Held hostage by ransomware from Russia

  • 35 Replies
  • 736 Views
*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Held hostage by ransomware from Russia
« on: February 11, 2020, 10:52:14 PM »
Welp, those that hate me here would be excited to know I am being held hostage by Russia.

A company I absorbed about a year ago in my mech firm has allowed ransomware into their servers. I have cut all hard lines and have maintained control to most files, records and proprietary designs excluding this company I absorbed. That company's files has been 100 percent encrypted by this software, efforts to regain control has been unsuccessful so far (according to the company I have brought on board to handle this).

All my employees has been granted paid furlough (insurance has covered so far) while I am attempting to solve this issue. Insurance of course won't cover said ransom (480k)... I am not dumb enough to pay it as I know it will never end... However, this company I speak of has no paper back up files and if I start over, their net worth would be negative.

Shitty.... Not looking like there is much to do so far.

Let the laughter begin........now
Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

Crouton

  • Flat Earth Inspector General of High Fashion Crimes and Misdemeanors
  • Planar Moderator
  • 10410
  • V is for Viceroy
Re: Held hostage by ransomware from Russia
« Reply #1 on: February 11, 2020, 10:56:36 PM »
Welp, those that hate me here would be excited to know I am being held hostage by Russia.

A company I absorbed about a year ago in my mech firm has allowed ransomware into their servers. I have cut all hard lines and have maintained control to most files, records and proprietary designs excluding this company I absorbed. That company's files has been 100 percent encrypted by this software, efforts to regain control has been unsuccessful so far (according to the company I have brought on board to handle this).

All my employees has been granted paid furlough (insurance has covered so far) while I am attempting to solve this issue. Insurance of course won't cover said ransom (480k)... I am not dumb enough to pay it as I know it will never end... However, this company I speak of has no paper back up files and if I start over, their net worth would be negative.

Shitty.... Not looking like there is much to do so far.

Let the laughter begin........now

That sucks.  Do you have any off sight backups?
Intelligentia et magnanimitas vincvnt violentiam et desperationem.
The truth behind NASA's budget

*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Re: Held hostage by ransomware from Russia
« Reply #2 on: February 11, 2020, 11:00:18 PM »
Welp, those that hate me here would be excited to know I am being held hostage by Russia.

A company I absorbed about a year ago in my mech firm has allowed ransomware into their servers. I have cut all hard lines and have maintained control to most files, records and proprietary designs excluding this company I absorbed. That company's files has been 100 percent encrypted by this software, efforts to regain control has been unsuccessful so far (according to the company I have brought on board to handle this).

All my employees has been granted paid furlough (insurance has covered so far) while I am attempting to solve this issue. Insurance of course won't cover said ransom (480k)... I am not dumb enough to pay it as I know it will never end... However, this company I speak of has no paper back up files and if I start over, their net worth would be negative.

Shitty.... Not looking like there is much to do so far.

Let the laughter begin........now

That sucks.  Do you have any off sight backups?

For the company I absorbed, no. They had back ups, yes. However, it is on servers that was on their network. Makes me feel better about the shit I got for retaining paper backups in filling cabinets.

If this isn't resolved it will be a very large hit I am quite positive insurance will not cover.
Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

Ichimaru Gin :]

  • Undefeated FEer
  • Planar Moderator
  • 8769
  • Semper vigilans
Re: Held hostage by ransomware from Russia
« Reply #3 on: February 11, 2020, 11:03:21 PM »
I'm sorry to hear that. It's become an ever increasing threat to the healthcare world as well. As charts have almost all been converted to electronic records, our personal medical information is more vulnerable than ever. Iowa had a large case of ransomware in their hospital systems, Wisconsin had over 400 dental offices hit by ransomware, it's a terrible situation because it is so hard for businesses to fight back.

I hope you find kind of solution soon. It's a helpless feeling and extremely aggravating.
I saw a slight haze in the hotel bathroom this morning after I took a shower, have I discovered a new planet?

*

Lorddave

  • 15516
Re: Held hostage by ransomware from Russia
« Reply #4 on: February 11, 2020, 11:13:36 PM »
That sucks hard. :(

Basically you're SOL.
Paying the randsome WILL (75% of the time) get your files back because if they didn't, it would spread word that they don't deliver and thus fewer would risk paying.

