Computers. Internet, hacking and ransomware.

rob aylestone

Yesterday was a nightmare. I thought I had a handle on security, but not! I work in two locations and have a NAS drive so I can work in the home studio, drive to the office, work on a project, and go home and continue. I loaded up a video, not audio project in the office, that needed some sound work. No video files? Poked about a bit and all the video files in the project used to end in .mov or .mp4 but now they all had.0xxx on the end. In the folder were messages telling me to send £800 to a guy in Romania by bitcoin, he explained it’s his job! All my Cubase project files are there but, the audio folders only have .0xxx. These files are on a hard drive in the computer, but are kept in sync by the NAS drive, at home, via the net. A frantic drive home to discover the Cubase computer there and the separate video one are all the same. 56,000 files all zapped.

all day was spent with external drives I had backed projects up to. Most of the vital audio and video files I have recovered. All my iTunes CD library files have gone. 40 years of CDs gone, I dumped the CDs years back. Image files .jpg gone, probably 50% gone. .png files mainly still present, maybe I pulled the plug before it had a chance to scramble those. Old family pics gone, same with old home movies. You get the idea. I assumed the NAS made backups less important, it doesn’t because I have not tracked down how they did it. A direct attack on the NAS? One computer downloaded something? I don’t know.

it gave me a sick feeling. I’ve recovered the modern stuff, because I’d been good with backups, but backing up 16Tb about 80% full regularly hasn’t been on my list of things to do. Perhaps it should. No way was I going to pay the crook, because if he did it, he’s hardly likely to give me an unlock code either. Today I have to take the time to download the content of my websites, save the images, and then put the damn things back into the software. What a faff.

NAS drives have made my life much easier, but one mistake gets replaced onto all the computers that use the data. I’ve not yet turned on the iMac in the office studio. I will do it with the network cable pulled out to see if it has any local copies, but I don’t do anything non audio on it. It might have some of the latest audio files on it, so perhaps a few can be recovered. Doing a search for 0xxx makes your heart sink when you see the count rise into the tens of thousands.

if you have NOT made an unplugable backup of everything, I suggest today you order yourself a hard drive and do it. I have always maintained disconnecting yourself from the internet is silly nowadays. I am not laughing now. I will be doing very regular backups now. Horse - stable door. Ouch.

it was always someone else, now it’s me. PS AVG free was on all the computers. I now have something better. Too late for me, maybe not for you.
I'm sorry to hear this, Rob. I wonder if signing up to 'The Cloud' would secure our data. Much of the software we use demands to be connected to the internet.
My important data resides on an external usb disk, which is not connected to internet PCs. But at some point it would be connected to those PCs offline, for file transfer.
If the crook places executables on your internet PCs, it could still do its damage offline.
My external usb disk is not backed up, although I've been thinking about it, even this morning. I will take steps today.
What does not help is that Microsoft wants us on a knife edge, and unabe to simply re-install Windows willy-nilly like we used to be able to.
Perhaps encrypting a whole hard drive might defeat the crook.
My music laptop only connects to the internet for updates once a month, but even that would be an open door.
This browsing laptop is not for important data, but getting hacked like you woud mean a £600 laptop being as good as dead.
I currently have a Linux PC connected to the internet, but with no priceless data on it.
If I do get hacked, I at least can do a totally fresh Linux installation.
It may be due to you inadvertantly downloading a rougue file, or it may be due to the crook simply hacking in to an online PC.
Once again, sorry to hear it Rob.
One more thought. Your infected PC is used as a server, so you can access it remotely.
Servers are routinely targeted by hackers (after just 20 mins, I understand), who have plenty of time to work on them.
So,so sorry for your loss Rob. Regarding cloud storage I have read that tape is used in many of these monster server stations? These are fetched and loaded by a robot and so access time is far longer than any HDD but then that does not matter for a vital 'backed up,backed up backup'! Since when not attached the tape cartridges cannot be accessed they cannot be hacked so that would seem a very useful form of protection?

Note, if one has data stored on a cloud and it does get stolen, do you have a claim against the operators?

