I always worry about hard drives crashing and losing my photos. It has happened to me more that once. Recovery is expensive, if the files can be recovered. I have had a travel hard drive fail and the recovery was about $1,200.00. I had a RAID hard drive system that failed. The estimated cost for recovery was $10,000.00. The disk drives crashed against each other causing damage that make the files unrecoverable. I lost 5 years of photography with that one. I begged the drive to work, I talked nice to it, I swore at it, I drank over it, and nothing brought it back. On my RAID system, the backup is all in the same unit so the crash also affected the back up drives. It was a very painful lesson. I chose a different system moving forward.
I never thought a cyber attack would happen to me. I am a small time photographer, with a small business. No big corporation, no sensitive files that would cause world problems, no secrets to steal. How could this really be happening?
I split my time between two homes and live more at my Florida place than my Michigan home. This made a perfect situation for having my back up files and originals in two separate locations. This is always a good idea in case of a fire or a major power serge that could take out both the original hard drive and the back up hard drive. I use a NAS system. I have 8 hard drives mounted into a large case, and each hard drive is 8 terabytes. That’s a lot of storage and a lot of files! Both homes have identical units and they write to each other through an internet connection. It has worked wonderfully giving me peace of mind that I should be covered if one of the units crashes.
While sitting at my dest working on some emails, I noticed that my hard drive was humming away, lights flashing, indicating it was hard at work. Then it occurred to me that I was not working on any files on the hard drive. What was happening? I opened the drive and noticed immediately that I had photos that were no longer visible. They were black and the extension at the end of the file name was .encrypt. I knew something was wrong and shut down the drive. I called technical support for my system and they instructed me to shut it down (I already had) and said I had a virus. I am very much into efficiency so my drives were set up to automatically write to the back up drive in real time. That now meant that the files were being encrypted on the back up drive, as well. A ransom note was left in every effected folder:
All your data has been locked(crypted).
How to unlock(decrypt) instruction located in this TOR website: http:veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion/order/19VouJNEASrQfu1soJjtPdSzrnhQWXN62z
Use TOR browser for access .onion websites.
Now isn’t that special!?! What the …… well you get the message. I was calling them some very nasty names now. Google had plenty of information for me. This was a Russian Cyber Attacker that has targeted the Synology brand of back up systems. My hard drive is a sophisticated and reliable system that many large businesses use. The attackers remotely went in with a bot and threw thousands of passwords at the system, trying to get in and they succeeded.
There is no known key to un-encrypt this virus. Of course, the Cyber attackers can do it for a fee. The going rate is about $850.00 in bitcoin. Bitcoin money is used more in the underground economy, then the markets are used everyday. It is a digital currency that you can buy, then pay it from my digital wallet to another digital wallet through the internet. I can buy my files back from the attackers that stole them. I refuse to do that for many reasons. How do I know that they will even give me the information to unlock my own files? Nope, not playing that game!
I am a MAC user and this ended up helping me. I have a ton of files and this went to my favor as well, by taking longer to get through all my files. However, had I not been sitting at my computer when the attack happened I would have had no idea that this was was happening and would have destroyed all my files. I was able to catch it very early, keeping the damage to a minimul. All my word files were encrypted, but I tend to do most of my work in Apple’s version of word which is pages. Those files were not touched. JPEG files were also targeted and I did lose a fair number of those, however all the RAW files were not affected, leaving me my originals. I have about 40 hours of reprocessing work but I still have my photographs. I also lost all my pdf files.
The big question is, how am I going to keep this from happening again? I have increased my firewall protection, at the risk of slowing down my internet. Inconvenient, but necessary. I will use stronger passwords and change them quarterly. My hard drives have administrator accounts attached to them and those have been disabled. I have set up protections to lock down the system if there are more than three attempts to get into my system. I am also going to invest into my own server to use as a third back up. I will have one of my hard drive units attached to it and will have it set to automatically back up once a week, without using the internet to access it. Again, inconvenient and costly but necessary. This could be accomplished using another hard drive device but storage is an issue for me and it is more cost effective to go with a server.
Cyber attackers keep ahead of the game and will be the new terrorism. Staying ahead of the game will demand us to be diligent.
Protecting our art and our family memories should not be this complicated. Unfortunately, there is always going to be people who look to steal, and profit from our loss. Keep your files secure and protected. Most importantly, keep photographing! Create from your heart and your soul, making the world a beautiful place.
I am a nature, wildlife and underwater photographer. I love to travel and capture the story.
Other Cool Sites
Hunts Photo is offering 10% off of all Red River Paper to my followers. I personally use and love Red River Paper!