Ransomware: The Definitive Guide For Law Firms
Someone in your firm just opened an email attachment having no idea who sent it or what the file does. 20 minutes later no one can work because all firm documents have been encrypted and you also have no data backup or an inadequate backup in place. If you find yourself in this situation, you’re not alone. Many firms resort to paying the ransom on a Ransomware attack. It is confirmed around the internet that once you pay, you will get your files back, Rekall can also confirm this as we tested this internally in order to write this article. This guide will explain in detail the steps you must take in order to pay your Ransom and get your firm data back.
Step 1. Figuring Out The Cost of Your Ransom | The first thing we need to do is see how much your Ransom will cost. You’ll notice that in each directory where your files are encrypted there is a folder or file called “Where are my files” or “How to Decrypt.” You will see a .HTML file labeled like this as well.  We’ll need that file so remember where it is. Navigate your browser to https://www.torproject.org/download/download-easy.html.en and download the Tor web browser. This browser is an anonymous browser, you may not be able to open that .HTML file with Firefox or Internet Explorer. Download and install the Tor browser. Once installed, open the HTML file in Tor or copy and paste the link in the Ransom .txt file into the Tor browser. When the page loads it will tell you the how much you owe in Bitcoin. As I write this article 1 Bitcoin is worth $659.10 USD so it adds up. Average Ransom is 2 – 4 Bitcoin.
Step 2. Bitcoin Wallet | Next we have to create a bitcoin wallet. This is a virtual wallet that is secured by encryption. This wallet will eventually hold your Bitcoin. Navigate your browser to Blockchain.com, signup and follow the instructions to create a Bitcoin Wallet. Also, download the app from the Apple or Google Play Store and set it up using the same credentials you created. This will be important for future steps.
Convert USD to Bitcoin (Bitcoin ATM Method) | There are many ways to convert Bitcoin to USD including buying them from private entities looking to sell as well as Bitcoin Exchange websites which are probably more reputable like https://www.bitstamp.net/. Transferring USD to Bitcoin via online exchange is not permitted depending on the state you live, this includes New Jersey. For this reason we have utilized the Bitcoin ATM method, yes there are Bitcoin ATM machines. A Bitcoin ATM is exactly how it sounds. It is a physical machine where you deposit cash into your virtual wallet via internet accessible ATM machines. In real time you will see money deposit into your Bitcoin wallet on your mobile device as you feed money into the Bitcoin ATM. To find a Bitcoin ATM navigate your browser to https://coinatmradar.com/. Locate the closest Bitcoin ATM, they are usually in “smoke” shops and other locations of the like. Drive to the location and you will find a white ATM looking machine with a touch screen and a dollar slot like a change machine. For a visual aid, use this Youtube tutorial https://www.youtube.com/watch?v=19tVcU4rZrU. First, type in your phone number into the unit, you will then get a text with a verification code. Open your Blockchain app and hit receive on the bottom right. You will see a QR Barcode in the middle of the screen. Hold it up to the camera on the ATM so the ATM machine can verify you. Then insert cash as needed. You may have a $900 limit so you may have to do this entire sequence twice. You will then see the money in your Bitcoin wallet on your phone.
Pay The Ransom & Get Your Files Back | Once you are back to a PC open up that same link from step 1 where they told you how much ransom to pay and you will find a wallet ID or wallet address. Follow instructions on the page via your Blockchain account to send the appropriate amount of Bitcoin to the correct wallet ID. Once the Ransom is successfully paid via Blockchain refresh the Ransom page a few times until it says payment received. Keep refreshing until you see a link that says download decrypter. Download and run this file, all files will be unencrypted and usable after an hour or so. It will take time to decrypt your data and a black command prompt box will come up list all files to be decrypted, be patient. In our opinion it is a good idea at that point to find the PC where the Ransom emanated and format that PC for safety sake.
If you have issues following these instructions or would like Rekall to assist you in this process if you ever get hit by Ransomware please feel free to give us a call (800) 554-4166.