It’s 6:05 AM on a Friday. Diane, the CEO of NotReallyTechCorp, a medium-sized local business, is attempting to login to her computer to begin the business of the day. Sign-on goes fine, but as soon as she tries to open local applications, she receives errors. Finally, she notices a new file on the desktop. She opens it and finds something that looks a lot like this:
!!! IMPORTANT INFORMATION !!!!
All of your files are encrypted with RSA-2048 and AES 128 ciphers.
More information about the RSA and AES can be found here:
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To recive your private key follow one of the links:
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
2. After a succesful installation, run the browser and wait for initialization.
3. Type in the address bar: 6dtxgqam4crv6rr6.onion/ECCEADD847A1F1A
4. Follow the instructions on the site.
!!! Your personal identification ID: ECCEADDE847A1F1A !!!
Diane immediately calls her CISO, then her CIO, and then her VP of Information Technology. Finding they were all still asleep, Diane calls Dennis, the Systems Engineer in charge of the databases that make up the heart of NotReallyTechCorp’s business.
“I was wondering when you’d call,” Dennis mumbles. “I started getting alerts from some systems about an hour ago. I-”
“Just cut to it, Dennis,” interrupts Diane. “What’s happening?! Why can’t I log into anything? I have this weird message in a text file on my desktop and I can’t make heads or tails of it. What is a Tor, and what does it have to do with onions?”
“We have been hit by a ransomware attack. I don’t know how bad yet, but…it’s bad. At least five systems that are definitely infected, and I haven’t gone through them all yet. I shut off the backup server and all the database servers as a precaution, so…”
Diane is incredulous. “You shut off the database!? How can we do business?”
“I didn’t feel like we had a choice. I took down the external network connection, too. Hell, the only way you were able to login is because you’re in the office. And with your permission, even that’s not gonna last much longer. I had to shut down the database in case it wasn’t infected yet. That’s the only way to be sure. Same for the backups too. The thing is,” Dennis said, slowly, “The way we’re set up, that Database IS the business. And those backups? They’re the only ones we got. And if we can’t get clear of this with those systems intact, we’re going to lose a lot more than a day’s earnings. NotReallyTechCorp might never get back online at all.”
It was going to be a long, long day.
“Ok,” Diane finally says. “Tell me everything I need to know about Ransomware.”