EXCLUSIVE: MUST CREDIT EDISONREPORT. EdisonReport can confirm that Deco Lighting was hacked and the cyber-thieves are demanding 38 bitcoins which is about $459,000. We spoke to Sam Sinai, their CEO, who confirmed the story. Sam explained, “Our system was hijacked but our SAP was backed up, and we expect to be operational by the end of the week.” He encouraged me to share his story and to alert the industry.
GRIM SPIDER is the crime group behind the Ryuk ransomware which has infected the Deco system. GRIM SPIDER is a division of WIZARD SPIDER, which is also known as the Russia-based operator of TrickBot. TrickBot was primarily focused on wire fraud in the past.
Sam explained, “We won’t pay ransom to hackers, so it is an inconvenience that we will live through.”
Below is the ransom note that Deco received:
To unlock files, you need to pay 38 btc.
To confirm our honest intentions, we will unlock two files for free.
Send us 2 different random files and you will get it back already decrypted.
You can choose files from different computers on your network – so you will be sure that one key decrypts everything.
Files size should not exceed 5Mb.
Waiting for 38 btc to close the problem. Then you will receive decryption software that would completely recover all your files.
It’s simple windows executable that needs Administrator privilegies to be used. The cure procedure contains next steps:
1) Turn off any AV running;
2) Turn off internet connection (it will help to avoid any improper decryption – question of your safety);
3) Start that exe on each workstation or server; wait for it’s prompt that “operation complete” (it takes time depending on amount of data on current system)
4) Check that all is fine and get back to normal work.