Code Black: A letter from a hacker

Oops, your files are encrypted!
 
Dear customer,
 
You’re seeing this because your files are mine now, encrypted, inaccessible. If you’re looking at a decryption service to recover them, you’re wasting time – only I can help you.
 
The best way to recover is to pay me 50% of your annual revenue (I know this from your files) in Bitcoin for the decryption key. For detailed instructions, email filedoctor@protonmail.com, with your customer ID: R456BZ32.
 
To make it fun, let’s play a game…
 
Have you heard of ‘exponential growth?’ Let me help you out – you have 24 hours to pay. Miss the deadline? Each hour, I leak some files, starting with the juiciest patient records. In a few hours, you lose a few files… tomorrow, a few hundred; on the third day, a few thousand, until all your files are released publicly.
 
However, you are a valued customer, so besides returning your data and restoring your access, I can help you avoid this happening again. As a sign of goodwill, here are some details regarding this attack to learn from:
 
I gained access to your network using social engineering techniques and by exploiting vulnerabilities in your security. No need for sophisticated malware — you left the front door wide open. All I needed was to contact your receptionist Patricia via LinkedIn, pretend to be a recruiter, and convince her to sign up to a talent recruitment portal I created.
 
She uses the same password to login to her work applications, so she ended up accidentally giving me her login details!
 
She also wants a new job, FYI. 
 
Once inside, I used legitimate-looking files to gain more information about your system. Whoever does your IT — your security policies were not fully turned on, and it appeared like no one had reviewed it in months, I could move around undetected. I had plenty of time to steal all your sensitive data, drop ransomware to encrypt everything, and spike your backups… good luck figuring out when!
 
I’ve paralysed your operations: you’re unable to access medical histories, treatment plans, schedule appointments, process payments… plus, there are legal ramifications for exposing patient data. Don’t pay? OAIC will be notified you have been hacked.
 
Medical data is a goldmine for us hackers. Personal health information you so generously provided me with, sells for a lot of money on the Dark Web. I have existing business relationships with identity thieves and fraudsters to buy your data the moment the deadline expires, ready to use it for all sorts of fun things like insurance fraud, filing false claims in your name, obtaining drug prescriptions or accessing healthcare services illegally.
 
Take this seriously. Whatever you do, do not rename encrypted files and do not try to decrypt them using third party software. Do not contact law enforcement, this will only complicate things... for you.
 
Remember, price goes up in 23 hours.
 
-Bypa$$ Ransomware
 
Practices receive ransom demands like this every day, causing financial loss, impact to clinical care, and sometimes business shutdown.
 
Cybersecurity isn’t just certifications, technology, or even skillsets – every hack starts with motivated people whose time and resources exceed most IT providers’ ability to defend. Good cybersecurity starts with understanding what an adversary does to get into your environment – not every hacker will be bold enough to tell you how, like the fictional example above.
 
If you’d like to see whether your IT provider is ready for real-world attacks, click here to find some helpful questions to ask your provider, and remember; they should be able to answer these clearly and quickly (within a day).
 
This article was commissioned in partnership by Quo Group and CrowdStrike and has been independently reviewed by newsGP.
 
Log in to join the conversation.

cybercrime cybersecurity practice data privacy