Backups should always be offsite or paper. (Or both)
Also, Linux systems are unaffected as they lack the encryption protocols windows uses.  (They have others)

But yeah, I'm sorry man.  Your options are to pay or start over.  No other real choices.  Unless you can track them with super hacker skills, fly to russia, and kill/torture them for your key.
Or you have a few super computers to find the decryption key.

*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Re: Held hostage by ransomware from Russia
« Reply #5 on: February 11, 2020, 11:30:37 PM »

I'm sorry to hear that. It's become an ever increasing threat to the healthcare world as well. As charts have almost all been converted to electronic records, our personal medical information is more vulnerable than ever. Iowa had a large case of ransomware in their hospital systems, Wisconsin had over 400 dental offices hit by ransomware, it's a terrible situation because it is so hard for businesses to fight back.

I hope you find kind of solution soon. It's a helpless feeling and extremely aggravating.

Thank you very much....though the situation is very bleak currently. I had no idea this was possible, and apparently this is some "group" that is notorious for this with a track record.

Knowing this is happening in the medical field is quite concerning.

That sucks hard. :(

Basically you're SOL.
Paying the randsome WILL (75% of the time) get your files back because if they didn't, it would spread word that they don't deliver and thus fewer would risk paying.

Backups should always be offsite or paper. (Or both)
Also, Linux systems are unaffected as they lack the encryption protocols windows uses.  (They have others)

But yeah, I'm sorry man.  Your options are to pay or start over.  No other real choices.  Unless you can track them with super hacker skills, fly to russia, and kill/torture them for your key.
Or you have a few super computers to find the decryption key.

I agree, I take security very seriously and go overboard in attempts to plan for the worst case scenario. Thus everything that does not involve this company is secure, and things they did highjack, I have hard copy backups.

I take responsibility though, as all my due diligence, I did not look much into their digital infrastructure...kinda dumb in that aspect.

To be honest, paying their ransom would be much cheaper than losing that company by a long shot. However, what guaranty is there? Will they ask for more? How do I know they don't have some sort of program installed somewhere that will become active and start the whole thing over in a month?

People like this really push me to lose hope in humanity
Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

Bullwinkle

  • Flat Earth Curator
  • 17910
  • "Umm, WTF ???"
Re: Held hostage by ransomware from Russia
« Reply #6 on: February 11, 2020, 11:33:48 PM »
Any way to tag the sellers of the absorbed company for negligence?
Selling you a faulty entity?

*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Re: Held hostage by ransomware from Russia
« Reply #7 on: February 11, 2020, 11:56:37 PM »
Any way to tag the sellers of the absorbed company for negligence?
Selling you a faulty entity?

That has crossed my mind, though when your car is repoed, does anyone actually pay the fees after?
Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

Stash

  • 3832
Re: Held hostage by ransomware from Russia
« Reply #8 on: February 12, 2020, 12:11:48 AM »
480 large is an amazingly mighty sum of money. Isn't this a total FBI situation? I literally have no idea, it just seems like that is in the threat to national security kinda ransom realm.
No. That sudden lurch forwards is the atmospheric slosh effect.

*

MaNaeSWolf

  • 1850
  • Show me the evidence
Re: Held hostage by ransomware from Russia
« Reply #9 on: February 12, 2020, 12:43:35 AM »
Welp, those that hate me here would be excited to know I am being held hostage by Russia.

A company I absorbed about a year ago in my mech firm has allowed ransomware into their servers. I have cut all hard lines and have maintained control to most files, records and proprietary designs excluding this company I absorbed. That company's files has been 100 percent encrypted by this software, efforts to regain control has been unsuccessful so far (according to the company I have brought on board to handle this).

All my employees has been granted paid furlough (insurance has covered so far) while I am attempting to solve this issue. Insurance of course won't cover said ransom (480k)... I am not dumb enough to pay it as I know it will never end... However, this company I speak of has no paper back up files and if I start over, their net worth would be negative.

Shitty.... Not looking like there is much to do so far.

