R.W. Johnson · Ransomware

I had just finished writing an article for the LRB and was attaching it to an email when suddenly all the files saved as icons on my screen vanished. I thought at first I had pressed some wrong and incomprehensible button – something that happens to me – when a message flashed up on my screen telling me that all my files were gone. If I wanted them back I would have to pay the equivalent of $500 in Bitcoins (at the current rate of exchange, that was 2.3 Bitcoins) within 130 hours, after which the sum would rise to $1000. Absurdly, I thought of Tarquinius bidding for the Sibylline books of prophecy, and every time he said the price was too high, the Sibyl burns three books and offers the remainder at the same price. Clearly, I was in that sort of auction. To help concentrate the mind the time remaining was set out in hours, minutes and seconds, with each second ticking off: looking at this merely increases one’s manic state as the loss of all one’s files kicks in. I was always promising myself to back everything up but hadn’t.

I started investigating how to pay up: my computer guy told me it was the only way, that such ransomware was now big business and apparently randomly targeted. The virus is imported by email. The files may actually be still on your machine but they are encrypted and invisible – so what you get for your money is a decrypt key. But the whole business is immensely dodgy. Generally, if you pay you will get the files: if word spreads that the hackers will double-cross you, then no one would pay and the business model would be ruined. But various law enforcement agencies are attempting to disrupt these criminal gangs, so the decrypt key may get sabotaged in transit. There is no way of knowing where the hackers are.

I set about trying to find out how to buy Bitcoins. There were a variety of possible sellers but I wanted to buy with a credit card so I settled on CoinMama. Meanwhile I had to set up my own Bitcoin account or ‘wallet’ and this I did at an outfit called Blockchain. So I would have to buy them from CoinMama for deposit into my Blockchain account from which I could make the transfer to the anonymous twenty-digit coded account number given me by the hackers.

I started trying to pay for my $500 worth of Bitcoins (which would actually cost me $671.50, such is the commission charged). This was immensely arduous. I filled in endless details but then CoinMama wanted a selfie with me holding my passport next to my face so they could check my ID, and all four corners of the passport had to be visible. They took ages to process my request and then they really rattled me by replying not to the email address I had used to contact them but to my second address, which I had never mentioned to them. How could they possibly have known about it? I began to worry about ID theft and sent messages to people with whom I have financial relationships warning them of this.

In the end CoinMama asked my why I wanted the Bitcoins; when I told them, they immediately said they could have nothing to do with anything criminal. At the same time my computer guy rang to say that when he’d serviced my computer last October he’d backed up all the files. At which point I decided not to pay or do anything further. So I will lose the last 11 months of files but some I can recover from third parties. I’ll have to rewrite the LRB article from scratch, though. I can live with that.


  • 28 August 2015 at 4:28pm
    suetonius says:
    Two suggestions. One, have continuous backups. Always. Second, switch to a Mac, this won't happen. Plus, if you switch to a Mac you can use Time Machine for point one, continuous backups are built into the system. As is auto save. To the cloud. You'll never lose anything again. My wife's assistant had this happen, since she was running Windows on a virtual machine on her Mac. Luckily, we had backups.

  • 28 August 2015 at 6:10pm
    Joe Morison says:
    And never, ever, open an attachment on an email unless you are certain that it's kosher. Even if it's from a friend, if it seems at all doubtful, check with them first.

  • 28 August 2015 at 8:48pm
    David Timoney says:
    The more practical prevention is to install antivirus software, which these days automatically checks for malware such as this. You're unlikely to be the first person in the world to have been a victim of this particular scam, so any half-decent antivirus package would know about it and would have blocked the infected email. Buying a Mac is not a failsafe solution. Macs are subject to viruses too (a virus is just a rogue program, so any operating system is potentially susceptible), just a more rarefied and smug class of virus.

    If you are intimidated by the idea of setting up continuous backups, or even syncing your files with a cloud service such as Google Drive, a simple solution is to always email any important files - i.e work in progress - to yourself. Unless you've built a postoffice on your C drive, these will be copied to a third-party mail server, which means that you can independently access them via your email account if your PC is locked, blown to smithereens or otherwise inaccesible.

