Why we bang on about backups – a real-life crypto-locker horror story

It might not be Halloween, but what we’re about to tell you is truly terrifying – and it isn’t made up for effect, it really happened to a local business who we worked with.

What happened?

One Monday morning, our client sauntered in to work and tried to turn on their PC. It didn’t seem to be doing anything, so they went to take a look at their server screen where they were confronted with a message informing them that they had been hacked, and all of their data was inaccessible to them unless they deposited $1800 in Bitcoin, into the hacker’s account. This is called a crypto-locker hack.

The hacker had, had a fun weekend. While they’d all been away from their desks and after gaining access to one user’s machine, he used it to get on to the server which he’d then encrypted with a password.

In this instance, the client did actually have backups, however, they were onsite backups so the hacker simply used his freedom and admin authority to run riot and delete them.

How did he gain access?

In this instance it was user error, someone clicked on a dodgy link and downloaded software on to their PC which allowed the hacker access.

How was it resolved?

With no access to data or files, and no backup, the client had no choice but to pay up and hope for the best.

The client had to drive to Bristol twice, in order to convert GBP to Bitcoin, and each time there was a limit of £1000, which added an extra couple of days of downtime while the cyber criminal waited for payment.

During this time, we were communicating with the hacker to reassure them the money was on its way – there was absolutely nothing else we could do.

Eventually the client paid, and the hacker released the code to unlock the client’s files, however, we can’t stress enough that this client was one of the luckier victims of this crypto locker crime – not all hackers are quite so principled.

In fact, in a bizarre twist, we had trouble getting the code to work and with a lack of options, we emailed the hacker again who told us it was a common problem and sent us a document to help us solve it. But really, he had all of the power and could have easily demanded more money after the client paid, or simply stopped communicating and shimmied off into the sunset without ever handing over the decrypt code.

The takeaway

Even though the client got their data back, they were $1800 dollars down, lost sleep, and lost three days of downtime for something that could have been preventable.

How could the situation have been a bit less horrifying?

  • If the team had been subject to robust security training, this would likely have prevented the dodgy link click.
  • If the client had an offsite backup as well, the hacker would not have been able to access this to delete the information, and the system could have been reloaded without quite as much downtime, or needing to pay the bribe.

It might sometime seem like we talk about backups so much because we want to sell them, but first and foremost it’s because we’ve seen the effect that having no, or inadequate backup solutions has on people and their businesses.


If this story has resonated with you, and you’d like us to take a look at your current backups, or your disaster recovery plan to check that it’s up to scratch and suitable for what your business might need, please get in touch. Just give us a call on 01373 768024 or book a call in the calendar below: