Ransomware: Sometimes you need to pay to make it go away
The symptoms of this distraught data victim sounded an awful lot like ransomware, and it turned out the easiest way out was the most unpalatable option
A message arrives from a pal. One of those regular messages we all get, when we’re the person in the WhatsApp contacts list who knows most about computers.
“Sarah has a friend who’s a counsellor and she’s having difficulty migrating her Microsoft Professional data between two computers,” the messages reads. “She’s panicking as she can’t lose patient info et cetera, and is looking for someone to help.”
We’re two sentences in and this one already sounds chewy. Microsoft Professional data? Well, that could be anything. Panicking because of lost patient data? This doesn’t sound like someone with a comprehensive backup plan.
16 ways to speed up your laptop
I pick up the phone and call said counsellor. My friend was right: we’re in panic code red. The long story made short is that our counsellor has just bought a new computer, because the old one was too slow to do anything with. On the old computer, she was seemingly part of someone else’s Office 365 account (I know, I know). On the new computer, however, she decided to make a fresh start and buy a standalone copy of Microsoft Office Professional from Amazon, because she doesn’t want to pay a monthly subscription.
A “computer-literate friend” helped her set up the new PC, and that’s working fine, but she’s locked out of her files. Every time she tries to access them, a message pops up telling her she needs to pay some money. Her computer friend is a Mac guy and he’s run out of ideas. Can I help?
At this point, two theories are racing through my mind. One was that our counsellor’s new PC is riddled with ransomware. The other proved to be the actual problem, which I’ll reveal shortly – if you don’t want to know the result, look away now.
Well, it did turn out to be a form of ransomware, albeit one propagated by Microsoft.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
When our counsellor was part of that Office 365 account, one of the sundry benefits was 1TB of OneDrive storage. Whenever our counsellor saved a document on her old PC, she was actually – and unwittingly – saving it to OneDrive.
When she made the perfectly reasonable decision to buy a one-off licence for Microsoft Office for her new PC (“I only type reports, I don’t care about new features”) and left that shared Office 365 account, she unknowingly forfeited 1TB of storage. And even though her important client reports only take up a few hundred MBs of space, she’s got loads of digital photos saved in OneDrive too, meaning she’s somewhat over the 5GB of storage Microsoft affords “free” account holders. Even though she’s just paid Microsoft another £140 for Office.
A quick visit to OneDrive.com confirms her vital files are still there, although there’s an accompanying threat: pay up or anything above that 5GB limit could be deleted in a fortnight’s time. Attempts to download the full set of files are met with stubborn resistance.
The only way out is to cough up the cash. We could pay Microsoft a couple of quid for one month’s extra OneDrive storage and back up all the files to a hard drive, I suggest. “Great, I’ve got one of those!” says our counsellor, who then produces an Iomega drive the size of a small bungalow that must be 20 years old if it’s a day. Okay, let’s not back up to that.
The other alternative is to surrender, give Microsoft £1.99 more each month for OneDrive storage and basically let it take care of the backup. Neither of us like it. Microsoft effectively taking her files hostage and demanding money for their release hasn’t endeared the company to our counsellor. And I’d rather she had a local backup of the files so she wasn’t just relying on OneDrive, either.
However, it’s the easiest and cheapest solution to this fix. She gets an offsite backup of her files for a couple of pounds per month and can carry on writing her reports, and I get to go home without having to spend a few hours driving to buy a hard disk that’s not steam powered and backing up everything locally.
So, we do the dirty deal. I turn off the now-default setting that ensures only those files you access are actually saved on your PC, with all the others left in the cloud. If Microsoft puts up the prices (which it will) I want her to, at least, have a local copy of everything. She’s grateful she’s got her files back, but nobody feels good about it.
Nobody except Microsoft, which has sold a new Windows licence, a new Office licence and now has a new OneDrive subscriber wriggling in the keep net. And all because, as the ransomware writers know, the easiest way out is to pay to make it go away.
Barry Collins is an experienced IT journalist who specialises in Windows, Mac, broadband and more. He's a former editor of PC Pro magazine, and has contributed to many national newspapers, magazines and websites in a career that has spanned over 20 years. You may have seen Barry as a tech pundit on television and radio, including BBC Newsnight, the Chris Evans Show and ITN News at Ten.