    PS: You might want to have a word with your PC guy. Most ransomware is fake - e.g. they just bugger-up your desktop shortcuts and icons but the files remain undamaged - so it could possibly be removed by a tool such as Malwarebytes or Bitdefender booting off an external drive. Even if it's the real deal, and your files have been encrypted, you might have been able to roll back to a more recent point than 10 months ago if you'd turned System Restore on (I'm assuming you're using Windows).

    • 29 August 2015 at 12:10am
      suetonius says: @ David Timoney
      It's true, Mac's aren't bulletproof, but you are much less likely to get shot. Anti virus can help, but misses a lot. I teach at a University, they have anti virus on everything, and people still get hit regularly if they're on Windows. Emailing yourself important files is a great, if time consuming and annoying, way to guarantee you won't lose things. Make sure your email is IMAP so there will be a copy on a server somewhere. Not being a Windows guy, can't comment on how much ransomware is real, the one time I saw it was (I dug around in the terminal trying to get the files).

  • 29 August 2015 at 7:03am
    Julia Atkins says:
    suetonius is absolutely correct on this..a mac is the only solution...amazed that RWJ usually iconoclastic is still very PC.

    • 30 August 2015 at 2:54am
      Emmryss says: @ Julia Atkins
      Mac's? Iconoclastic? Iconic is more like it.

    • 30 August 2015 at 3:05pm
      suetonius says: @ Emmryss
      Well, nowadays :-) I bought my first mac in 1985 - there was a long time we were out in the wilderness...

  • 30 August 2015 at 2:28am
    keith smith says:
    Its certainly possible for a mac to be held for ransom in this way. But it doesn't affect the machine as a whole, just the web browser. So of course you must back up files continuously, but also keep at least one other web browser, such as Firefox or Chrome or both, on your machine. A simple way of getting rid of ransomware on a mac is to turn off the machine, then start it up again while holding down the shift key throughout the startup. This works.

  • 30 August 2015 at 9:08am
    judgefloyd says:
    My suggestion would be to put the computer on Ubuntu, which I believe to be as secure, if not more so, than Macs, as well as being cheaper (free, really). Disadvantage, you may need a nerdy mate to help out with it, advantage, it's not a Mac. The comment about ransomware being usually fake is interesting - this is the first I've heard of ransomware.

  • 30 August 2015 at 12:14pm
    David Timoney says:
    Ransomware, like most Internet scams, is an example of what is increasingly referred to by media-botherers as 'social engineering', but is better known as a confidence trick. The precise method of delivery is a trivial issue for the scammer (so long as it is near-zero cost), as it's a numbers game: hit on millions of people and a few fools will put their hands up.

    As with offline confidence tricks, the main techniques centre on gullibility and cognitive errors: a lack of skepticism in the face of authority, a belief in omniscience (someone knows my secret), and overweening pride. The idea that because you use a Mac you are next-to-invulnerable is an example of the last of these. This is on a par with the idiots who gave Ashley Madison their real email address because they were suckered by the site's "class" and assurances of security.

    Antivirus works by downloading at-last-daily updates of virus signatures (i.e. identifiable patterns in the code). Assuming you have this turned on, you will be protected from the vast majority of attacks (ca 95%), however it is also a good idea to install a separate on-demand scanner for a periodic double-check. Organisations, such as large firms or universities, should have a firewall system that scans all traffic at the interface of the local area network and the Internet.

    While antivirus on institutional PCs is a good second line of defence, this is primarily to catch eejits uploading viruses via USB drives (clued-up organisations disable this altogether and force everything through the firewall). Again, the weakness is the human factor. Universities are a prey to viruses because they have lots of users who think they are too clever to get mugged.

    You can increase your protection level from 95% to 99% by taking a few simple precautions, such as outlined by Joe above, which boil down to the old adage: look before you leap. Your battle with the malware crims is not an intellectual game of cat and mouse. They are not interested in people who are careful, because there is no economic return. They are relying on the mug principle: there's one born every minute.

