“Why would they target me, I am just a lawyer?”, I believed until I was greeted with a strange message on my laptop a few days back:
“Your documents, photos, databases and other important files have been encrypted!............”
The message popped up on a notepad like document in the afternoon of May 18, 2016, and then the speaker of the laptop also started announcing the message. At first I thought it was some video playing (without requiring permission) on some webpage I would have left open. I put the speaker on mute. But then I was alarmed when I could not access my outlook. I checked my documents folder, and it had all strange looking file names (see page 2 below), none of which would open.
I called our IT, and then the IT consultant. He shouted a series of instructions, such as immediately log off the in-house server, shut down the laptop, ask everyone in office not to open any suspicious looking email attachments in zip or otherwise, and shut down the in-house server. “You are under attack”, he said, “I am on my way, wait until I have a look at everything personally”.
We soon discovered that I was the new target of “Cerber Ransomware”! A message appeared in all folders, and almost everywhere on my computer. Of course, the instructions, when followed, demanded payment in bitcoins through .tor to decrypt my files (see page 3).
Being in India has certain benefits, one being you have the best software professionals, easily accessible around you. Our IT consultant told me not to give in to the ransom demand, until he had tried his hands on decrypting my computer files. Plus, he wasn’t sure whether I would get the private decryption key even after the payment, or whether I would then be opening myself and my credit card up for further attacks and illegal transactions.
After three days and nights of tireless work at his heavy duty customized computer, our IT consultant declared that he managed to retrieve my .pst folders, where emails were backed-up on my computer with attachments. With this, the battle was almost won for me, as most older emails were externally archived, and most data was anyway on server. Certain sent item folders are still to be recovered, but then most sent emails are anyway copied to someone else in our office. So if need be, we can get a copy. We decided to move on, with the existing recovery.
What’s most interesting - around the same time, another Partner, Seema Jhingan, was attending a session at IR conference in San Francisco, discussing many such issues. She returned last week, and we all were amused with the coincidence! We could almost imagine Seema attending a session in the USA discussing Ransomware, around the same time we were struggling in India with a potential Ransomware attack at our offices. Thankfully, the damage was contained to just one computer, with presence of mind and lots of hard work by our IT team. We are informing the Police nevertheless.
We are doing this write up, as we realise how real these threats are, and how dangerous can the consequences be.
Wishing you all a safe and secure Cyber life, Alishan Naqvee, Partner LexCounsel, Law Offices New Delhi, India May 30, 2016