The Ransomware Superhero of Normal, Illinois by Renee Dudley, ProPublica This story was co-published with the Chicago Sun-Times and The Pantagraph. ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up for ProPublica’s Big Story newsletter to receive stories like this one in your inbox as soon as they are published. About 10 years ago, Michael Gillespie and several classmates at Pekin Community High School in central Illinois were clicking on links on the school’s website when they discovered a weakness that exposed sensitive information such as students’ Social Security numbers. They quickly alerted their computer repair and networking teacher, Eric McCann. “It was a vulnerability that nobody even knew about,” McCann said. “They did a quick search on passwords and student accounts, and lo and behold, that file is sitting out there.” A shy, skinny teenager whose hand-me-down clothes didn’t fit him, and who was often ridiculed by schoolmates, Gillespie was already working after school as a computer technician. “He was full of information all the time,” McCann said. “We’d bounce ideas off each other. You could tell his passion for technology, for computers, for figuring out things. That definitely made him stand out.” Without crediting the students, school administrators closed the breach and changed everyone’s passwords. Gillespie’s anonymous protection of the school’s cyberdefenses was a harbinger of his future. Like a real-life version of Clark Kent or Peter Parker, the self-effacing Gillespie morphs in his spare time into a crime-foiling superhero. A cancer survivor who works at a Nerds on Call computer repair shop and has been overwhelmed by debt — he and his wife had a car repossessed and their home nearly foreclosed on — the 27-year-old Gillespie has become, with little fanfare or reward, one of the world’s leading conquerors of an especially common and virulent cybercrime: ransomware. Asked what motivates him, he replied, “I guess it’s just the affinity for challenge and feeling like I am contributing to beating the bad guys.” Each year, millions of ransomware attacks paralyze computer systems of individuals, businesses, hospitals and medical offices, government agencies, and even police departments. Often, files cannot be decrypted without paying a ransom, and victims who haven’t saved backup copies and want to retrieve the information have little choice but to pony up. But those who have recovered their data without enriching criminals frequently owe their escapes to Gillespie. The FBI and local law enforcement agencies have had little success in curbing ransomware. Local departments lack the resources to solve cybercrime, and the ransoms demanded have often been below the threshold that triggers federal investigations. Security researchers like Gillespie have done their best to fill the gap. There are almost 800 known types of ransomware, and Gillespie, mostly by himself but sometimes collaborating with other ransomware hunters, has cracked more than 100 of them. Hundreds of thousands of victims have downloaded his decryption tools for free, potentially saving them from paying hundreds of millions of dollars in ransom. “He took that deep dive into the technical stuff, and he just thrives on it,” said Lawrence Abrams, founder of a ransomware assistance website called BleepingComputer.com. “Every time a new ransomware comes out, he checks it out. ‘Can it be decrypted? Yes, it can be decrypted. OK, I’ll make the decryptor.’ And it’s just nonstop. He just keeps pumping them out.” Gillespie downplays his accomplishments. “IT moves so fast, there’s always something to learn, and there’s always someone better than you,” he said. Gillespie’s tools are available on BleepingComputer.com, and they can be accessed through a site he created and operates, called ID Ransomware. There, victims submit about 2,000 ransomware-stricken files every day to find out which strain has hit them and to obtain an antidote, if one exists. As hackers and their corporate enablers, including cyber insurance providers and data recovery firms whose business models are based on paying ransoms, profit directly or indirectly from cybercrime, one of ransomware’s greatest foes lives paycheck-to-paycheck. Under his internet alias, demonslay335, Gillespie tackles ransomware either in his downtime at Nerds on Call or at night in the two-story bungalow he shares with his wife, Morgan, and their dog, rabbit and eight cats. Surrounded by pets, he lies on his living room couch, decoding ransomware on his laptop and corresponding with victims desperate for his help. Although the FBI honored him in 2017 with an award for his website, it doesn’t systematically recommend ID Ransomware — meaning that some victims may never learn of a resource that could help them avoid paying a ransom. Many of his friends, relatives and colleagues don’t know the extent of his war on ransomware. “They do not have a clue because of Michael’s modesty,” said his wife’s grandmother, Rita Blanch. “Honestly, I don’t think anyone in the family knows what he does for free. I barely know.” When he got the FBI award, she added, “I sent out a family text, and they’re like: ‘What? What? Our Michael?’” McCann wasn’t aware of Gillespie’s accomplishments either. “It kind of gives me goosebumps,” the teacher said. “He’s sitting here doing all this for free. That’s incredible.” On a humid morning in July, Gillespie sat on his covered front porch. His hair was pulled back into a low ponytail, and he sported scraggly facial hair and a V-neck striped shirt. Brown leaves left over from the previous autumn and birdseed from a feeder were scattered on the ground. Gillespie said hello to a cardinal — the Illinois state bird, he pointed out — and a squirrel with a “wonky eye.” He said a family of groundhogs resides under the porch and eats from the front-yard mulberry tree, but they didn’t make an appearance. He opened his Twitter account. “Like right now, I have 58 PMs and 120 notifications,” he said. Most were pleas for help from victims of a ransomware strain, STOP Djvu, which he can sometimes decrypt. Gillespie’s love of computers and electronics started early. His paternal grandmother, a video gamer, introduced him to online role-playing games such as RuneScape. He played Donkey Kong Country […]

Categories: security