Another thought has occurred and please slap me if this is silly! There are now 'Smart Mains Plugs' which can be controlled via a phone. Say the whole home server/HDD system was normally powered down and you had to power it up remotely to get your data. All makes for a less slick operation I know...

Another thought has occurred and please slap me if this is silly! There are now 'Smart Mains Plugs' which can be controlled via a phone. Say the whole home server/HDD system was normally powered down and you had to power it up remotely to get your data. All makes for a less slick operation I know...
This occurred to me too.
The offline tape storage seems a good idea.
Encrypting your data before placing it on a cloud would be some protection.

I watched a couple of youtube clips on ransomware. Interesting.
Just being connected to the internet is enough for them to infect you.
Also they may well steal all your data, before denying you access.
More than that, they can add a virus element to your files, to further spread the virus.
Yeah sorry about all of this. What a pita. This is where they need to ramp up the penalties for the scammers who are doing these things, there’s not enough emphasis on how valuable these kinds of losses are. Devastating
The guy happily gave me an email address in Romania - and basically, said "how do you know you can trust me? This is my business and reputation is important" words to that effect, anyway.

At least my trouble will maybe get you all to think. Apparently, it could have been a direct attack on the NAS drive, or one of the computers putting the scrambled files onto the NAS, where it was disseminated out to all the computers. Certainly I can rule out one computer that was set up so the NAS synced files only went to one drive - this was scrambled but the other drives were OK. This leave the music computer - but again, oddly, so many audio files in the cubase folder survived. This suggests it was the NAS itself, but my virus protection, now upgraded, won't stop that happening. If it happened once, maybe it can happen again.
Worst still - I mentioned this on Facebook and immediately got loads of links to instagram people who could easily fix it. Then realised these were not real people but fake accounts designed to take even more money of panicking victims. Presumably scanning bots. Apparently claims to be able to decrypt them are probably made up too - unless you have the key, it's unlikely.
Other than doing exactly what you said...disconnecting from the internet completely we are vulnerable to attack all to some degree.

Some thoughts on all of this..

Firstly it is important to know that when you set up a windows computer user, it by default has admin privileges. This makes it so you can download programs and apps that need registry access to be installed. To prevent outside access to the registry which is how the bad guys can insert the bug you must set up another user that does not have admin privileges. That is the only one you use. It is a PITA when you need to add a program or app to always have to type in the password but worth every penny of effort. This will eliminate most invasions unless you have an easy password...That said it is NOT 100% there is still a chance albeit small, the assholes can get in and screw you. Back to the unplug your back up from the internet.

For my business I use google everything including drive. When I was working the for big guys I went to a google seminar on security and marketing. Do you know who the third largest server manufacturer in the world is? Google...and they don't sell them...they use them all in the back up array. Redundancy, redundancy, redundancy. Additionally probably the most secure back up system in the world.....As long as the assholes don't have your password..if they do you are screwed...

I know your sick feeling because a few years back one of my many standard gmail accounts was hacked...weak password that I used on many of my gmail accounts....SHIT! I was lucky enough to have caught it only an hour or so after they got in...Once into my first account they were able to figure out many of my other accounts and were breaking into them and changing the passwords.... sick feeling begins....Then they got into my business account OH Shit....

If you ever get your personal gmail account hacked know will never be able to talk to a human to try and get it is all AI and if you can't answer their particular questions you are screwed...Here's one they will ask on each account that most of us have no clue as when...What month and year did you open your don't have that you are not recovering your account. Fortunately when you have a paid business account you can talk to a human who can help you out...They are who advised I was basically screwed if I couldn't provide that data to the AI. So business account was retrieved it took me a few weeks of trying to figure out when I opened my first account..which led me to find when I opened the rest.....damn!

So the assholes had access to all my e-mails and data therein...shit... So for the last 4 years I have to watch everything to make sure nothing fishy is spidy senses are on full alert

My important data is on my paid for account but I use google keep, maps, drive, photos etc, on several. Hoping Google never gets breached in a big way and I know they have 100's maybe thousands of employees making sure they don't every day. That said there are no guarantees including keeping the drive offline...they can always break into your house and steal it...

