Entrepreneur Rob handed over € 50,000 – Cyber Crime case
“If I didn't pay, I would be worse off"
An infected file subsequently revealed that the hackers had already broken in on April 2nd, 2020 at the company that converts professional vehicles for specific tasks. Rob, the director-owner, is someone with the finger on the pulse, always knowing how many orders are in the pipeline. He has a wide knowledge of the agreements with subcontractors and a good overview on how to reproduce the technical needs of his clients. When it comes to the details though, he relies on his team of 15 and on his computer software, of course.
“During a moment of not paying attention, one of my colleagues clicked on an infected link. Maybe it was me? Fact being, once inside the hackers can snoop around. Which servers contain the most important information? How are the backups arranged? Shall we steal and resell confidential information? Or do we earn more by encrypting everything with ransomware? ”
Everything on black
“I remember it exactly. King's Day, April 27. While Corona was gripping the Netherlands, 25 days after they got inside, my company was infected with the so-called Dharma virus – a ransomware variant that encrypts all your data and renders it useless. In my case including our backups. I felt sick to my stomach. It’s no fun to see all computer screens go black with the announcement that payment is the only option. I immediately turned everything off and disconnected from the servers. That way I could at least get some sleep.”
“The following morning, I set up a small crisis team from my own ranks. We started calling around, which is how we came across various ICT consultants. They came up with useful tips all right, but it felt like I was on my own. No one could tell me exactly what steps to take next. We copied the compromised backups for analysis with the thought that we could decrypt and restore these files. Well, forget it…”
Pay in bitcoins
“We had already been held ransomed for three days when negotiations started. The criminals communicated via a well-secured mail server in Switzerland, impossible to trace. Short e-mail exchanges followed, business-like. As far as I understood they wanted an amount in cryptocurrency for each infected server. Altogether € 5,000, which I calculated I could handle. I learned how bitcoins work and transferred the amount on May 1st. ‘Not enough’ they responded almost immediately.”
“On Saturday May 2nd, another threat came through that they wouldn’t share the keys to decrypt the data if I didn’t transfer € 30,000 in bitcoins. I did the calculation again and decided it was still worth it. I didn’t trust these guys for as far as I could throw them, but I was completely cornered. After the transaction they wanted another € 15,000. I had it. Now bankruptcy seemed like a viable option.”
A good match
“That Saturday I came in contact with someone who had gone through the same thing. He suggested a group of cyber-crime specialists. I e-mailed them and received an immediate answer. At 1.30 am that same night I was in a video call with a team of four.”
“They took control and negotiated with the hackers. In the end, we got all the keys in various phases and we were able to decrypt the original files and restore them to our newly installed servers. These were scenes that seemed to belong in a James Bond movie. Finally, on May 5th – how symbolic – the liberation was flying again. ”
“Damages: more than € 50,000 excluding expert advice costs. Uninsured. The chance that the police will find that money is zero. I have learned my lesson and have taken the necessary and extra preventive measures. In addition, I have insured myself against damages, including the possibility to immediately call an experienced team of experts in the event of an (assumed) incident. Suddenly, paying a premium for cyber insurance turns out to be a very sensible investment…”
“International research shows that one in five medium-sized businesses (MKBs) have been victims of a ransomware attack. Half of the victims pay an average of over € 100,000 in ransom to get back into business. Compared to Q4 2019, this is an increase of 33% until now.” - Cyber response expert
Would you like a no-obligation coversation about your cyber risks?
The Meijers specialists are happy to help you. Contact Tom Rijgersberg, Practice Leader, via email@example.com of +31 (0)6 386 756 13