paying a ransom.

I immediately unplugged my computer's network cable in hopes of not infecting other computers in the building, and rushed into the office next door -- straight to my boss.

"I need the tech team asap," I said. "I think a Russian hacker just gave us a virus that kills all the files on the multimedia drive unless we pay them a ransom."

"Wait, what? Is this a joke?"

Fair question, considering.

"No -- it's for real. I actually just learned about this kind of thing on a podcast. Can you call the tech team over?"

After a brief second spent studying my serious expression and determining it was legit, my boss then jumped up as though his chair had just burst into flames, and within seconds, a tech was in my office, working his anti-virus magic to stop more damage from being done.

Sure enough, it was ransomware.

But... we weren't supposed to know that yet.

Here's why.

In order for a ransomware virus to encrypt your files, it has to scramble each one individually. Going from file to file, one at a time, takes time. Especially on a large multimedia drive with tens of thousands of files, where a single video file can be huge.

So, once the virus starts encrypting, it takes hours or even days to scramble all the files on a hard drive.

It turns out, this particular ransomware starts encrypting files alphabetically -- meaning it scrambles files in folders that start with "A" before moving on to files in folders that start with "B," and so forth.

I had been working in a folder called "Assets."

"Assets" starts with "A."

You've been educated.

This means that the encryption on my computer had just barely begun at the time I had noticed it.

And those 3 new unfamiliar files that had been placed on my computer? Combined, they programmed the popup window that was supposed to show itself later and give me instructions on how to pay the ransom.

But I wasn't supposed to see the instructions yet.  That popup window wasn't scheduled to appear until after the encryption process was completed.

I just happened to be working out of an "A" folder, so I noticed the encryption early. And I just happened to recognize and read the instructional text file long before it had encrypted much of my hard drive, because I just happened to listen to a podcast about this very thing and just happened to be a detail-oriented OCD maniac.

The virus didn't get past "A."


WaBAM!  Mic drop.

I'd be lying if I said I didn't fear some vengeful hacker reading this and taking it as a challenge to do better next time.  Por favor, no...  I am but a small superhero.

Anyway, our tech team was able to isolate and remove the virus quite quickly -- in about an hour.  There were commonly-used files in the "A" folders that had already been encrypted beyond recovery, but with only a fraction of a percent of the drive being touched, the damage was uncharacteristically minimal.  And since our company had completed a regular backup of all of the multimedia data 36 hours prior, it meant I only lost files in the "A" folders that had been created during the last day and a half.

It turned out, I only lost 3 Photoshop files -- a couple hours worth of work.

But then, wouldn't you know it -- when I opened Photoshop, its auto-recovery feature kicked in, and it automatically opened auto-saved recovery versions of the three files I thought I had lost.  

In the end, I lost ZERO work!

What kind of miracle is that?

And I got to live a story straight out of my favorite podcast!  

Ok, I wasn't really hoping for that.  It's much less stressful to just listen to someone else's problems.

But truly, the stars had aligned for me that day, for which I'm grateful to the good Lord above.  I'm always on a tight deadline at work -- and even losing just a couple days of work, plus the time it would have taken to recover it all from the backup copy, would have probably made me want to go outside and beat up anyone on the street who looked like a hacker.

Whatever hackers look like.

The Internet says hackers look like this:

Instead, I got to feel like a virus-destroying superhero.

Which I'm not. 

But I liked feeling like it.

Back Up Your Data

I still have no idea how the ransomware got on my computer.  I don't even know if it was me who opened that floodgate, or someone else who has access to the multimedia drive.  I'm very careful about what files I open, and our company filters and virus protectors block just about everything that isn't business-related.

Truth is, I'll probably never know.  Which makes it that much more unsettling.

Ransomware is all over the Internet, waiting to infect computers -- mostly home computers, but as I witnessed, its targeting more and more business computers these days.  If your computer catches it, you'll likely have to either pay the ransom to recover your files (which is not recommended, because it fuels hackers to continue demanding ransoms), or you lose them.


For-ev-er (Sandlot, anyone?)

I started researching the best solutions for this problem, and multiple websites said the same thing.

Back. Up. Your. Data.

If you regularly back your computer files up on either an external drive (which you then unplug), or better yet, to a cloud service like Google Drive, then if ransomware overtakes your computer, your files are all snug and cozy and backed up.  Then you can bite your thumb at the hackers, reformat, and reload all your files.

A word of caution -- don't rely on regular timed system backups through Windows.  Those can be corrupted, too.  Apparently so can cloud services that are consistently paired with your computer -- like a Dropbox account that appears in your computer hierarchy as an additional drive.

As a filmmaker of 15 years, I have 20+ external hard drives of data I've been waiting to upload and backup on some cloud storage system, as soon as a humongous amount of cloud space became affordable.

Which one has.

Amazon now offers unlimited cloud space for $60/year -- by far the most space for the cheapest price.  And they're not even paying me to say that.

I did a very excited happy dance when I heard about the 60 bucks.

Though I will say -- at this upload speed, by my calculations... all my drives will be backed up by April 2016.

For most people, you don't need unlimited space, and I highly recommend Google Drive.  It's well-priced, and the accessibility and ease of use is awesome.

Google is just awesome.

Don't turn evil someday, k Google?  Cuz I know that all your important executives do all day is read my blog, so this will no doubt leave a deep impression.

In the meantime, to all you readers out there (hi mom), protect yourself and your data by backing it up.  It'll save random hacker-looking people on the sidewalk from being punched in the face.

For now.
Copyright © 2015 Jolie Hales. Powered by Blogger.