I used bitcoins to pay a ransom

By Josh Highland in Josh's Rambling, semi-legal, Tech

bitcoin-hackerThis post is going to be vague in some areas to protect the identities of the parties involved.

A person I know contacted me via facebook and asked if I was still involved with bitcoin. And this is where the story begins.

This person’s friend works for a business with sensitive personal data. The businesses computers got “hacked” and  their data was encrypted. The Russian hackers were asking for $500 USD worth of bitcoins to release the data. If the demand was not met in 72 hours, the price would become $1000 USD worth of bitcoin. Finally, if the ransom was not paid within the next 72 hours period, the data on the hard drive would be destroyed.

The business was crippled because their customer data was encrypted and they needed it for their day to day tasks. Of course they didn’t have any backups of this data.

They wanted to pay the money and move on with doing business but had no idea what bitcoins were, how to acquire them or how to use them.

I was asked if I could help out and facilitate the bitcoin payment. I wanted to check off the “paid a ransom” checkbox on my bucket list, and I had never seen ransomware in person, so I agreed to help.

I had the business owner send me the $500 via paypal. Once I received the money I used my coinbase.com account to purchase the 1.43 BTC ($500 USD at the time).

The hackers had a website setup on a tor network (anonymous and private network of computers). The website had detailed instructions and information on how to pay the ransom. They provided a bitcoin wallet address, along with a field for a transaction number.

ransom_btc

I used coinbase to send the bitcoins to the wallet, and entered the transaction number into the website. After a few minutes the transaction was verified and complete.

The website updated with instructions on how to download the decryption software and keys needed to recover the data and remove the ransomware from the computer. I forwarded the information on the the business owner and his staff.

paid_ransom

An hour later I got an email from the business owner telling me that the data was recovered and thanking me for my help. Everything worked out. The business owner got his data, the hackers got their bitcoins, and I get to tell the story of how I paid a ransom to russian hackers with bitcoin.