We at San Diego Computer Consulting have a great deal of experience working with attacks from Ransomware.   Weather it was an incident that did not cause any damage or an incident that did.   We at SDCC have worked with many different companies that had attacks in the past.   There are many details to a breach.  Those details need to be careful investigated so that we can help advise you on what the vulnerability is and how we can help resolve for the future.   All communication with us is always confidential.

San Diego Computer Consulting has a ransomware partner that is recognized by the insurance companies as a covered service provider.  By using our suggested ransomware partner you will get a discounted rate from them for their work.   More importantly, if you have cyber insurance, this company is approved to negotiate and help with remediation.   Like anything else with insurance coverage, the work must be done by an approved vendor.    Our ransomware vendor is approved and excellent at making sure you get your data back and with a well negotiated rate.

One of the best changes you can do to protect your business is to re-evaluate your insurance policy.   Many policies do NOT have revised language to protect you against cyber crime.  It is important that you review with your insurance agent that you are protected.  So many policies have a small rider for cyber insurance.   That rider is typically never enough coverage.   Stealing is not done via brick and mortar any more.   Stealing is done electronically.   You have to make sure your business is protected from nefarious e-stealing.    Making sure your business insurance policy is very cyber aware will help keep you out of harms way.

1. Have A GOOD Data backup running to the ‘Cloud’ all the time
2. Have better security in your network to defend against this attack
3. Have an updated CYBER Insurance policy to protect you and help you with losses

In this situation, a Windows 7 workstation was compromised. The machine had data that was on a CPA’s computer. The electronic data that was encrypted, did not have a good electronic backup. However, the CPA had hard copies of the tax returns that were encrypted. The CPA told us that they want us to negotiate with the Ransomware pirate for up to $500.00. You will see from the below transcript that the ransomware pirate was firm on $1,500.00. We did our best to negotiate but, got nowhere.

The customer was very aware of the seriousness of the situation. They were totally ok with having only the hard copies of old IRS filings. So, they approved us to negotiate with the ransomware pirate to see what numbers were being discussed and what negotiating power we had. Throughout this conversation, our client was monitoring the communication and approved our replies and responses.

**Transcript Abbreviated**
So.city is the Ransomware Pirate that we are speaking with. All files that were encrypted had their extension changes to .so.city@aol.com This is how we knew to write this nefarious individual.

carlos danger carlosdangersdcc@gmail.com

Wed, Jan 17, 2018, 9:27 PM

to so.city

I am looking to get a folder back please. What can we do?

so.city so.city@aol.com (Ransomware Pirate)

Sat, Jan 27, 2018, 6:35 PM

to me

1500$ or goodbye

carlos danger carlosdangersdcc@gmail.com

Feb 4, 2018, 8:46 AM

to so.city@aol.com

NO $1,500.00!!!!

$500.00! OR, NO MONEY!

On Wed, Jan 31, 2018 at 2:03 AM, so.city@aol.com <so.city@aol.com> wrote: (Pirate)
no

so.city@aol.com so.city@aol.com (Ransomware Pirate)

Feb 5, 2018, 3:59 AM

to me

ok, no money

carlos danger carlosdangersdcc@gmail.com

Tue, Feb 20, 2018, 8:43 PM

to so.city@aol.com

Ready to talk again? I told you we had a backup!….

On Mon, Feb 5, 2018 at 3:59 AM, so.city@aol.com <so.city@aol.com> wrote:
ok, no money

so.city@aol.com so.city@aol.com (Ransomware Pirate)

Wed, Feb 21, 2018, 6:02 AM

to me

This is wonderful, so you do not need)

carlos danger <carlosdangersdcc@gmail.com>

Mon, Mar 5, 2018, 11:08 PM

to so.city@aol.com

Ready to talk again? $500.00!!!!!!

so.city@aol.com so.city@aol.com (Ransomware Pirate)

Mon, Mar 5, 2018, 11:28 PM

to me

ok, pay

carlos danger <carlosdangersdcc@gmail.com>

Mon, Mar 12, 2018, 10:50 PM

to so.city@aol.com

No. my guy only wants to pay $200 now. We have gone 2 months without the data. So, we can do $200.00 and we will buy the bitcoin.

On Sun, Mar 11, 2018 at 5:41 AM, so.city@aol.com <so.city@aol.com> wrote:
you pay?

so.city@aol.com so.city@aol.com (Ransonware Pirate)

Sun, Mar 18, 2018, 7:50 PM

to me

Excellent, the money came. Now pay the rest. Full payment for you
0.1btc. You need to pay 0.76btc

carlos danger <carlosdangersdcc@gmail.com>

Sun, Mar 18, 2018, 8:11 PM

to so.city@aol.com

We agreed at $200.00. Now, you are asking for $600 more. That was not our agreement!

so.city@aol.com so.city@aol.com (Ransomware Pirate)

Mon, Mar 19, 2018, 7:42 PM

to me

no pay no decrypt

carlos danger <carlosdangersdcc@gmail.com>

Thu, Mar 22, 2018, 4:28 PM

to so.city@aol.com

This is the last time I will be contacting you!!!!

I have been authorized to pay you another $200.00. THAT IS ALL WE WILL PAY!!!!

Take it or leave it!

carlos danger <carlosdangersdcc@gmail.com>

Fri, Apr 6, 2018, 9:11 AM

to so.city@aol.com

You must not like money! $200 more let’s get this done!

so.city@aol.com so.city@aol.com (Ransomware Pirate)

Fri, Apr 6, 2018, 9:39 AM

to me

no

carlos danger <carlosdangersdcc@gmail.com>

Jun 10, 2019, 2:40 PM

to so.city@aol.com

GO FUCK YOURSELF!
I NEVER GOT TO TELL YOU THAT!

On Fri, Apr 6, 2018 at 9:39 AM so.city@aol.com <so.city@aol.com> wrote:
no