This leads me to my rant on thieves I hate them with a passion...think of the trillions of dollars wasted on trying to keep things secure from bad guys. Locks and keys... how many trillions of hours mankind has wasted looking for the keys, combos or passwords we used to keep the bad guys out. I hate em I tell ya! How many people have felt that same sick feeling in their stomach that we felt when they walked into their house to see they were burglarized... EVIL If I had a rake! I'd beat em, and hit em and kick em and hit em with the rake again!

Got an email yesterday saying they received the Paypal payment of $658.38...Huh honey did you buy something on Paypal? No ...Then I look at who sent it and it was not from Paypal...I called the number to mess with them but it went to a recording Thank you for calling Paypal in an indian accented voice we can not take you call right now please call back later....BASTARDS all to try and squeeze our real paypal account info out of us so they can steal from us...Had a an old buddy down the street get the call from Microsoft that their computer had been hacked...don't worry we'll get it a matter of minutes they had it fixed alright...he let them in and the locked him down and hit him for ransom.....ASSHOLES!
Something good did come out of it, Rob.
Today I backed up my external hard disk, and will make another tomorrow, when I get a new external SSD drive.
I lost a lot of important files when a big usb stick died, some years ago.
I think you have to take it in the chin. I wouldn't trust any recovered files, even if you could get them back.
What a shame that we have to be so concerned about these attacks and how do we know when we have enough protection? I take certain measures to protect my system but cyber criminals still make me nervous.
yep - yesterday I felt sick. Today I'm just grumpy. I can't get the NAS working either - it needs some kind of certificate and I don't understand (yet) how to get this done. I'll get there, but it was so good, it was perhaps too easy to compromise.
  • Like
Reactions: TAE
I don't know what kind of NAS you own, but you'll probably have to pull the drives/wipe them and re-install the OS and start from scratch... I wouldn't trust anything on the drives/installed OS anyhow.
Yes - that's what I've been doing, but annoyingly - it then imported the original files from one of the computers. The encrypted files I had deleted. Decided just to get rid of them - 50 odd thousand but of course it left the folders and subfolders, so I'm having to wipe them again. Very strangely, I have all the .png files. Jpg and jpeg got encrypted, but it did not do jpg?
I do annual backups of my pictures to dvd/bluray. Project files for songs (as well as a stem export) also get burned to dvd/bluray when completed. These items get tossed into a small fire safe I have. This at least ensures some level of retention should fire, hacker, or geomagnetic storm occur. I also toss a portable usb drive in the safe to hold my MP3s and program files, maybe update that every 6-12 months. This allows me to at least not have to keep 16TB of projects on hand for likely no reason, and long term overall redundancy of data. Burned media (cd, dvd, bluray) can go bad, but found burning at the slowest compatible speed increases the likelihood of being able to read them later (the slower the burn, the deeper the pit the laser can burn).

This is on top of the standard weekly Acronis backup to a larger USB drive, and periodic full image backups of my OS/application drive should a bad windows update or hack occur.

There is of course the cloud, but they're susceptible to the same potential issues I just described. There's still no substitute for stuffing your digital currency in your mattress, as it were.
Very strangely, I have all the .png files. Jpg and jpeg got encrypted, but it did not do PNG(?)?
Sounds scripted, like they were maximizing their efforts to get as many commonly used file types as possible. The greater the impact to the infected person, the more likely that person will pay. Encrypting personal files (doc, xls, jpg, wav, mp3, mp4 etc) is where the money is at.

BTW, I work in IT as an admin if you have any questions you don't want to ask here feel free to message me.
Rob, sorry to hear about your systems getting hit. The whole ransomware/virus problem is royal mess! I know folks who have their whole lives on their phone. That seems so dangerous to me. Its far too easy for someone to lift a phone, and have access to everything.

I have been watching some Youtube channels with folks who track and try to take down the hackers and scammers out there. It's amazing how many people are being hacked and scammed these days.