The community leadership award for efforts to decrypt ransomware as a public service was given to Michael Gillespie. This special award, presented on behalf of the Director of the FBI, was formally created in 1990 as a way to honor individuals and organizations for their efforts in combating terrorism, cyber-crime, illegal drugs, gangs, and other crimes leading to violence in America. Michael Gillespie is one of 56 individuals or organizations around the United States who received this award this year.
Mr. Gillespie is being recognized for his public service, devotion and assistance to victims of ransomware in the United States and Internationally. That is why, we decided to interview him.
MonsterCloud: What’s your name and what do you do?
Michael Gillespie: My name is Michael Gillespie, and in my free time, I am an independent security researcher, primarily focusing on ransomware.
MC: Even though everyone one knows what Ransomware is, can you tell us with your own words?
MG: Ransomware is basically any malware that locks a user from using their computer and/or files until they supposedly pay the criminals a ransom. There are basically two types of these in general. There’s screenlockers, which just lock your screen behind a passcode and don’t really do anything else (can usually be bypassed), and then there are what I refer to as “real” ransomware, which actually encrypt the files, rendering them unusable.
MC: What is ID Ransomware?
MG: ID Ransomware is a website I created that helps victims of ransomware identify what particular strain of ransomware most likely encrypted their files. Once it has been identified (currently nearly 550 families are identified automatically), the victim is given as clear-cut of an answer as possible on whether their data can be decrypted without paying the criminals or not. It then gives them a link to more information (if possible), so sometimes they may learn how they got encrypted, or get more information from other victims even.
MC: What is the most dangerous Ransomware?
MG: Any ransomware that does not actually encrypt the data properly, but destroys it instead; these may be also referred to as “wipers”. Sometimes it may be intentional, sometimes it is just a bug of the malware where the author may not have understood programming or cryptography correctly. These can be especially frustrating, as even the criminals cannot decrypt the files in these cases.
MC: After the award from the FBI, you are basically a cyber super-hero lol. Would you be possibly working with them in future to help the war with hackers and Ransomware?
MG: Who says I don’t already? 😉 Our team works with a lot of law enforcement agencies when we can.
MC: Why did you start it?
MG: The idea for ID Ransomware initially came from overwhelming requests in the BleepingComputer forums from victims of ransomware. Every day, there would be dozens of new topics from victims explaining what extension was added to their files, and what the contents of their ransom note was. Moderators (and myself) would have these canned messages of “since you have this extension, it is probably this ransomware, so here’s a link to more information”. It also started to be a problem when multiple ransomware would use the same extension, but have very subtle differences, such as filemarkers. It really started getting a bit out of hand, and well, I’m a programmer, so I built a tool to automate it as much as possible. 🙂
MC: How do you see the future? How do you think Ransomware will evolve?
MG: Malware authors are always coming up with new ways of combining methods and tools. We constantly see this “creativity” at work, so it can be entertaining. Malware authors are just like any other programmer – they like to copy/paste anything interesting they find.
MC: Do you think that the price of bitcoin had something to do with the surge of the ransomware attacks in 2017?
MG: Probably not. The rise in price just made ransomware adapt the pricing model; they started asking for “less” Bitcoin because the market price was higher.
Conversely, however, I do actually believe the price of Bitcoin was driven by ransomware. I don’t follow crypto-currencies much, and I know most people have literally only heard of Bitcoin because they were hit by ransomware. I know there’s legitimate business done with Bitcoin, but I literally don’t ever see or use it, so my perspective may be a bit skewed.
MC: How can everyone protect their personal or business information?
MG: BACKUPS. BACKUPS. BACKUPS.
Seriously. If you care about your data, back it up properly. If you don’t understand how to, consult an IT company. Off-site and/or cloud backups with revisions is essential. Also, it is important to verify your backup plan is working, and that it won’t take eons to restore business-critical data should you get hit.
MC: Anything else you would like to tell people?
MG: As Locky the Ransom-Bear says: Only you can prevent ransomware.
MC: Michael, thank you very much for that interview! We are looking forward to a future collaboration!
MG: Thank you! Same here!