100 Percent Recovery "The Old-Fashion Way"


From the Client:
Welcome to the new faceless world of the Internet. If you’ve not been a victim of Ransomware, is your technology capable of stopping it? I doubt it!

Welcome to our world on January 13, 2017 (Friday the 13th). On this day upon arriving at the office to start our business day mia.kokers@aol.com had other ideas. The person or persons behind this e-mail address had left in our servers a new executable program called Cryptxxx V1. It was embedded in an mp3 audio file downloaded much earlier; July 14, 2015.

This ‘time-bomb’ and Trojan horse of a sort initiated first-contact with its Maker (mia.kokers) by opening a doorway on FRIDAY THE 13TH, January 2017 for these criminals to explore the depths of our RAID 5 ‘candy store’ making assessments, ascertaining a ‘reasonable’ extortion value, deploying the Cryptxxx V1 RANSOMWARE and the ‘How_Open_Files’ extortion letter pictured below.

Payment is required in Bit-Coin through the “Dark Web” for your ‘decryption key.’ The Cryptxxx V1 had encrypted and rendered useless every folder and file including Cloud Storage Repositories (Google Drive and Drop Box) and every PC or Laptop that initiated a sync-up before we could notify everyone.

At appx 1:13am on Friday the 13th mia.kokers@aol.com deployed this Ransomware known as Cryptxxx V1, our Real Estate and Investment business came to a grinding halt.

Having had the pleasure of knowing Ken Brandon and using NUTRAC Computers-ITPro for other office IT Admin and infrastructure for several years, he was my first and only choice to contact to help our organization work through this issue.

With the server taken offline, the hard drives removed, Ken began the task of assessing the damage. Our Enterprise Property Management and Quickbooks software for nearly 400 accounts was now 100 percent worthless. Cryprtxxx V1 had easily migrated to our Cloud Storage Back-up Services; including Google Drive and Drop Box. It syncs itself, and deploys to all back-ups, and every computer that syncs. It is an empty sick feeling to say the very least.

**This is where backups are great. We had backup’s, not much good when the exploit mia.kokers@aol.com left behind July 14, 2015 are included. Our exploit began when an employee was logged into the Property software, launched a browser, read their personal e-mail, began downloading music from their workstation.

Ken with his unique skills and knowledge of how computers and software work was able to recover the 70 plus, Quickbooks companies without any loss of data in 30 hours’ time. Exhale! All the while I was at Ken’s computer lab watching and learning in amazement how thorough his knowledge was in utilizing several different corrective measures to recover our data, and how corrupt our data was.

**Yes, the local authorities were notified of our breach, realistically there is nothing they can or will do. I’ve not figured out how one places a value on virtual currency? apparently it’s the new money laundering tool for crooks of the 21st century and cyber-criminals.

**During Ken’s first day trying to recover our data, we followed Mia Kokers instructions from the ransom demand. After paying Mia Kokers the demand in USD, the criminal(s) behind mia.kokers@aol.com came back with a second demand in USD before sending us two decrypting tools to recover ‘OUR’ encrypted files. ***They had upgraded and deployed a newer version of Cryptxxx V1 on our Real Estate Investment Server which required a different decryption key.

The process of creating a bitcoin account, funding the ransom demand and replies from mia.kokers@aol.com took several days.

Meanwhile, back at the NUTRAC lab inside the Computers-ITPro Service Center, Ken was busy attempting recovery and restoration our Industrial and Commercial Property management software. While Ken could see the database file, all the files were locked or encrypted.

After 33 more intense hours, which included direct interface with the software developers and programmers, Ken was 100 percent successful recovering everything.

Next, Ken and his partner Jimmy (on his first day back from vacation this whole time) built a temporary Windows 2012 Server, and delivered it fully operational; to be migrated to the new servers that our IT Staff still had under construction.

Today, we have an effective disaster plan, and a serious redundant data protection - recovery strategy thanks to: Ken and Jimmy.

The faceless world of the Internet is a 'wake-up call.' Business as usual no longer exists. Do you think or do you know? If you can not be 100 percent certain that your technology is able to withstand Internet terror attacks then you are choosing to risk it all, as we did.

Even though we prefer to keep our identity anonymous, in gratitude we will reference Ken Brandon and NUTRAC Computers-ITPro on a case-by-case basis.

May I suggest that you contact Ken and schedule a time to become acquainted.

Truly, 'Empowering High-Performance Achievers.'

Many-Many Thanks, FJ
Shared publicly