Let the laughter begin........now
Ouch, sorry to hear. Its no laughing matter to be on the line for that much.

Unfortunately it seems that online security is something we will all have to get  used to being obsessive about.

 . . . . Now I need to go and make sure my back ups are still good.

*

Shifter

  • Flat Earth Believer
  • 12779
  • ASI
Re: Held hostage by ransomware from Russia
« Reply #10 on: February 12, 2020, 12:44:32 AM »
One time my personal computer got hit with ransomware

'Windows Restore' fixed that shit up  :)

Don't know about your setup though


*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Re: Held hostage by ransomware from Russia
« Reply #11 on: February 12, 2020, 01:06:43 AM »
480 large is an amazingly mighty sum of money. Isn't this a total FBI situation? I literally have no idea, it just seems like that is in the threat to national security kinda ransom realm.

Who do I call? International law is about as weak as it comes unless I had actual power somewhere.

. . . . Now I need to go and make sure my back ups are still good.

It's not funny....GO CHECK! You cannot be over prepared. I haven't got the 100 percent confirmation yet, however, 90 percent this whole nightmare started from an email.

Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

MaNaeSWolf

  • 1850
  • Show me the evidence
Re: Held hostage by ransomware from Russia
« Reply #12 on: February 12, 2020, 01:17:13 AM »
480 large is an amazingly mighty sum of money. Isn't this a total FBI situation? I literally have no idea, it just seems like that is in the threat to national security kinda ransom realm.

Who do I call? International law is about as weak as it comes unless I had actual power somewhere.

. . . . Now I need to go and make sure my back ups are still good.

It's not funny....GO CHECK! You cannot be over prepared. I haven't got the 100 percent confirmation yet, however, 90 percent this whole nightmare started from an email.


Unfortunately you dont have many real world options.
First you will need to identify from where the attack came from before you can even think of instituting some legal action.

I would however report it to your police for both insurance reasons and to build a list of claims.
If there is enough of a threat to its citizens any decent country will eventually build a task force to start doing something, if there is not already something being done.

A lot of these things come from North West Africa, North Korea, Russia and other poor countries where legal action is almost impossible to enforce.

If I where you, think more about how you are going to set up the road a head than worrying about "getting back" at them. Reduce stress where you can.

*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Re: Held hostage by ransomware from Russia
« Reply #13 on: February 12, 2020, 01:19:21 AM »
Reading comments again I would like to clarify.

I am not "on the hook for anything".... This ransomware has taken over the said servers and supposedly I will receive the key needed to remove the encryption for the already stated amount.

I have a company working on the situation along with two others I have hired as consultants monitoring the situation. I have been told this group is Russian based linked to other similar situations. They supposedly honor the "agreements" if paid as lorddave suggested.

However, one....it pisses me off more than anyway I can explain.

Two, what recourse do I have if they don't honor their side, or leave something that will hack my shit a month later (as concerned before)
Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

Bullwinkle

  • Flat Earth Curator
  • 17910
  • "Umm, WTF ???"
Re: Held hostage by ransomware from Russia
« Reply #14 on: February 12, 2020, 01:22:30 AM »
Put dye packs in the bag of ransom cash.

*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Re: Held hostage by ransomware from Russia
« Reply #15 on: February 12, 2020, 01:28:41 AM »

Unfortunately you dont have many real world options.
First you will need to identify from where the attack came from before you can even think of instituting some legal action.

I would however report it to your police for both insurance reasons and to build a list of claims.
If there is enough of a threat to its citizens any decent country will eventually build a task force to start doing something, if there is not already something being done.

A lot of these things come from North West Africa, North Korea, Russia and other poor countries where legal action is almost impossible to enforce.

If I where you, think more about how you are going to set up the road a head than worrying about "getting back" at them. Reduce stress where you can.

Thanks for your thoughts wolf, as you know from the past I respect your opinion.

As stated in my post above, from information provided I know where the group came from (Russia).

Legal action is impossible as I stated above, as what power does international law really have... especially against Russia.

I have definitely reported to my insurance company, which fortunately had given little grief towards funding loss of wages and revenue. However, any sort of ransom I were to pay or loss in an acquisition would certainly result in a court battle.

