Ransomware: Reality and Defeat By Rob Samuelsen My heart rate hastened, and a bead of sweat appeared on my forehead after I opened up my computer on the morning of April 30, 2020. Nothing appeared normal. My desktop icons were broken links and rearranged on the display. Most of our employees were working from home on COVID protocol, and the only reason I was in the office was to run checks. Then I saw a readme text file, opened it and raced downstairs to our IT manager’s office.
A29812-Readme.txt
Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .a29812 If for some reason you read this text before the encryption ended. This can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. Our encryption algorithms are very strong, and your files are very well protected. The only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program. You may damage them, and then they will be impossible to recover. For us this is just business and to prove to you our seriousness. We will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free.
18
AZ CPA MARCH/APRL 2022
Our IT manager was getting texts from our remote workers and struggling with the same broken links I encountered. I showed him the readme file, and we immediately started turning off every computer in our office including servers, desktop computers, print servers, controllers and the IP-based phone system. After helping him, I returned to my office and called our bank to shut down our accounts. By the end of the day, I had talked to my bank, ADP online payroll provider, insurance broker, executive director, human resources director, every employee and the FBI. For the next six weeks, our IT infrastructure included home computers and cell phones. Everything else was dead. We had been breached by Netwalker, a ransomware threat actor from halfway around the world! On the next day, with the support of our cyber-insurance provider, we
