Hacked, Haggard, Hooked

There's a war happening in the world that is so covert, so deeply embedded, so insidious, we ride the surface, blissfully unaware of it's impact.

Until it happens to us.

My personal story of being hacked started back in 2015 when I learned about Cryptowall for the first, and then second time.

They took everything. All of my documents, pictures, and other files were encrypted on my entire computer and I could pay a handsome fee to have them restored to me unharmed. Needless to say, I didn't play that game. I learned first hand that the threat of ransomware is real and affects ordinary people. I lost it all! Books I was writing that I hadn’t backed up, priceless images of my family, and so much more! Everything lost to the void of the digital world, never to be seen again.

Fast forward to February 12th, 2022.

I woke up from a blissful sleep, feeling pretty darn good. I had a project in PowerPoint I was working on so I glanced over at my computer to look lovingly upon it, as I had left it open the night before mid way through.

That's when my eye caught movement on the screen. I realized that my project was nowhere to be seen and I was looking at my desktop with the fractal picture I'd chosen as a wallpaper. The mouse cursor was moving on the screen, slowly, subtly, as though it had been possessed by a demon who was doing their best to remain unnoticed.

Oh I see you goddamnit!

I lurched out of bed and watched it just long enough to see what it was up to. It was hovering over the Big Fish Game Manager, a shortcut I hadn't used in over 6 months. My downloads folder was also open with the Big Fish installer at the bottom of the list. It was right there in front of me because this demon cursor had closed out my projects (I had 2 open the night before) opened up my downloads and was lingering on a game shortcut

Hm.

That's downright fishy if you ask me!

I lunged at the computer, alerting my partner to the suspicious activity. Then I grabbed the mouse and decided I was done watching its ghostly figure manipulate my personal space. As I eased the cursor towards the power down button, it began fighting me. It didn't WANT me to shut down my computer. It had been caught red handed and I was about to smash the cookie jar on its head. I clicked the start window. The cursor fled towards the right of the screen slightly. Like a fishing line, I pulled it in again, clicked the power button and the menu of options popped up. It fled again, trying desperately to escape the box of it's death. I reeled it in a second time, clicked the shutdown function and watched my screen go black.

Then I sat down.

My heart was pounding.

"Honey, I've been hacked! Someone was using my computer remotely." William was still waking too, and between the groggy feeling of first waking and the adrenaline of this invasion, I realized I was quite naked and had been standing right in front of my webcam while a hacker had full control of my equipment. Deep sigh. Not much I could do about that now. William suggested taping over my camera and that felt like a good idea given the circumstances.

We have 4 computers in the house, and there are four members of my family. My partner and I talked for a short while and then delved into YouTube on our smart TV for videos about hacking and Trojans and other relevant information. I used my phone to search for key terms and words they were using because I speak English, not computer jargon. It may as well have been Martian for as much sense as it was all making. I installed Malwarebytes and ran the first scan, detecting 29 PUP’s. If you don’t know what that is, it’s short for Potentially Unwanted Programs. I quarantined them of course but wasn’t feeling much reassurance with my new firewall protection.

When I felt brave enough to try some of the suggestions we learned about, I pushed the on switch and opened up my computer as though it was tainted with a demonic entity.

My dad is a computer programmer, I could have called him, but I knew a few things, and coupled with my new understanding, I began fishing around in some of the substructures of my system. Event Viewer, Task Manager, and system settings.

My CPU was through the roof, running 75 apps and 93 background apps. What the actual cyberheck? As I reviewed the list, I checked for unusual activity and it was so obviously everywhere that I felt stupid for not noticing how slow my computer had running over the last month or so, because all these programs were running without my permission or knowledge.

I decided to start ending tasks. Why not right? That will at least staunch the bleeding of my outrageous usage while I figure out what to do next.

Pop ups are such a bitch.

"You do not have administrative privileges to perform that action." Over and over and over again. Well why the hell not, computer!? I own you, remember, you work for me? Well, not anymore.