I am also certainly not worried about "getting back at anyone"...the only thing I am really woried about is losing the acquisition that is under attack.

If that company loses the IP, customer base and patents....they have literally lost all value and my money beyond a waste.
Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

MaNaeSWolf

  • 1850
  • Show me the evidence
Re: Held hostage by ransomware from Russia
« Reply #16 on: February 12, 2020, 02:08:09 AM »
Thanks for your thoughts wolf, as you know from the past I respect your opinion.

As stated in my post above, from information provided I know where the group came from (Russia).

Legal action is impossible as I stated above, as what power does international law really have... especially against Russia.

I have definitely reported to my insurance company, which fortunately had given little grief towards funding loss of wages and revenue. However, any sort of ransom I were to pay or loss in an acquisition would certainly result in a court battle.

I am also certainly not worried about "getting back at anyone"...the only thing I am really woried about is losing the acquisition that is under attack.

If that company loses the IP, customer base and patents....they have literally lost all value and my money beyond a waste.

A - Patents are public record, so you should in principle not be able to lose those as long as you can prove that you acquired them. Purchase agreement should help with this.
B - In principle the same should apply to all Intellectual property, if you can prove that your the holder of that IP.

I am guessing that your big issues is that you lost information in how that IP worked within this system that you no longer have access to?
Maybe look to what you still have from this purchase?

Really sorry, sounds like a sucky situation.



*

Lorddave

  • 15516
Re: Held hostage by ransomware from Russia
« Reply #17 on: February 12, 2020, 03:38:08 AM »
So.
You have no guarentees but you can setup offsite backups so that if they do it again, you can restore from the backups.

That would be my advice.  Contract with a 3rd party to do the backups if your IT guys aren't up for it.  Simply having space in a data center and doing daily, incremental backups probably will be enough so long as you do like incremental over a week then full at the end of said week.  So you have at least 7 days of backups.

*

JerkFace

  • 10386
  • Looking for Occam
Re: Held hostage by ransomware from Russia
« Reply #18 on: February 12, 2020, 03:40:12 AM »
That sucks.  I hope you can find a way to get the files back.   

I know there are companies that specialise in ransomware recovery,  but I guess you are already on that track. 

Stop gilding the pickle, you demisexual aromantic homoflexible snowflake.

*

boydster

  • Assistant to the Regional Manager
  • Planar Moderator
  • 13695
Re: Held hostage by ransomware from Russia
« Reply #19 on: February 12, 2020, 04:07:50 AM »
That's a real bummer, and it seems to be a trend that isn't going away, and it is absolutely causing business to go under.

I can't speak to getting your old stuff back. But if at all possible, get yourself a real backup and disaster recovery solution. Backups should be following the 3-2-1 policy: at least 3 copies of your data, on at least 2 different types of media, with at least 1 being off-site. You've got multiple buildings, so you can set up a hub-and-spoke kind of protocol. 3-node highly available server cluster at your main, and 1 or 2 nodes at your other sites and the ability to spin up the VMs you need to run your business while you rebuild whatever gets hit. Replicate between them. Find a cloud provider that specializes in backup and replicate there as well.

I realize all of that only helps for future attacks. Wish I had an answer to help your present situation. Giving them money will absolutely make you a future target though, especially a large sum like that, so you would want to get your DR plan in place first.

*

DuckDodgers

  • One Duck to Rule Them All
  • 5129
  • What's supposed to go here?
Re: Held hostage by ransomware from Russia
« Reply #20 on: February 12, 2020, 08:22:16 AM »
You really should contact the FBI about this. They won't be able to help you with your situation, as the only way to get your files back is to pay the ransom, but it helps them build a profile of these people.
markjo, what force can not pass through a solid or liquid?
Magnetism for one and electric is the other.

*

JerkFace

  • 10386
  • Looking for Occam
Re: Held hostage by ransomware from Russia
« Reply #21 on: February 12, 2020, 04:32:43 PM »
You really should contact the FBI about this. They won't be able to help you with your situation, as the only way to get your files back is to pay the ransom, but it helps them build a profile of these people.