    PS: Keith Smith is referring to starting your machine in 'safe mode', which you can do on a PC as well (press F8). This doesn't remove the malware, it simply starts the OS in a functionally minimal mode (e.g. no network connection) that should allow you to run an antivirus scanner or manually remove the malware.

    PPS: The idea that malware on a Mac only affects the browser is hilariously wrong-headed, but understandable if you can't cope with the idea that a Mac is just another computer, rather than a portal to a superior form of existence. Crazy individualists, my arse.

    • 30 August 2015 at 3:08pm
      suetonius says: @ David Timoney
      It is certainly true that a Mac can have the same issues, it's just much less likely. The ransomware that hit my wife's assistant's Mac via Windows running in Parallels hit the mac disk too, since I had stupidly set Parallels to have access to the whole Mac, I don't do that anymore! I had backups via both Time Machine and an offsite backup, so coulee restore the machine.

  • 30 August 2015 at 3:08pm
    suetonius says:
    And FYI that ransomware did actually encrypt everything, which is very easy to do. The files were not recoverable.

  • 5 September 2015 at 9:44am
    Joe says:
    Most convoluted 'dog ate my homework' story ever.

  • 8 September 2015 at 2:48pm
    PBL says:
    Hard to beat Joe's comment. So let me be pedestrian and techie.

    Unix/Linux-based operating systems (MacOS and Ubuntu were mentioned) have a "permissions" structure for reading and writing files (and executing them if they are code), as well as "users" and "groups". If "user" is to modify a file (for example, encrypt it), "user" must have "write" permission for that file. User "MrMailClient" does not generally have permission to "write" (write over) JoeRealUser's files. Even if JoeRealUser "opens" an "attachment" to an e-mail, and it runs some code, it's "MrMailClient" who is running that code, so JoeRealUser's files are protected from modifications. So people here saying that Mac and Linux users can't be hit with this kind of thing are generally right (there are, of course, other things to which they might be vulnerable).

    This does assume the system works according to design ("designs" are, after all, just stories told by computer programmers, who are known to be excessively hopeful about their achievements). An exception arises when the mail client has a flaw in it which allows "MrMailClient" to assume God-like privileges (known in forty-year-old jargon as "superuser permissions"). This was known as the "setuid" vulnerability. You couldn't always get around it.

    Sigh. Those were the days. Though twenty years after Larkin's Annus Mirabilis.

    Suetonius's tale about hisher wife's assistant is a meritful cautionary. Running Windows on MacOS and allowing it to sync all its files sounds like the worst of both security worlds, convenient though it undoubtedly is. The fastest way to get to that meeting across town may well be to drive through the town centre at 150kph. There are nevertheless very good reasons not to do so. Computers aren't much different, although there is somewhat less chance of someone dying.


  • 8 September 2015 at 2:58pm
    louBurnard says:
    I'm with judgefloyd here. Macs get hacked increasingly often. And they are evil.

    • 8 September 2015 at 5:04pm
      Adam_Morris says: @ louBurnard
      This is going to degenerate into a why-Macs-are-better-than-PCs debate, so let me get the first shot in.

      @louBurnard: 'Macs get hacked increasingly often’. No they don’t, there are just more Macs around as more people come to their senses and ditch the car crashes, cludges and downright copies that constitute successive stains of Windows. I’ve used Macs since 1985 and never had a virus.

      As for being ‘evil’.. well if you think Microsoft are the good guys in the Manichaean struggle of operating systems, then you’re beyond the help of heaven, its angels and even Apple.

      @FromArseToElbow: 'The idea that malware on a Mac only affects the browser is hilariously wrong-headed'
      Give me one real world example.

      'but understandable if you can’t cope with the idea that a Mac is just another computer, rather than a portal to a superior form of existence.’
      No, just a vastly superior, more elegant, faster and safer way of computing.

      In thirty years of using both OSes, I’ve never met anyone who switched from Windows to a Mac who went back.

