When c’t reader Gunther J. wanted to browse his vacation photos, he experienced an unpleasant surprise: All files on the otherwise reliable NAS (Network Attached Storage) had been deleted. Instead, he discovered a file called “DATA RECOVERY!! !!. Txt” that begins with: “YOUR REMOTE STORAGE WAS COMPROMISED. YOUR FILES ARE IN OUR POSSESSION.” J. was apparently the victim of a cyber gang that tampered with his vacation photos.
The perpetrators claimed the files were safe, encrypted on a server. In order to free the vacation photos from the digital hostage, J. should transfer 0.03 Bitcoin to the address 18bvWVxx3KD3gaqkBoPSwShimUWkG1eZNL, which corresponds to around 400 euros. But there were two problems: On the one hand, the deadline of the blackmail group, which ironically calls itself “Data Recovery”, had long expired – J. had only discovered the misery after two months. Second, negotiating with blackmailers is always a bad idea.
Together with his wife, Gunther J. looked for a way to save the vacation photos. Then she had an idea that was implemented shortly afterwards: The two called the c’t editorial office. We are frequently contacted by victims of cyber extortion, but this case aroused our curiosity. Because it was completely puzzling how the perpetrators could access the NAS. It quickly became clear that the caller had carefully set up and configured his home network.
- Access to all heise + content
- exclusive tests, advice & background: independent, critically well-founded
- c’t, iX, Technology Review, Mac & i, Make, c’t Fotografie direkt im Browser lesen
- register once – read on all devices – can be canceled monthly
- first month free, thereafter € 12.95 per month
- Weekly newsletter with personal reading recommendations from the editor-in-chief
Start FREE month
Start your FREE month now
Already subscribed to heise +?
Sign up and read
Register now and read articles right away
More information about heise +