22
Got hit with ransomware at 2AM on a Saturday
I was working on a freelance project from my apartment in Austin. Opened an email attachment thinking it was client revisions. Next thing I know, every file on my desktop had a .lock extension. Had to wipe the whole drive and lost 3 days of work. Anyone else had a close call with phishing emails that looked legit?
3 comments
Log in to join the discussion
Log In3 Comments
seanlee8d ago
opened an email attachment thinking it was client revisions" - there's your problem right there. I mean yeah it sucks you lost 3 days of work but wiping a whole drive for a ransomware hit at 2AM on a Saturday seems a bit extreme. Most ransomware these days is just encryption, not disk wiping. Could've probably just restored from backup or used decryption tools if it was a common variant. Honestly getting hit at 2AM is the worst timing but 3 days lost is not the end of the world. People act like ransomware is this huge life ending thing but realistically you just learn to keep better backups and move on.
8
blairtaylor7d ago
@seanlee I hear you on backups being the real lesson here, but wiping the drive wasn't my first move. I spent about 40 minutes trying common decryption tools and checking if it was a known variant before I pulled the plug. The scariest part was how good the email looked - it had the client's actual logo, their email signature copied perfectly, and it even referenced a project name I actually used with them. By the time I noticed the sender domain was off by one letter, everything was already locked. My question is how do you even spot those fakes when they're that detailed? Like, do you just call the client every time before opening anything?
3
evan_wilson187d ago
3 years back I got hit with one that spoofed my insurance agent's email perfectly (even had the right policy number in the subject line) and clicked a link that looked like a claim form. The only reason I caught it was because I hovered over the link before clicking, and the URL was a jumbled mess of random letters and numbers instead of their normal website address. That little hover trick has saved me twice since then, so now I make it a habit to mouse over every link and attachment file name before I touch them. Another thing I do is check the reply-to field, since scammers always set that to their own address even if the "from" looks legit. Honestly calling the client beforehand every time would slow things down too much, but a quick "hey you send me that file just now?" text can save your whole week.
5