These ransomware situations can result in colossal outcomes

These real-life scenarios show how sneaky perpetrators can be.

01 intro situations

Gimme all your money

In a world where ransomware hackers are expected to extort $1 billion in damages throughout 2016 in the US alone, businesses and individuals are being forced to be on high-alert when it comes to digital security. Carbonite’s customer support team has handled over 7,300 ransomware-related calls just since January 2015 (365/month), encountering breaches occurring through everything from Xerox scans to fake Microsoft IT representatives.

Within this slideshow are real-life scenarios that Carbonite has handled on behalf of its clients. Many of the included cases stem from ransomware hackers implanting the virus directly in the victims’ systems, or well-intentioned employees clicking on a malicious link – all of which led to the infamous ransom requesting pop-up. Whether providing guidance on where to locate the ransomware virus to delete the file, or restoring clean versions of affected data, the team has been heavily involved in fighting 2016’s biggest digital crimewave.

02 scan

From scan to scam

After a simple Xerox scan, a small business’ information was breached through an unpatched Linux server. The ransomware attacker pulled the username/password for the Xerox user (who had admin rights) from the server, and used that account to create their own accounts. With this, they were able to directly inject the ransomware after casually rummaging around the customer’s network for several hours. After realizing that multiple systems were inaccessible and receiving the ransom-request pop-up, their IT consultant was able to track down the virus, delete it, and begin engaging with backup and file restoration processes (all while avoiding the payment). However, there was likely damage to their overarching infrastructure.

03 breached

Breached, but backed up

An email was sent to a real estate company’s COO posing as a candidate for a job/internship. After opening this phishing scam, a Cerber ransomware strain was unleashed compromising their system and affecting all areas of productivity for a few days. Luckily, their data was backed up and recovered in full, although a portion of information on a separate shared drive with manual backups did require a bit of duplication efforts. As they were confident in their backup, they did not pay the ransom. A $1,000 IT support cost was incurred.

04 dental

Dental down

A dental business’ office manager initially reported that they were unable to access various operational systems including scheduling, insurance claims and billing. By the next morning, things had gotten even worse and the ransomware virus spread to additional computer terminals, encrypting patient files and paralyzing much-needed medical equipment including a radiography machine. This demonstrates that if left untreated, ransomware will spread endlessly, affecting all areas of operation. An IT services provider was hired to delete all infected files, and ultimately, clean versions were restored from backup. The ransom was not paid.

05 aware


Just because you’ve been hit with a ransomware attack once, doesn’t mean it can’t happen again. A small law firm was breached through a phishing email several years back, which affected every level of the organization – from administrative assistants to the IT team. As the IT team tried to grasp the enormity of the situation, they realized it was hopeless, decided not to pay the ransom, and succumbed to losing the encrypted files. Fast forward a year and a half later when ransomware struck again, data backup was installed, allowing the company to quickly address the issue, avoid paying the ransom, and restore 287,000 files in less than 24 hours.

06 offsite

Offsite Infection

While ransomware typically infects a system via email, a small business experienced a unique situation where a hacker claiming to be with an offsite IT service provider cold called him directly. After a brief discussion citing that they detected viruses on his system, they were able to convince him to provide remote access to his computer, where the ransomware virus was implanted directly. The ransom was not paid, but the business had to retrieve a significant amount of data via backup.

07 wipe rebuild

Wipe, rebuild, restore

A real estate agent uses a personal computer to store documentation, floor plan graphics, and nearly 25,000 pictures of properties, as well as personal photos and files. After being infected with a ransomware virus, they had two options: pay the ransom or trust the data backup system. After deciding not to pay the ransom, they wiped the whole system clean, reloaded all the programs and used the backup to restore the files – essentially rebuilding the system from scratch. After a few days of being down, they were able to return to normal operating capacity.

08 click

The things we’ll click on…

Carelessly browsing the web will almost certainly lead you to run across a virus at some point in your life – and that’s exactly what happened in a recent breach. An individual was engaging with few “questionable” websites and picked up a ransomware virus along the way that held his system captive. While the ransom was not paid, it was a costly process for the user to remove the virus and spend time with support to recover the encrypted data. Since ransomware can infect network resources, the entire household was compromised with a single click. Good digital hygiene is crucial in today’s age, and it is necessary for individuals to think before they click. A simple tip? When in doubt, don’t click.

09 nursing

Nursing a compromised network

A nurse’s seemingly harmless action of checking emails online led a healthcare facility to fall victim to a Crypto ransomware virus. After unintentionally clicking on an executable file, the virus found its way from the nursing station computer to the overarching file server, where more than 500 documents were infected. To avoid paying the ransom, the IT department scanned the network and used the backup account to restore clean copies of the infected files.

10 it support

Microsoft IT support

An individual was called by an IT “professional” claiming they were with Microsoft support. Trusting the well-known brand name, they passed computer control over to the hacker, who then directly placed the ransomware virus into the employee’s system. It’s extremely important to note that unless there is an active case, or the customer has a unique agreement, Microsoft will never make these unsolicited outbound calls. The biggest issue with this situation is that the user’s computer is opened up to future attacks, as the hacker has direct access to the system.

RELATED: Call recording on: Listen to an actual Microsoft support scam as it happened

11 smart tv

SmartTVs, smarter hackers

Ransomware hackers are taking a new approach by targeting IoT devices – specifically a few individuals’ SmartTVs. With the FLocker ransomware strain, these attackers are not looking to encrypt files – instead, they are stealing data from the TVs including contacts, phone numbers, and location, essentially providing hackers with a gateway to the next potential victim. Many of the victims are being scammed for $200 iTunes gift cards instead of the usual Bitcoin payments.

MORE RANSOMWARE: Tricks that ransomware uses to fool you

The history of ransomware

Why these victims decided not to pay the ransom

Copyright © 2016 IDG Communications, Inc.

Related Slideshows