Senior Care CEO Pays Bitcoin Ransom to Decrypt Marketing Content

3 min read · 6 years ago



You might believe that the data and documents your business owns are of little value to anyone outside the company. But that doesn’t mean you’re not a target for hackers. As long as what’s stored on your computers is valuable to you, you’re a candidate for a ransomware attack.

That’s what Jeff Salter, founder of San Antonio-based Caring Senior Service (pictured), discovered in 2014 when his company’s files and data were stolen. Had he not had most of his information assets backed up, the incident could have cost his company over $50,000. Instead, he paid $500 in Bitcoin ransom to get the criminals to decrypt marketing materials that had been stored off-network on a USB drive that was plugged into a computer that was hacked. “That drive had all of our graphic designs on it. It takes hours and hours of time for our design department to set up photoshoots. It would have taken a lot of time and effort to recreate.”

Salter says the hackers gained access by tricking employees into opening an email disguised as a message from a former marketing team member. Once in, the villain’s bot encrypted the company files, created an encryption key, and sent the victims a password to use at a website where they would find instructions for recovering their data.

These hackers don’t read what they capture, Salter explains. Instead, they count on the data being valuable enough to the business’s leadership that they will pay to retrieve it.

“It’s a smack and grab,” he says. “They ask for ransom amounts that are not so ridiculous that a business owner won’t pay.” And, he says, the thieves develop a reputation—which Salter uncovered with Internet searches—for turning over the data upon payment so that victims remain willing to pay. “I felt confident that the likelihood of them giving me the key was good,” he says. At the ransom website, Salter was invited to test the decryption method by unlocking one of his hostage files for free. Then he was told to deposit Bitcoins, because they’re untraceable, to an anonymous account in order to get the key to unlock the rest of his files.

“Just getting Bitcoins can be quite a process for the uninitiated,” Salter says. He calls the experience a “real cloak and dagger moment.” Through a Bitcoin exchange site he found online, Salter arranged to meet with a 22-year-old man at Starbucks whom he knew only by screen name. The man took $500 cash from Salter and used his mobile device to deposit Bitcoins into Salter’s account. “I was already a victim of ransom and I had to hope he was hitting a button to transfer that money to me. The ransom ware was bad enough, but the Bitcoin acquisition seemed just as risky,” Salter says.

Asked if he contacted law enforcement for help, Salter says, “I chose not to. It’s a very nuanced area of cybercrime, and I didn’t feel like it was going to be worth my while. I was too small and it was a known group.” Had that proprietary data not been stored off network, Salter says the whole incident would have been a non-issue. “We would have thrown away the encrypted drive, reinstalled from backups, and moved on.”

His advice for fellow small business owners? “Three things. One, make sure you have active and up-to-date antivirus protecting your email. Two, don’t open links or documents that come from unknown sources. And three, have a backup system that stores 90 days back.” That’s because the ransom ware might be working to encrypt files long before you realize it, and if your backup system overwrites the previous day’s files every night, then it will overwrite backup files with encrypted files before you realized you’ve been hacked.

Based on his own experience, Salter also recommends reminding employees often why IT policies exist and that they should not be circumvented. “IT puts policies in place that are protective but require multiple steps to implement,” Salter says. “Employees used to BYOD are frustrated that they have to jump through hoops in the company environment. But those hoops are there for a reason. Skipping them erases any security measures.”

Relevant Tags