Heartbreaks, Pain & Despair of A Hack Victim (Who Refused to Pay 50 Bitcoins Ransom)

Note: It took me ONE year to have the courage to write this, to pick myself up and to be okay. I hope you benefit from this, one way or another. :)

FULL STORY HERE

The New Savvy celebrated our 2nd anniversary in July 2017, but we couldn’t celebrate. We were in mourning; I was mourning.

What a difference a few weeks made! In May, I was brainstorming on how we should celebrate. The team had worked hard and we had record traffic, revenue and concluded a successful first-of-its-kind, women-only personal finance conference. What we have achieved is far from where we need to be, but surely these milestones are worth celebrating.

Or so I thought. Till we got hacked.

REALISING YOU’RE VULNERABLE & A HACK VICTIM  

It started with little issues that seemed a bit out of the ordinary, but also common things that appear on other sites that might be a false alarm. A user sent me a message that said I had some broken links to a page they loved to visit. My team received reports of bugs on the site, or a piece of content triggering a browser error, this happened for a few days.

The console I used to manage my site’s content started acting up, I’d get logged out and I was advised that I’d logged in somewhere else recently. This raised alarm bells so we engaged our web server manager to investigate and I was told we had plugins that may have malware – something common with my website platform that we could clean up.

The little clues of something gone wrong continued to happen, but I couldn’t figure out what was causing it. It was like someone was controlling my site but who?! It became clear what had happened when on a Friday afternoon, we got locked out. I couldn’t publish content, and within minutes the whole site was down. Unreachable. I’d been hacked and lost full control of my business.

At this point, I was panicking and was inconsolable. I asked everyone I know for help. 6 brilliant developers/techies were assembled to brainstorm for ideas. No one had a clear idea of what to do. There were no best solutions, everyone was, at best, hazarding a guess. 

The worst thing? I was completely clueless.

“Have you received the ransom demand?”

No, I haven’t. And with each passing day, my heart sank. Every day, I tell myself to be strong, to (wo)man the f*** up. To not worry and focus on finding a solution. 

THE RANSOM

Then the ransom email came. I was excited because people told me that it’d be a low 5 figure. And if that can help to save the company, I was willing to do it.

But boy, I was SO wrong. The hackers demanded…..

50 BITCOINS?! That’s S$150,000.

Are they insane?

So we employed a strategy of good-cop-bad-cop. A friend sent an angry, outraged email scolding the hackers. The emails were full of expletives and insult not suitable for print. I, on the other hand, pleaded with them with all my might, begging them to return my work of 2 years.

They didn’t budge.

The following week was harrowing for me. I couldn’t stop crying. And no matter how much I told myself to stop being silly, I just couldn’t stop.I was drinking myself silly at night. So that I could remain numb and not be destroyed. I had to put on a strong front in public because as the leader of the company, I’m supposed to be the fixer. Not be emotional or break down.

I had to find a solution fast. It was tough handling the developers who were kind enough to help me and my team who stepped up to crisis management.

Thanks to the brilliant engineers helping me, we were able to restore 60% of the site, and we didn’t pay their $150,000 ransom. No friggin’ way I will ever do that.

The developers that helped me were insightful and relentless working around the clock ticked, counting down each of the 72 hours we had available before the files being permanently destroyed. Before Ii was robbed of everything I’d worked for over the last 2 years.

3 SOLUTIONS TO HACKING

We had 3 strategies:

1. Wayback machine + scraping of Google cache 

A lot of the content was indexed on Google and a website that keeps permanent archives of previous versions of a website. However with over 700 pages, putting it together from this was like trying to repair a broken glass, and many of the templates, images and content would not be recoverable. This was a worst-case scenario, it would take months to get it to half of what it was.

2. Website Backups

For sure we could have just rebuilt the site quickly from a backup we did the previous week right? Our site runs on WordPress, and while we do backups, they are saved on the same server, and the hacker had taken care of these, tracing each backup folder and destroying them too, leaving me with a hard copy backup that i had done 7 months earlier of the content.

3. Finding the hackers that didn’t want to be found

If we could find the server the hackers were storing my stolen website we may have a chance to recover it ourselves. One of the developers was from Thailand. He had some contacts that understood the dark web and tor network and we had figured out the hackers were using a file server here to host the file while they waited for the ransom.

Whenever files are transferred between computers they leave logs and the hack was no different. It wasn’t easy as the hackers also took control of my server, installing software that would kick us off the network after very short time periods, sifting through thousands of log files. Then like what felt like finding a needle in a digital haystack, we managed to trace the IP addresses of transfers during the period and found one on the dark web that looked suspicious.

We found the database!

And we needed to transfer it quickly, there must have been less than a few hours left in the 72 hours. But the hackers had encrypted the files, and we needed to find a specific key that could decrypt it, otherwise, it was 5GB of useless. The next steps read like some Hollywood movie script but we managed to locate the private key, and we got the files back.

Read the full story here.