IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ransomware: Sometimes you need to pay to make it go away

The symptoms of this distraught data victim sounded an awful lot like ransomware, and it turned out the easiest way out was the most unpalatable option

A message arrives from a pal. One of those regular messages we all get, when we’re the person in the WhatsApp contacts list who knows most about computers.

“Sarah has a friend who’s a counsellor and she’s having difficulty migrating her Microsoft Professional data between two computers,” the messages reads. “She’s panicking as she can’t lose patient info et cetera, and is looking for someone to help.”

We’re two sentences in and this one already sounds chewy. Microsoft Professional data? Well, that could be anything. Panicking because of lost patient data? This doesn’t sound like someone with a comprehensive backup plan.

I pick up the phone and call said counsellor. My friend was right: we’re in panic code red. The long story made short is that our counsellor has just bought a new computer, because the old one was too slow to do anything with. On the old computer, she was seemingly part of someone else’s Office 365 account (I know, I know). On the new computer, however, she decided to make a fresh start and buy a standalone copy of Microsoft Office Professional from Amazon, because she doesn’t want to pay a monthly subscription. 

A “computer-literate friend” helped her set up the new PC, and that’s working fine, but she’s locked out of her files. Every time she tries to access them, a message pops up telling her she needs to pay some money. Her computer friend is a Mac guy and he’s run out of ideas. Can I help?

At this point, two theories are racing through my mind. One was that our counsellor’s new PC is riddled with ransomware. The other proved to be the actual problem, which I’ll reveal shortly – if you don’t want to know the result, look away now.

Well, it did turn out to be a form of ransomware, albeit one propagated by Microsoft.

When our counsellor was part of that Office 365 account, one of the sundry benefits was 1TB of OneDrive storage. Whenever our counsellor saved a document on her old PC, she was actually – and unwittingly – saving it to OneDrive.

When she made the perfectly reasonable decision to buy a one-off licence for Microsoft Office for her new PC (“I only type reports, I don’t care about new features”) and left that shared Office 365 account, she unknowingly forfeited 1TB of storage. And even though her important client reports only take up a few hundred MBs of space, she’s got loads of digital photos saved in OneDrive too, meaning she’s somewhat over the 5GB of storage Microsoft affords “free” account holders. Even though she’s just paid Microsoft another £140 for Office.

A quick visit to OneDrive.com confirms her vital files are still there, although there’s an accompanying threat: pay up or anything above that 5GB limit could be deleted in a fortnight’s time. Attempts to download the full set of files are met with stubborn resistance. 

The only way out is to cough up the cash. We could pay Microsoft a couple of quid for one month’s extra OneDrive storage and back up all the files to a hard drive, I suggest. “Great, I’ve got one of those!” says our counsellor, who then produces an Iomega drive the size of a small bungalow that must be 20 years old if it’s a day. Okay, let’s not back up to that. 

The other alternative is to surrender, give Microsoft £1.99 more each month for OneDrive storage and basically let it take care of the backup. Neither of us like it. Microsoft effectively taking her files hostage and demanding money for their release hasn’t endeared the company to our counsellor. And I’d rather she had a local backup of the files so she wasn’t just relying on OneDrive, either.

However, it’s the easiest and cheapest solution to this fix. She gets an offsite backup of her files for a couple of pounds per month and can carry on writing her reports, and I get to go home without having to spend a few hours driving to buy a hard disk that’s not steam powered and backing up everything locally. 

So, we do the dirty deal. I turn off the now-default setting that ensures only those files you access are actually saved on your PC, with all the others left in the cloud. If Microsoft puts up the prices (which it will) I want her to, at least, have a local copy of everything. She’s grateful she’s got her files back, but nobody feels good about it.   

Nobody except Microsoft, which has sold a new Windows licence, a new Office licence and now has a new OneDrive subscriber wriggling in the keep net. And all because, as the ransomware writers know, the easiest way out is to pay to make it go away.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Ransomware now strikes one in 40 organisations per week, Check Point finds
ransomware

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022