Thursday, December 4, 2014


so I've fallen terribly behind in my artwork posting across my sites...I am so sorry! I'm thinking something happened a couple weeks ago to make me initially fall behind by a week, I'm guessing it was probably a busy week at work, or something. or something. Then as I was trying to get ahead and preparing for an upload for the next week, I was browsing my photoshop files through Bridge, when I noticed something funny on some of my files. I couldn't open them. I've almost never had any trouble with files corrupting on any personal computer of mine. So in a panic to cross-check my files to see if the problem was somehow limited/linked to my desktop, I ran upstairs to my laptop to see if I could open them up there.

this is where it begins.

I open up my laptop, and there is an internet window open with 2 tabs, on a website that I'm not familiar with, and to make it better, I know I had not gone to myself, because I had not been on my laptop in at least a week. Upon my confusion of seeing this strange site, I also notice that there is a Notepad text document open next to the internet window. I quickly read over it, just enough to read something along the lines of your files have been encrypted and please follow the directions to reclaim your files.

I kindof mildly freak out. I rush out of my room to get my dad and see what he says. He's just as clueless as to what's going on, but he agrees that something is up and I've possibly been hacked. He advises me to just shut everything off, and he'll do research about it later.

The next day he works on my laptop and does some research online, and finds that I had been blessed with a lovely thing called decrypt install, and what it is is basically someone remotely hacked into my computer, accessed some of my files, encrypted them, and basically left a note for me saying if I wanted those files back, to follow the listed instructions and pay a ransom within a time limit to retrieve those files.

w-t-f mate.

Doing research, this is a fairly new thing that was released in early 2014, with essentially no antivirus/decrypter available to the victims. On every forum that me and my dad were reading, everyone was basically saying that the only way to effectively get rid of it was to wipe the machine, and reading online, it was reported that basically any file could be attacked. People were stressing how keeping a recent backup of a system and all of it's files should be pretty essential to any person with important files. okay, I can sort of deal with that, all that was on my laptop could be deemed as an 'acceptable' loss. However, as I thought about it, this problem was potentially discovered on my desktop, where I had tried to open a file through Bridge which just flat out wouldn't open. Could it possibly have been encrypted? Could the possibly-encrypted-file-that-I-opened-on-my-desktop-spread-to-the-rest-of-my-files?

Now let me back up and clarify for a second: the file that I had tried to open on my desktop was on a NAS Server that my desktop and laptop have access to. So I'm thinking that if the hacker got into my laptop, could he have gotten on my server? The very same server that all of our computers are connected to. Are those files in danger of being attacked? If I lose my files on my desktop...that will just crush me, and I'm pretty sure I'll give up on life and lose all faith in humanity.

So my dad is running virus scans and reading up on it, I had pretty much ceased any activity on my desktop, terrified that if I access it, I'll spread this wildfire. My dad was so awesome during all this. During the process of wiping the laptop he's scanning and cross-scanning the desktop and server, and to much of my relief, nothing bad is found on any of the other systems in the house. Everything outside of my laptop, even the stuff on the server was safe.


My dad had made a backup on a portable drive before we really knew what it was that we were dealing with. So we scan the portable, and the virus scanner is flagging all these files with this decrypt instruction extension, and upon inspection, it came to my attention that most of the files that were attacked, were actually all the install and setup files of my CS2 program files. None of my precious files were compromised. Everything that I was willing to lose on my laptop was spared from this purge, and all of my personal files were ok.

Upon this revelation, and further reading on the forums about this thing, it sounds like that this...problem is not really a 'virus'. It was someone personally going into each individual file and encrypting it. It has no capability to spread, at least on it's own volition. It has to be initialized by a user.

since then.

It's been about a week-and-a-half since I've had this problem resolved. I actually went out and bought an antivirus, not that I didn't have anything already installed before, but my dad had a lesser-alternative to a more complicated antivirus like Norton installed. But from asking around where I work, turns out I get a pretty swanky discount on awesome antivirus. But I have made backups, and images of my systems. So now I'm going to try my hardest about being as vigilant as I can about keeping recent backups.

so now.

I'm busy this weekend, but I'm hoping that starting next week I'll be back up to a regular upload schedule again, and so forth and so on. I've also discovered within the past couple weeks that my beloved scanner suddenly died. Good Night Sweet Prince, I had you for 11 years, you got me through a lot, but now it's time to say goodbye. So now I'm in the market for a new scanner! Life keeps on being interesting!

No comments:

Post a Comment