The man, who requested anonymity, is a close friend of the writer, and the site which was compromised does not really need to be exposed to the Internet.There is no indication on the site as to the company's annual revenue, but it has a professional look as the man himself has been in the IT business for more than three decades and knows the value of a decent website.
However, as he himself confessed on Monday morning, he had committed two cardinal sins: one, he had been running Windows on the site which ended up being breached, and two, he had neglected to lock down his Internet facing sites.
"Given that only a couple of developers need access to this site in order to work on the files there, I could have limited entry to just their [the developers] IPs," the man, who is well-versed in technology, told iTWire.
The ransomware with which he was hit is Avaddon and the operators left him the standard ransom note, but did not say how much they were demanding. He was told to get in touch if he wanted his files back.
The man said he had noticed the intrusion on Tuesday last week when he set about copying the files from one of the two 500GB drives he uses to another – that is his method of backing up.
"I found that whoever had got in had encrypted every file on the two VMs," he said, adding that he used VirtualBox to spin up two VMs on both of which he runs Windows as he has licences for the operating system.
"My main developer from India contacted me, saying their VM was down and that is when I saw what had happened."
He said the backups he had made had been done in the nick of time. "I spent the last few days locking down my router, and then copying 80GB partitions from one machine to the other.
"The cloud ISP then reinstalled the operating system and copied over some folders from the production VM which had not been touched. But I still had to reinstall the database and some other programs. A lot of time was wasted but it was a good lesson and a reminder to lock my door."
He said he had now restricted access to the site, allowing in just the IPs which his developers in India used.
"I did not click on the link they had sent as I did not want to make them aware that I was checking to see what the ransom was," he added. The Avaddon operators have not yet listed his site on their site on the dark web.