One morning in 2016, John turned on his computer. A message on the screen said he had 14 days to pay a ransom in Bitcoin, or all his files would be deleted forever.

Example of Locky ransomware
Example of Locky ransomware in 2017. Photo by Christiaan Colen (CC-BY-SA 2.0).

“My first reaction was panic. My second reaction was to get on another computer and figure out exactly how much 1.71 Bitcoin was worth in US dollars.”

A lawyer with his own practice in Chicago, John was terrified at the thought of losing all the client files stored on the computer, almost none of which were backed up anywhere else.

It would cost around $600, at the 2016 rate. That’s when he says anger set in. John felt his privacy was being violated in the same way as when his home had been burgled years earlier.

“I decided I was not going to give them a penny, and was going to find some way around this.” He consulted several local computer security companies, but found only one that would help.

The price would be $7,000 if they were able to crack the ransomware, and $0 if they couldn’t. It was more than 10 times the ransom, but John decided to say yes.

He was angry, and didn’t trust the criminals hiding behind the message on his computer screen. “I thought, what’s to stop them from asking me for more money?” he says.

“If it had been my personal computer I probably wouldn’t have paid, but this was absolutely necessary for my business and my clients.”

Three days later, his computer came back from the security firm with all files intact, but he kept noticing suspicious emails in his inbox urging him to click on unnamed documents.

Feeling paranoid, he bought a new computer, and now stores files from the old computer on a separate hard drive that isn’t connected to the Internet.

“I think I always understood the risk, but just ignored it. Now, I’m much more cautious about security and software updates and always make sure that I do regular backups. I also use a cloud-based software with the highest security protections for all my client files.”

John never reported the crime to the police, but he did contact his insurance company and was lucky to speak to a representative who was willing to help.

They classified it internally as “cyber-terrorism,” he says. And they paid the $7,000.

Not long after John’s experience in 2016, law enforcement agencies and IT security companies in different countries joined forces in a non-profit initiative called No More Ransom.

The mission is simple: “To help victims of ransomware retrieve their encrypted data without having to pay the criminals,” says Tine Hollevoet, a spokesperson for Europol, the law enforcement agency of the European Union.

The service offers several dozen free decryptors for common ransomware strains. They also urge people to backup their data and update their computer software, so there is never a need to pay to get files back. “As it is much easier to avoid the threat, rather than fight it once infected, the project also aims to educate users,” Hollevoet explains.

Ransomware attacks rose in 2017, with one particularly aggressive strain of ransomware called WannaCry affecting an estimated 300,000 businesses in 150 countries over just a few days. What ultimately helped most was a Microsoft security update for the Windows operating system that had in fact been released before WannaCry struck.