R.W. Johnson · Ransomware
I had just finished writing an article for the LRB and was attaching it to an email when suddenly all the files saved as icons on my screen vanished. I thought at first I had pressed some wrong and incomprehensible button – something that happens to me – when a message flashed up on my screen telling me that all my files were gone. If I wanted them back I would have to pay the equivalent of $500 in Bitcoins (at the current rate of exchange, that was 2.3 Bitcoins) within 130 hours, after which the sum would rise to $1000. Absurdly, I thought of Tarquinius bidding for the Sibylline books of prophecy, and every time he said the price was too high, the Sibyl burns three books and offers the remainder at the same price. Clearly, I was in that sort of auction. To help concentrate the mind the time remaining was set out in hours, minutes and seconds, with each second ticking off: looking at this merely increases one’s manic state as the loss of all one’s files kicks in. I was always promising myself to back everything up but hadn’t.
I started investigating how to pay up: my computer guy told me it was the only way, that such ransomware was now big business and apparently randomly targeted. The virus is imported by email. The files may actually be still on your machine but they are encrypted and invisible – so what you get for your money is a decrypt key. But the whole business is immensely dodgy. Generally, if you pay you will get the files: if word spreads that the hackers will double-cross you, then no one would pay and the business model would be ruined. But various law enforcement agencies are attempting to disrupt these criminal gangs, so the decrypt key may get sabotaged in transit. There is no way of knowing where the hackers are.
I set about trying to find out how to buy Bitcoins. There were a variety of possible sellers but I wanted to buy with a credit card so I settled on CoinMama. Meanwhile I had to set up my own Bitcoin account or ‘wallet’ and this I did at an outfit called Blockchain. So I would have to buy them from CoinMama for deposit into my Blockchain account from which I could make the transfer to the anonymous twenty-digit coded account number given me by the hackers.
I started trying to pay for my $500 worth of Bitcoins (which would actually cost me $671.50, such is the commission charged). This was immensely arduous. I filled in endless details but then CoinMama wanted a selfie with me holding my passport next to my face so they could check my ID, and all four corners of the passport had to be visible. They took ages to process my request and then they really rattled me by replying not to the email address I had used to contact them but to my second address, which I had never mentioned to them. How could they possibly have known about it? I began to worry about ID theft and sent messages to people with whom I have financial relationships warning them of this.
In the end CoinMama asked my why I wanted the Bitcoins; when I told them, they immediately said they could have nothing to do with anything criminal. At the same time my computer guy rang to say that when he’d serviced my computer last October he’d backed up all the files. At which point I decided not to pay or do anything further. So I will lose the last 11 months of files but some I can recover from third parties. I’ll have to rewrite the LRB article from scratch, though. I can live with that.