Michael Gillespie Interview – The FBI Awarded Cyber-Superhero

The community leadership award for efforts to decrypt ransomware as a public service was given to Michael Gillespie. This special award, presented on behalf of the Director of the FBI, was formally created in 1990 as a way to honor individuals and organizations for their efforts in combating terrorism, cyber-crime, illegal drugs, gangs, and other crimes leading to violence in America. Michael Gillespie is one of 56 individuals or organizations around the United States who received this award this year.

Mr. Gillespie is being recognized for his public service, devotion and assistance to victims of ransomware in the United States and Internationally. That is why, we decided to interview him.

Michael Gillespie: My name is Michael Gillespie, and in my free time, I am an independent security researcher, primarily focusing on ransomware.

MG: Ransomware is basically any malware that locks a user from using their computer and/or files until they supposedly pay the criminals a ransom. There are basically two types of these in general. There’s screenlockers, which just lock your screen behind a passcode and don’t really do anything else (can usually be bypassed), and then there are what I refer to as “real” ransomware, which actually encrypt the files, rendering them unusable.

MG: ID Ransomware is a website I created that helps victims of ransomware identify what particular strain of ransomware most likely encrypted their files. Once it has been identified (currently nearly 550 families are identified automatically), the victim is given as clear-cut of an answer as possible on whether their data can be decrypted without paying the criminals or not. It then gives them a link to more information (if possible), so sometimes they may learn how they got encrypted, or get more information from other victims even.

MG: Any ransomware that does not actually encrypt the data properly, but destroys it instead; these may be also referred to as “wipers”. Sometimes it may be intentional, sometimes it is just a bug of the malware where the author may not have understood programming or cryptography correctly. These can be especially frustrating, as even the criminals cannot decrypt the files in these cases.

MG: Who says I don’t already? 😉 Our team works with a lot of law enforcement agencies when we can.

MG: The idea for ID Ransomware initially came from overwhelming requests in the BleepingComputer forums from victims of ransomware. Every day, there would be dozens of new topics from victims explaining what extension was added to their files, and what the contents of their ransom note was. Moderators (and myself) would have these canned messages of “since you have this extension, it is probably this ransomware, so here’s a link to more information”. It also started to be a problem when multiple ransomware would use the same extension, but have very subtle differences, such as filemarkers. It really started getting a bit out of hand, and well, I’m a programmer, so I built a tool to automate it as much as possible. 🙂

MG: Malware authors are always coming up with new ways of combining methods and tools. We constantly see this “creativity” at work, so it can be entertaining. Malware authors are just like any other programmer – they like to copy/paste anything interesting they find.

MG: Probably not. The rise in price just made ransomware adapt the pricing model; they started asking for “less” Bitcoin because the market price was higher.

Conversely, however, I do actually believe the price of Bitcoin was driven by ransomware. I don’t follow crypto-currencies much, and I know most people have literally only heard of Bitcoin because they were hit by ransomware. I know there’s legitimate business done with Bitcoin, but I literally don’t ever see or use it, so my perspective may be a bit skewed.

MG: BACKUPS. BACKUPS. BACKUPS.

Seriously. If you care about your data, back it up properly. If you don’t understand how to, consult an IT company. Off-site and/or cloud backups with revisions is essential. Also, it is important to verify your backup plan is working, and that it won’t take eons to restore business-critical data should you get hit.