The Case Of The Single Step

15:365:2014Ransomware is in the news currently, with WannaCry and its various nasty successors taking out speed cameras and chocolate factories and all manner of other targets. It’s a clever technique, if you put aside the sheer evil of it: use advanced mathematics to scramble a victim’s computer files so they can only be unscrambled one way — then sell that one way for whatever price you can get. The official advice, as always, is don’t negotiate with criminals, but when the price for your entire business’s computer records is only around three hundred dollars, a lot of people are negotiating and official advice be damned.

Mildred at the Cairns Bay Netball Club called me because the computer they kept their membership records on was missing all its files, and a quick check showed me that ransomware was to blame. An unexpected email about cheap deals on flights had pulled her in: all it took was a trusting double-click and everything was gone. In cases like that, I would have advised her over the phone to get her computer wiped and type everything back in from print-outs, but I knew she had an ace up her sleeve.

About a year before, I had been referred to Mildred by none other than our good mate Dr Keith, who keeps popping up in these stories because the Huon Valley is a very cosy place and six degrees of separation is about four too many. I don’t recall now what Mildred’s original problem was, but I do know that I advised her to get a good backup process going, and when she baulked at the price of a commercial one, I gave her an alternative.

Ever since MS-DOS 2.0 or so in about 198-mumble, Microsoft has provided a handy little program called XCOPY. If you know the correct command line, you can make XCOPY back up an entire computer, every file and folder, merrily ignoring errors and only updating any files that have changed since the last time you did this. It’s not pretty, and remembering the command line is not for the weak of brain, but you can’t beat the price. I set up an icon on the club’s computer with the following mystic incantation in it:

XCOPY "C:\Documents and Settings\*" E:\Backups /c/r/i/k/e/y/d/h

See the command line options at the end? /c to continue after error, /r to overwrite read-only files, and so on. I remember it by imagining the scene in heaven when Steve Irwin meets D.H. Lawrence, and says “Crikey, D.H.!” It’s profoundly stupid, but it beats tattooing it on my arm.

look downstairs into stairwell whirlSo I knew Mildred had an icon on her desktop that would do backups. All she had to do, once a week, was plug the USB memory stick into the front of the computer and click the icon, and all the club’s records would be backed up. No mess, no fuss, and (for Windows XP in those days) just about the easiest available solution for free.

So when I heard the Cairns Bay Netball Club had been hit by ransomware, I dared to hope that all would be well. Ransomware sometimes attacks external drives that are plugged in to the target computer, but I remembered explaining to Mildred that she should keep her USB memory stick in the drawer when it wasn’t in use, so I was sure she’d be OK. I’d explained the whole very simple process to her and watched as she wrote it down, so I knew she was on top of it. At the absolute worst, they might have lost a week’s worth of data, if it had been that long since the last regular click of the old icon.

When I arrived, I quickly reassured Mildred that everything would be fine. While I checked to confirm that, yes indeed, it really was ransomware, and the files were totally scrambled, I asked her to please grab out the backup memory stick so I could check it was OK. This she did.

I plugged it in to my laptop to check it.

It was empty.

OK, I was a bit confused by this. I asked her to confirm that this was the same memory stick she’d been using to do her backups every week, by clicking on the icon.

She said, “Oh, I didn’t know what that icon was for. Can you get my files back?”

It had been a year. Every day she sat down at that computer, and saw the icon helpfully labelled “Back Up Files”. She ignored it. She had her copious notes, taken when I had been there, but she never referred to them.

I would like it known at this point that I did not tell Mildred what I thought of her, but I decided that if ever I told this story and was changing the details, I would definitely give her a silly name. Like Mildred or something.

I didn’t have much choice at that point. I gave her the number of a place that could sell her a new computer, because I couldn’t in conscience leave her using a Windows XP dinosaur when she could replace it for a few hundred bucks and get a warranty and regular updates. I advised her to go get all her print-outs and type them in when she got the new machine. There was nothing I could do to save data that no longer existed.

They say a journey of a thousand miles begins with a single step. That may be true, but it’s not all that helpful if someone doesn’t remember to take that single step. I can help people if they’re willing to help themselves, but I can’t force them to do anything. I am not the IT person-who-leads-horses-to-water-AND-makes-them-drink. I’m the IT blacksmith.


By Paul Sleigh | Tales From The Forge | Link