Here's one that offers no-data no-fee ransomeware recovery.    If you google "ransomware recovery"  you get plenty of hits.  Mind you they are probably the ones who fund the Russian hackers to hack your systems in the first place.

https://fastdatarecovery.com.au/ransomware-recovery/ransomware-recovery/?gclid=CjwKCAiA4Y7yBRB8EiwADV1haRUGQ9ajw3e4iltn6228JwvML3xonpM-S0Ggt7-Uz64BUmNVWA53EhoCEXgQAvD_BwE
Stop gilding the pickle, you demisexual aromantic homoflexible snowflake.

*

DuckDodgers

  • One Duck to Rule Them All
  • 5129
  • What's supposed to go here?
Re: Held hostage by ransomware from Russia
« Reply #22 on: February 12, 2020, 06:00:30 PM »
Those are probably NK hackers who will in turn hack you once they unhack you from the Russians.
markjo, what force can not pass through a solid or liquid?
Magnetism for one and electric is the other.

*

markjo

  • Content Nazi
  • The Elder Ones
  • 39101
Re: Held hostage by ransomware from Russia
« Reply #23 on: February 14, 2020, 06:52:41 AM »
Tell them that you can't pay the ransom because all of your bit coins are on the servers that they encrypted.
Science is what happens when preconception meets verification.
Quote from: Robosteve
Besides, perhaps FET is a conspiracy too.
Quote from: bullhorn
It is just the way it is, you understanding it doesn't concern me.

*

John Davis

  • Secretary Of The Society
  • Administrator
  • 16357
  • Most Prolific Scientist, 2019
Re: Held hostage by ransomware from Russia
« Reply #24 on: February 14, 2020, 09:33:38 AM »
This happened to a friends company recently ( as in the last day or two ); that company isn't located in TN is it?
Quantum Ab Hoc

*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Re: Held hostage by ransomware from Russia
« Reply #25 on: February 17, 2020, 10:19:14 PM »
Well, everything will be 100 percent again by 11am this morning. Absolute BS

This happened to a friends company recently ( as in the last day or two ); that company isn't located in TN is it?

No, my businesses are in Texas.
Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

Lorddave

  • 15516
Re: Held hostage by ransomware from Russia
« Reply #26 on: February 17, 2020, 10:41:57 PM »
Well, everything will be 100 percent again by 11am this morning. Absolute BS

Who said that?

*

boydster

  • Assistant to the Regional Manager
  • Planar Moderator
  • 13695
Re: Held hostage by ransomware from Russia
« Reply #27 on: February 18, 2020, 04:27:15 AM »
Well, everything will be 100 percent again by 11am this morning. Absolute BS

Who said that?
This, and how is it being made 100%?

*

Bom Tishop

  • 10741
  • Official friend boy of the FES!!
Re: Held hostage by ransomware from Russia
« Reply #28 on: February 22, 2020, 10:16:04 PM »
Well, everything will be 100 percent again by 11am this morning. Absolute BS

Who said that?

Perhaps I posted that incorrectly... supposed to read

Well, everything will be 100 percent again by 11 this morning....then a pause, then absolute BS, speaking of this happening and the expense/time wasted.

As for who said that...the company I hired to hopefully fix this mess.

Despite that post, it didn't actually happen until late Thursday evening when everything was operational again.

This, and how is it being made 100%?

I don't understand the question?
Quote from: Crutchwater
Quote from: FlatOrange
You can't murder a suicide victim
Tell that to Epstein!

*

Lorddave

  • 15516
Re: Held hostage by ransomware from Russia
« Reply #29 on: February 23, 2020, 12:09:00 AM »
Well, everything will be 100 percent again by 11am this morning. Absolute BS

Who said that?

Perhaps I posted that incorrectly... supposed to read

Well, everything will be 100 percent again by 11 this morning....then a pause, then absolute BS, speaking of this happening and the expense/time wasted.

As for who said that...the company I hired to hopefully fix this mess.

Despite that post, it didn't actually happen until late Thursday evening when everything was operational again.

This, and how is it being made 100%?

I don't understand the question?

What did they do, pay the ransome?