Nonprofit Pays Hackers in Bitcoin to Regain Network Access

A U.S. based-nonprofit organization’s entire operation was shut down by malware that would not budge, unless the enterprise paid a ransom – in bitcoin.

Just obtaining bitcoin can take days for the uninitiated.

Stu Sjouwerman, of security training firm KnowBe4, said the nonprofit, a client of his, turned to him for rescue on Oct. 14.

All seven of the organization’s servers, containing a collective 75GB of data, had been encrypted by a version of ransomware called “Cryptowall.”

“An admin had clicked on a phishing link which was bad enough. Unfortunately, the infected workstation had mapped drives and permissions to all seven servers and so CryptoWall had quickly jumped on to them,” according to Techworld.

The organization, with a headcount running into the hundreds, had backups but discovered that reinstating them would consume days.

“The firm's IT team knew little about getting hold of Bitcoins,” Techworld reports. “In a stroke of luck, the victim firm had recently taken Kevin Mitnick's Security Awareness Training course developed by the famous hacker in conjunction with Sjouwerman's KnowBe4 and this came with the guarantee to pay ransoms should the customer subsequently fall prey to an attack (participants have to undertake regular phishing simulations to qualify).”

KnowBe4 duly paid the $500 ransom, or 1.33 bitcoins, quickly receiving an encryption key needed to unlock the nonprofit’s data. Even after paying for the decryption key, the whole process still took an exhausting 18 hours.

Paying malware ransoms is controversial, but, in this case, it apparently was a decent business for the victim.

"The problem people run into is 'how am I going to get Bitcoins," Sjouwerman told Techworld. As bad as paying ransom was, it was less costly than bringing the organization to a halt for up to a week.