Thursday, December 5, 2019

"The Ransomeware Superhero of Normal, Illinois"

From ProPublica, Oct. 28:

Thanks to Michael Gillespie, an obscure programmer at a Nerds on Call repair store, hundreds of thousands of ransomware victims have recovered their files for free.
This story was co-published with the Chicago Sun-Times and The Pantagraph.
ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up for ProPublica’s Big Story newsletter to receive stories like this one in your inbox as soon as they are published.
About 10 years ago, Michael Gillespie and several classmates at Pekin Community High School in central Illinois were clicking on links on the school’s website when they discovered a weakness that exposed sensitive information such as students’ Social Security numbers. They quickly alerted their computer repair and networking teacher, Eric McCann.

“It was a vulnerability that nobody even knew about,” McCann said. “They did a quick search on passwords and student accounts, and lo and behold, that file is sitting out there.”
A shy, skinny teenager whose hand-me-down clothes didn’t fit him, and who was often ridiculed by schoolmates, Gillespie was already working after school as a computer technician. “He was full of information all the time,” McCann said. “We’d bounce ideas off each other. You could tell his passion for technology, for computers, for figuring out things. That definitely made him stand out.”

Without crediting the students, school administrators closed the breach and changed everyone’s passwords. Gillespie’s anonymous protection of the school’s cyberdefenses was a harbinger of his future. Like a real-life version of Clark Kent or Peter Parker, the self-effacing Gillespie morphs in his spare time into a crime-foiling superhero. A cancer survivor who works at a Nerds on Call computer repair shop and has been overwhelmed by debt — he and his wife had a car repossessed and their home nearly foreclosed on — the 27-year-old Gillespie has become, with little fanfare or reward, one of the world’s leading conquerors of an especially common and virulent cybercrime: ransomware. Asked what motivates him, he replied, “I guess it’s just the affinity for challenge and feeling like I am contributing to beating the bad guys.”

Each year, millions of ransomware attacks paralyze computer systems of individuals, businesses, hospitals and medical offices, government agencies, and even police departments. Often, files cannot be decrypted without paying a ransom, and victims who haven’t saved backup copies and want to retrieve the information have little choice but to pony up. But those who have recovered their data without enriching criminals frequently owe their escapes to Gillespie.

The FBI and local law enforcement agencies have had little success in curbing ransomware. Local departments lack the resources to solve cybercrime, and the ransoms demanded have often been below the threshold that triggers federal investigations. Security researchers like Gillespie have done their best to fill the gap. There are almost 800 known types of ransomware, and Gillespie, mostly by himself but sometimes collaborating with other ransomware hunters, has cracked more than 100 of them. Hundreds of thousands of victims have downloaded his decryption tools for free, potentially saving them from paying hundreds of millions of dollars in ransom.

“He took that deep dive into the technical stuff, and he just thrives on it,” said Lawrence Abrams, founder of a ransomware assistance website called BleepingComputer.com. “Every time a new ransomware comes out, he checks it out. ‘Can it be decrypted? Yes, it can be decrypted. OK, I’ll make the decryptor.’ And it’s just nonstop. He just keeps pumping them out.”

Gillespie downplays his accomplishments. “IT moves so fast, there’s always something to learn, and there’s always someone better than you,” he said.

Gillespie’s tools are available on BleepingComputer.com, and they can be accessed through a site he created and operates, called ID Ransomware. There, victims submit about 2,000 ransomware-stricken files every day to find out which strain has hit them and to obtain an antidote, if one exists.

As hackers and their corporate enablers, including cyber insurance providers and data recovery firms whose business models are based on paying ransoms, profit directly or indirectly from cybercrime, one of ransomware’s greatest foes lives paycheck-to-paycheck....MUCH MORE
There is serious concern in the industry that the cyber-insurance purveyors are in effect just setting up a money pot for the ransomers to target.