Monday, 28 October 2019

The penniless hero of the ransomware epidemic has written more decryptors than anyone else

27 year old Michael Gillespie is a largely self-taught programmer and help-desk technician whose day job is working for Nerds on Call; when one of his customers asked for help in 2015 recovering files that had been encrypted by ransomware, he became obsessed with the subject and is now responsible for writing more ransomware decryptors than any other programmer, working for free and putting up an associated website, ID Ransomware, that guides ransomware victims through determining whether there is a decryptor for their strain of ransomware and helping them get their files back.

Propublica profiled Gillespie, painting a portrait of a driven, deeply ethical and empathic public-interest technologist who refuses any payment from the victims he helps because "He just doesn’t want to take advantage of people who are already being taken advantage of."

Gillespie and his wife, Morgan, are struggling with terrible debt, stemming in part from Gillespie's struggle with bladder cancer and his Morgan's diabetes and other health issues. They have narrowly avoided foreclosure and lost their car to debt repossession. Gillespie has solicited donations to pay for his work on occasion, but someone -- possibly ransomware criminals seeking revenge -- sent stolen money to him resulting in his accounts being frozen.

Gillespie's tools help about 2,000 victims every day (the FBI only hears from less than 1,500 victims per year) and his work has been key to securing indictments for ransomware criminals.

He's had to take up a 2AM paper route to make ends meet.

Someone should just give this guy a grant to do this work 40 hours a week.

Gillespie creates 90% of the decryptors available on BleepingComputer, Abrams said. Since May, when Abrams began tracking statistics, decryptors on the site have been downloaded more than 320,000 times.

While BleepingComputer makes money from advertisers, members of the hunting team from time to time have discussed charging for their services. Each time, “it left a sour taste,” Abrams said. He recalled a mother who contacted him to say she’d lost photos of her son, a fallen Army veteran, to ransomware. Abrams helped to decrypt her files. “I couldn’t charge for that,” he said.

Wosar and Gillespie have each created more free, public decryptors than anybody else in the world. The two have much in common: neither went to college and both consider themselves autodidacts, learning mostly from internet research. Both found a home and friendships on BleepingComputer. And both, Wosar said, suffer from imposter syndrome — feelings of inadequacy that persist despite their success.

The Ransomware Superhero of Normal, Illinois [Renee Dudley/Propublica]

(Image: Benjamin Marra/Propublica)