  • 8 September 2015 at 6:06pm
    David Timoney says:
    @PBL, Windows has users and groups and dedicated system accounts and complex permissions too. The idea that Unix, Linux and MacOS have a different architecture, which makes them more robust, is plain wrong (and has been since the NT Kernel and NTFS was introduced over 20 years ago). Consider: if you want to sell to government or the education sector, not to mention a commercial sector whose security requirements cover the full spectrum, you need to meet independent standards of security certification. If Windows really were that bad, nobody buying for an organisation (as opposed to home use) would touch it with a barge-pole.

    The perception of the Mac's superiority arises from two, related characteristics. First, Apple's control-freakery means the MacOS is a very unwelcoming environment for 3rd-party applications. This limits vulnerabilities due to poorly-written code (a popular vector with malware), but it also means many applications simply aren't ported to the Mac because of the hassle. The consequence, and second characteristic, is that relatively few people use Mac OS. As a result, malware writers, whether motivated by lulz or money, concentrate on the vastly more popular Windows. It's not because it's easier; it's because it's a bigger target.

    The bottom line is that Windows faces far more threats, but is consequently more "hardened" in the real world (hence the importance of automatic updates). MacOS viruses are rarer (though increasingly common), but the OS actually has more vulnerabilities - i.e. design flaws that could be exploited - because it isn't hardened to the same degree. According to analysis of US government data, Mac OS X was the most vulnerable OS in 2014, and even Linux had a worse record than Windows.

    PS: @Adam-Morris, examples of malware for MacOS (and all independent of the browser) include: MacDefender (extortion), Rootpipe (gains root access, i.e. superuser), CoinThief (steals Bitcoin credentials), Flashback (hit over 0.5m users in 2011/2 and wtill in the wild), Lamadai (takes remote control - thought to be Chinese state-sponsored). I could go on. Malware is just malicious code. If your computer can run code, it can run malware.

    • 8 September 2015 at 8:02pm
      Adam_Morris says: @ David Timoney
      No-one wants this to this become to become a tedious PC v. Mac debate, so I’ll respond then shut up.

      *MacDefender may be extortion but it’s not malware. Caveat Emptor.

      *CoinThief - if you’re going to start dealing in things as dodgy as BitCoins...

      *FlashBack and Lamadai were brief privilege escalation vulnerabilities (one apparently via Java) which were patched quickly. I had to look this up because no-one I know has experienced or even heard of these (including our IT guy).

      Compare that to the dozen PC viruses which have spawned while I’ve been writing this and I believe that in the real world, Macs offer bulletproof security compared to PCs. The analysis you quote makes the point that though Windows had fewer vulnerabilities, they had a much higher percentage of high level vulnerabilities than Mac OS: 'none of the security holes in Windows versions were rated as low severity'

      You make two points I disagree with completely.

      -- 'Apple’s control-freakery means the MacOS is a very unwelcoming environment for 3rd-party applications.’ Have you looked at the range of software that Macs run ? And if this environment is ‘unwelcoming’ for software, isn’t it also true for the malware ? I love Apple’s ‘control-freakery’ – it’s called security.

      -- ‘Macs don’t have the same range of applications’ This argument stopped being used about eight years ago, even by hardcore PC pundits. Yes, there are more applications for Windows, but if you omit those for specialist scientific/lab use, 90% of them are crap. Put simply, OS X/iOS is too big and too lucrative a market for developers to ignore. Windows is a target not because it’s bigger, but because it’s much easier to hit. I first heard the argument that Apple would quickly become the target of malware once its market share began to grow about ten years ago. Since then Macs have taken a larger and growing share of the market (and completely dominate the high-end/affluent user segment) but viruses and malware are close to non-existent. PC Magazine voted Macs as the best business laptop and best desktop workstation for 2015.

      Your contention that Windows is more ‘hardened’ to threats is risible: it’s like saying an alcoholic with a failing liver is hardened to the next shot of vodka. Because it’s shot to pieces that somehow makes it stronger ? Please...