Apparently the hacker wasn't interested in my personal information or stealing my identity (thankfully), however what they were interested in, is using my computer as a proxy to set up 9 other virtual computers to run off of my IP address. And they did this to 2 other computers we have, jacking up our internet bandwidth usage to well over 700GB, which is our monthly limit. What a blessing that they were unable to get through my daughter’s Mac because she had better firewalls within her settings.

So they're piggybacking on our internet and I'm paying for them to do who knows what, while hiding behind our IP addresses, and giving themselves administrative permissions to change any parameters within our computers they wanted to, at the same time, locking us out of admin privileges that would route them out.

Not to mention that the ones I was able to successfully end, required me to turn my computer off and then back on again, which also restarted all the automated actions the hacker had put in place upon startup.

Ouch. That was a huge mouthful of lemons and my mouth was puckering at the sourness of this situation by now. 14 hours later, after YouTube videos that range from helpful to our plight and disgustingly informative so that the lay person could hack anyone with simple commands, monitoring the event viewer, Google searches for terms and word definitions that I now couldn't recall if I tried, my brain was quite effectively fried into a burnt, smoking mass. I was no longer functioning with my reasoning intact. To describe it as feeling haggard would be a gross understatement.

Everything stops now.

Call the professionals! Geeks to Go is a company I was familiar with since 2017 when my boss needed some computer work done. Some dude who works out of his garage and understands computer language and programming. I called him up and explained the situation. Turns out that a factory reset is the only option to repair such an embedded intruder. Well shit, once again.

$350.00 later, we have three "brand new" computers and we were afraid to turn them on. When we did, and went through the painstaking process of setting everything back up, syncing with my Google and Microsoft accounts with new passwords I was unfamiliar with using (and I have a password log so I keep all of that information up to date and easily accessible to me) I ran Malwarebytes again. 39 PUP’s this time. The only thing that registered in my brain is that it might have been possible for the hacker to attach these kinds of files to my Google account because they showed up after the syncing process. They were unable to get through Malwarebytes thankfully so my faith is slightly more restored in the firewall having seen that.

After days of calling Sparklight, our internet provider who updated our firewall to the max, changing my passwords online in a creative and frustrating wordplay, and calling my bank to make sure they really were not wanting to rob me blind was more stressful than attempting to herd cats and took another full day to execute.

The demon possessed computers have supposedly been exercised now but I am cautious like a trauma survivor. With everything in our world not only relying on, but depending on our technology to remain connected to the entire planet and its going-on's, store all of our personal information, and serve as our daily planner, there’s no escaping the digital age and everything that goes along with it. We are hooked, linked in, and connected like Neo in the Matrix with a tube practically sticking out of the back of our necks. We are so plugged in that it’s incomprehensible to imagine life without it.

Knowing that someone could figure out how to disable, find back doors and install their own commands on any of our personal computers, then use them to do nefarious things, like browse the dark web, set up proxy servers on YOUR paid internet, and possibly even search porn, has me feeling less secure than ever. If any of you remember using AOL, and browning the web in the early 90’s, I can tell you that it was a completely different experience. We used programs, not apps, CD’s to install them, not the internet (as much) and cyber security was just barely being discussed as a necessary safeguard in a budding new world before Google even existed.

I urge everyone to use Malwarebytes. It seems to be the most effective in detecting and eliminating threats. Linux is another option for users who are open to learning a completely different OS, where the security is top notch. VPN services can offer even deeper protection and I have not delved down that rabbit hole yet, but I may consider it in light of recent events.

Thank you for taking the time to wander through this experience with me. It is such a violation to anyone's personal space, that the aftermath still feels traumatic. This is my first article since the attack, and I am glad to be writing again for all of you miracles of life out there!

Stay safe and I’ll see you in the next article!

If you enjoyed this, check out another personal story I wrote about working in a supermarket. I don't see the world quite right sometimes... and I'm cool with that.