The robbers got in

In my living memory, there were a couple of decades (namely the 1960s and ‘70s) where bank robbers were a dime a dozen. It seemed that armed robbers were on the TV news and front pages of Newspapers just about every day. Bank tellers worked behind heavy grills and men brandishing guns stood guard at the doors of even the smallest bank branches. Then better security measures came into place and bank robbers disappeared from modern life. But the turn of the 21st century seems to have brought a new age type of robber – the cyber robber – who seems to have taken over the heists in this new digital interconnected world.

This came home to roost when, a few weeks ago, our company was cyber hacked. An experience I never thought I would go through, but it taught me some valuable business lessons:

1. Back up, back up, and then back up again – off-site
2. Update your computer software
3. Your office will grind to a halt …no avoiding that one
4. Bitcoin is very difficult to buy
5. Find a cyber angel* to help you navigate the dark web

1. Back up
We were hacked at 10.25pm. No alarms went off, no alerts were sent until the first team member arrived to work at 7.30am to find a hacker’s ransom message on all our computers. By this stage the ransomware had encrypted every file on our server including our back up.

Make sure you have an off-site back up!

Our last full off-site backup was 6.5 weeks old. Ostensibly, we had lost 65 weeks of work (10 employees x 6.5 weeks). Which is why, as I will explain below, we paid the hackers. It was a matter of risk analysis; our information was worth more than the hacker’s ransom price of one bitcoin.

2. Update your computer software
As these things transpire, we had only recently discussed an off-site back up and upgrading all our computers to Windows 10. But we had stalled actioning it because we had overspent our capital budget. That decision cost us $5,000 in cash and close to $20,000 in productivity losses.

And those periodic and sometimes pesky software updates that appear on your computer? Well, they are actually there to provide the patches to ward against hackers, so make sure you take the time/find the money to update your software.

3. Your office will grind to a halt
No avoiding this one, all of our computers were infected. We had to rebuild every single machine, every laptop that had signed in via the VPN, and our server, from scratch.

That included all our desktops, so everything I had customised on my desktop for ease and speed was gone.

It took five days to get us all back up and running with working computers. The disruption to productivity was enormous.

The best decision we made was to have an unlimited maintenance contract with our IT supplier. Thankfully, the four days spent rebuilding our computers and problem solving was covered by our contract at no extra cost.

4. Bitcoin is very difficult to buy
All the advice we received, bar none was: ‘don’t pay the hackers’. While I agree with this in principle, on a pragmatic level we had lost 65 weeks of work, and I couldn’t let that go. So, when in doubt, do your research.

I found out we needed to report the crime to ACORN (Federal agency) and CERT (State agency, who inform your local Police), who both recommend not to pay the hackers, not just because you’re funding criminals, but also because there is no guarantee you will get your information back.

I was conflicted, but I was willing to risk losing $5,000 to get back 65 weeks information. I also considered it would be in the hackers’ best interest to return the data if the ransom is paid, otherwise their business model would not be sustainable. What I learnt was that it is less of an issue of hackers reneging on their side of the deal, and more about security agencies/good hackers shutting down payment links to disrupt the hacker’s activities (and therefore also interrupting the two-way flow between the bitcoin ransom being paid and the key to unlock the files being sent).

While I was resolving this conundrum, we tried to purchase a bitcoin. This isn’t as easy as you may think. Rookie mistake number one: trying to buy bitcoin with a credit card! It can’t be done. But who has a lazy $3,000 hanging around in cash to pay for a bitcoin? And even if you did, how does one find that elusive bitcoin shop? We were given some leads, but they all seemed a bit dodgy.

Notwithstanding this, buying bitcoin via a bank transfer involved far too many levels of information disclosure, and this made me very nervous. I made a call that was way too much information, to give away, I certainly didn’t want this information stored anywhere, let alone on a bitcoin merchant’s computer. So what next?

5. Find a cyber angel to navigate the dark web
So, this is eventually how we solved the conundrum, and it came to us through our network, someone introduced me to a cyber angel*. Our cyber angel bypassed the hackers’ link and went straight to the dark web to negotiate directly with the hackers.

We were finally able to send the hackers a file to unlock, to prove that they were genuine and had the solution. Once we received the file back, unlocked, our cyber angel purchased the bitcoin, made the transfer, and again, via a secure link on the dark web, directly paid our cyber robbers.

Who would have thought it would take so long? It became obvious that the hackers were in a different time zone and sometimes it took 12 or more hours to hear back from them. Who knew that hackers needed sleep?

The next day they then sent us the key to unlock our encrypted files.

This whole process took four days from the time we were hacked to the time we got the key.

And once we had the key, it took six passes over three days to unlock all our files.

6. All’s well that ends well
It all feels like a long distant memory now and we were lucky. It happened in one of our least busy weeks as we had no pressing deadlines. Therefore, we were able to react without fearing the worst or panicking.

We didn’t lose access to email, so we were still able to contact our members and stakeholders via our personal laptops and smart phones.

Our bank accountants weren’t hacked.

It brought us together. We had the time to have lunch together, we did go home earlier, and we managed to work around our file loss.

And the key business function, MOVE, our audience measurement tool, wasn’t affected because it sits in the cloud.

The week felt a bit surreal and it reminded me of that famous Albert Einstein quote: “I don’t know with what weapons World War III will be fought, but World War IV will be fought with sticks and stones”. In our case, it was obvious that the loss of the 21st century gains, took us straight back to the 19th century.

*For confidentiality reasons, our cyber angel will remain anonymous