      Bottom line is you work with the OS that’s best suited to your needs and likes, and we could both quote arguments supporting our positions. My firm has bought hundred of Macs over the years because they last forever, rarely have hardware problems and are a delight to use. A $1200 iMac works out a lot cheaper than a $600 PC, in the long run.

      Enough already, over and out.

    • 9 September 2015 at 7:01pm
      David Timoney says: @ Adam_Morris
      Touchy, touchy. I note that your earlier prediction - that "This is going to degenerate into a why-Macs-are-better-than-PCs debate" - was a self-fulfilling prophecy. The problem with Mac users (as Umberto Eco spotted early on) is that they cannot abide any deviation from the one true church. They insist that A is better than B; so anyone who demurs must be a partisan of B. In fact, most IT professionals (like me) are utilitarian: we choose horses for courses. I'm not anti-Mac, just anti-smug.

      Over the years, I have bought literally thousands of PCs and scores of Macs (I employed graphic designers), plus hundreds of Unix and Linux machines. I have also bought a lot of antivirus software, firewalls and been involved in tackling large-scale malware and hacking attacks (my original IT specialism was security). I do not "argue from authority" that A is better than B or vice versa, but rather argue that the chief vulnerability is the human factor (a point you perhaps unintentionally concede in your dismissal of Mac viruses). The technology is incidental.

      For the record, malware is a catch-all term that covers not only malicious code (i.e. the traditional virus or trojan) but also scams, spyware and so-called scareware, such as MacDefender.

  • 8 September 2015 at 6:09pm
    Timothy Rogers says:
    I had this happen to me (twice in a five year period, on two different computers, the first of which I had replaced). Over here it’s known as “the FBI virus”. You turn on your computer one day, your regular desktop display comes up, and all of a sudden, with flashing lights a bold message purporting to come from the FBI appears. It states that you have been identified as having violated various “US government internet laws” (e.g., hacking into government secure sites, patronizing child pornography sites, and a few more things). However, “the FBI” is not going to prosecute you, but rather fine you $300 – if you pay up they will unlock your computer. The method of payment requested was for you to buy a $300 cash-transfer card (these are sold at some convenience stores), get on a phone and read in the card’s PIN number, etc., which would transfer the money from the card vendor’s account to “the FBI”. Then they would send you a phone message with the “unlocking key” and instructions on how to use it. My normal McAfee malware and the stuff that came with Windows was useless in counteracting the virus.

    I had access to an outside computer, so I searched on various malware-help sites and came across a number of suggested routines for eradicating the virus, but I couldn’t get any of them to work. So I took the tower and its hard-drive to a local computer repair store and paid them something like $125 to save all my files and get rid of the virus, which they did, claiming that they needed to run some highly specialized malware programs which took a lot of time (“overnight”). I have no idea how much of their sales-talk was real and how difficult it was for them to solve the problem, but I did get a clean drive with restored files back at less than half the ransom price. Of course the real FBI was infuriated by this and made a big attempt to track down the perpetrators (alleged to be operating out of Ukraine or Russia at the time), but I don’t know if they ever succeeded in doing this. Since then I‘ve met several people whose PCs were attacked in the same way, and they all took my route rather than paying the ransom. All I do now is to try to back-up any new writing or information of consequence to me on a zip-drive, which is cheap and at least saves your work, though you have to remember to do it routinely.

    As to Macs vs Windows, what serious adult could possibly care? The former might be cute little things, but their business originator, Saint Steve, was motivated by a relentless appetite for success validated by money and power, nothing more, nothing less. He was more or less killed by his own arrogance, masquerading as omniscience and “cutting-edge” thinking (in this case in the fantasy realm of “alternative medicine”). Good riddance, and it would be a delightful occasion if the whole big company collapsed due to a bad market calculation. Not that someone else won’t step in as a holy figure of entrepeneurship to provide our consumption-crazy society with a replacement toy

  • 9 September 2015 at 9:33am
    bertzpoet says:
    Buy an external hard drive, and back up everything there.

Read more