“Okay, so your first move on getting home was to open the safe and make a backup just like you said, so that if your laptop’s drive just happened to crash at that particular moment you’d still have a copy of the file I sold you.”
“You convinced me that it was the only copy extant,” said Wallace, sounding almost defensive.
“So in a world governed by Murphy’s law, making an immediate backup was the right move,” Peter agreed.
“He was expecting the file to show up on a particular server in Budapest no later than… translating to West Coast time, here… two A.M., and it was only midnight.”
“Plenty of time.”
“So I thought,” Wallace said. “Having set the backup in motion, I left the room, took a piss, and listened to the voice mail on my landline while I unpacked a few items and mixed myself a drink. I sorted through the mail. This might have taken all of about fifteen minutes. I went back to my study and sat down in front of my laptop and opened up a terminal window. When I am undertaking operations of this sort, I prefer to use SCP from the command line.”
“As you should,” Peter agreed.
“My first move was to check the contents of ‘Documents’ to remind myself of the filename and approximate size of the file that you sold me. And when I did that, I saw—well, see for yourself.”
Evidently Wallace’s laptop was already open on Peter’s workbench. There was a brief pause and then Peter said, “Hmm.”
“You need to understand that yesterday, ‘Documents’ contained a dozen or so subdirectories and maybe two score of files,” Wallace said.
“Including the file in question.”
“Yes.”
“And now it contains two files and two files only,” Peter said, “one of which is called troll.gpg, the other —”
“README,” Wallace said. “So I read the fucking thing.”
Peter snorted. “I think it’s
“REAMDE,” Wallace said.
“You’ve already opened it?”
“Perhaps stupidly, yeah.”
Peter double-clicked. There was a pause while (Zula imagined) he examined the contents of the REAMDE file.
The name had jogged a vague memory. Zula’s bag was leaning against the wall right next to her. Moving quietly, she reached into the padded laptop slot at its top and pulled out her computer. She set it on the floor, sat down next to it, and opened it up. Her first move was to hit the button that muted the sound. Within a few seconds it had attached itself to Peter’s Wi-Fi network. She clicked an icon that caused a VPN connection to be established to Corporation 9592’s network.
“We already established that you’re not a T’Rain player,” Wallace said.
“Never got into it,” Peter admitted.
“Well, that picture you’re looking at is of a troll. A particular type of mountain troll that lives in a particular region of T’Rain, rather inaccessible I’m afraid. Which might help you make sense of the caption.”
“‘Ha ha noob, you are powned by troll. I have encrypt all your file. Leave 1000 GP at below coordinates and I give you key.’ Ah, okay, I get it.”
“Well, I’m pretty fucking glad that you get it, my friend, because—”
“And now,” said Peter, cutting him off, “if we check out the contents of the other file, troll.gpg, we find that”—miscellaneous clicks—“one, it is huge, and two, it is a correctly formatted gpg file.”
“You call that correctly formatted!?”
“Yeah. A standard header and then several gigs of random-looking binary content.”
“Several gigs you say.”
“Yeah. This one file is big enough to contain, probably, all the files that were originally stored in your ‘Documents’ folder. But if we take the message in REAMDE at face value, it’s all been encrypted. Your files are being held for ransom.”
Zula had brought up Corporation 9592’s internal wiki, and now went to a page entitled MALWARE. Several trojans and viruses were listed. REAMDE wasn’t difficult to find; it was the first word on the page, it was large, and it was red. When she clicked through to the dedicated page for REAMDE and checked its history, she found that 90 percent of its content had been written during the last seventy-two hours. Corporation 9592’s security hackers had been toiling at it all weekend.
“How is this possible?” Wallace demanded.
Upstairs, Zula was already reading about how it was possible.
“It’s not just possible, it’s actually pretty easy, once your system has been rooted by a trojan,” Peter said. “This isn’t the first. People have been making malware that does this for a few years now. There’s a word for it: ‘ransomware.’”
“I’ve never heard of it.”
“It is hard to turn this kind of virus into a profitable operation,” Peter said, “because there has to be a financial transaction: the payment of the ransom. And that can be traced.”
“I see,” Wallace said. “So if you’re in the malware business, there are easier ways to make money.”
“By running botnets or whatever,” Peter agreed. “The new wrinkle here, apparently, is that the ransom is to be paid in the form of virtual gold pieces in T’Rain.”
“So until now, this has been a technical possibility, but few people have used it on a large scale,” Wallace said, working it through. “But these fuckers have figured out a way to use T’Rain as a money-laundering system.”
“Yeah,” Peter said. “And I’m guessing, since you drove all the way down here and left, as I now see, eight voice mails on my phone, that your backup drive in the safe also got infected.”
“Yeah, it fucked everything it could reach,” Wallace said. “It must have passed into my system from that fucking thumb drive you handed me, and then—”
“Don’t try to make this my fault. I use Linux, remember? Different OS, different malware.”
“Then how did this fucking virus get on to my laptop?”
“I don’t know,” Peter said.
Zula did know, because she was skimming pages of technical analyses of the REAMDE virus. One of the ways it propagated was through thumb drives and other removable media. And Peter had borrowed one of Richard’s old thumb drives so that he could transfer something into Wallace’s computer. Richard’s machine must be infected with REAMDE; but he wouldn’t know or care, since he was protected by corporate IT.
“But it doesn’t matter,” Peter continued. “All that matters is—”
“It
“All I’m saying is, we have to address the problem,” Peter said.
“Brilliant analysis there, Petey boy. It’s quarter to three. I’m already forty-five minutes late. I bought myself a bit of time by sending an email with some bullshit to the effect that my car broke down in the Okanagans. But the clock is ticking. We have got to decrypt that file!”
“No,” Peter said, “we have to pay the ransom.”
“Fuck that.”
“It is not possible to decrypt the file,” Peter said. “If we had the NSA working on it, we could probably decrypt it. But as matters stand, you’re screwed unless you pay the ransom.”
“
“Then it’s like I said. We pay the ransom.”
