IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ransomware: Sometimes you need to pay to make it go away

The symptoms of this distraught data victim sounded an awful lot like ransomware, and it turned out the easiest way out was the most unpalatable option

A message arrives from a pal. One of those regular messages we all get, when we’re the person in the WhatsApp contacts list who knows most about computers.

“Sarah has a friend who’s a counsellor and she’s having difficulty migrating her Microsoft Professional data between two computers,” the messages reads. “She’s panicking as she can’t lose patient info et cetera, and is looking for someone to help.”

We’re two sentences in and this one already sounds chewy. Microsoft Professional data? Well, that could be anything. Panicking because of lost patient data? This doesn’t sound like someone with a comprehensive backup plan.

I pick up the phone and call said counsellor. My friend was right: we’re in panic code red. The long story made short is that our counsellor has just bought a new computer, because the old one was too slow to do anything with. On the old computer, she was seemingly part of someone else’s Office 365 account (I know, I know). On the new computer, however, she decided to make a fresh start and buy a standalone copy of Microsoft Office Professional from Amazon, because she doesn’t want to pay a monthly subscription. 

A “computer-literate friend” helped her set up the new PC, and that’s working fine, but she’s locked out of her files. Every time she tries to access them, a message pops up telling her she needs to pay some money. Her computer friend is a Mac guy and he’s run out of ideas. Can I help?

At this point, two theories are racing through my mind. One was that our counsellor’s new PC is riddled with ransomware. The other proved to be the actual problem, which I’ll reveal shortly – if you don’t want to know the result, look away now.

Well, it did turn out to be a form of ransomware, albeit one propagated by Microsoft.

When our counsellor was part of that Office 365 account, one of the sundry benefits was 1TB of OneDrive storage. Whenever our counsellor saved a document on her old PC, she was actually – and unwittingly – saving it to OneDrive.

When she made the perfectly reasonable decision to buy a one-off licence for Microsoft Office for her new PC (“I only type reports, I don’t care about new features”) and left that shared Office 365 account, she unknowingly forfeited 1TB of storage. And even though her important client reports only take up a few hundred MBs of space, she’s got loads of digital photos saved in OneDrive too, meaning she’s somewhat over the 5GB of storage Microsoft affords “free” account holders. Even though she’s just paid Microsoft another £140 for Office.

A quick visit to OneDrive.com confirms her vital files are still there, although there’s an accompanying threat: pay up or anything above that 5GB limit could be deleted in a fortnight’s time. Attempts to download the full set of files are met with stubborn resistance. 

The only way out is to cough up the cash. We could pay Microsoft a couple of quid for one month’s extra OneDrive storage and back up all the files to a hard drive, I suggest. “Great, I’ve got one of those!” says our counsellor, who then produces an Iomega drive the size of a small bungalow that must be 20 years old if it’s a day. Okay, let’s not back up to that. 

The other alternative is to surrender, give Microsoft £1.99 more each month for OneDrive storage and basically let it take care of the backup. Neither of us like it. Microsoft effectively taking her files hostage and demanding money for their release hasn’t endeared the company to our counsellor. And I’d rather she had a local backup of the files so she wasn’t just relying on OneDrive, either.

However, it’s the easiest and cheapest solution to this fix. She gets an offsite backup of her files for a couple of pounds per month and can carry on writing her reports, and I get to go home without having to spend a few hours driving to buy a hard disk that’s not steam powered and backing up everything locally. 

So, we do the dirty deal. I turn off the now-default setting that ensures only those files you access are actually saved on your PC, with all the others left in the cloud. If Microsoft puts up the prices (which it will) I want her to, at least, have a local copy of everything. She’s grateful she’s got her files back, but nobody feels good about it.   

Nobody except Microsoft, which has sold a new Windows licence, a new Office licence and now has a new OneDrive subscriber wriggling in the keep net. And all because, as the ransomware writers know, the easiest way out is to pay to make it go away.

Featured Resources

The COO's pocket guide to enterprise-wide intelligent automation

Automating more cross-enterprise and expert work for a better value stream for customers

Free Download

Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space

Free Download

2021 Gartner critical capabilities for data integration tools

How to identify the right tool in support of your data management solutions

Free Download

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Free Download

Recommended

Ransomware now strikes one in 40 organisations per week, Check Point finds
ransomware

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
US government warns of increased risk of ransomware over holiday season
ransomware

US government warns of increased risk of ransomware over holiday season

24 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022