Ransomware Swiss Army knife interview: Michael Gillespie

Michael Gillespie Interview

Ransomware is one of the most common and dangerous cybersecurity threats as interacting with an email loaded with malware or entering to a malicious website is enough to trigger an infection that could delete all information stored in our computers. Even Digital forensics expert of says that ransomware is selling as service offering discount on black friday deals.

The main way to combat ransomware is prevention, although it is also the least implemented, as this is an attack with a relatively high success rate; in case an attacker manages to complete the infection there are only three possible solutions:

  • Paying hackers; this is not really recommended
  • Recover encrypted information using backups, although in many cases victims don’t have backups
  • Use tools developed to remove encryption and restore access to compromised files

The last one is an ideal option in case of ransomware attack, as it represents an opportunity to recover the information as it was before the attack without negotiating with the hackers.

Most of the time these tools are developed by cybersecurity research and services firms and freelance ethical hackers, who collect samples of the malware and reverse engineer it to find out how it works. Using this information and methods, researchers create tools to remove encryption of a specific version of ransomware. 

The cybersecurity community recognizes Michael Gillespie as one of the brightest minds in the world of malware reverse engineering applied to ransomware. Despite being only 27 years old, Gillespie has developed more than a hundred tools to remove the ransomware, all available for free for the victims of these attacks.

Originally from Illinois, US, Gillespie began programming when he was just 13 years old; he said that one of his first contacts with the world of cybersecurity came at age of 17, when he discovered a serious vulnerability on his school’s website that was exposing students’ personal information. Gillespie was recognized by the school district as a standout student, thanks to his school grades and his interest in programming: “He’s a really smart young man and passionate about technology and computers,” said his high school principal.

The next year, instead of going to college, Michael got a job as a computer technician at Nerds on Call.

The first major sample of Gillespie’s intellect came in 2015, when he was still working as a repair technician. One of the company’s customers asked for their help to recover his files, which had been encrypted with the TeslaCrypt ransomware; soon after, Michael had already developed a tool to remove encryption from this malware variant.

Looking for more challenges, Michael began working with Fabian Wosar, a researcher specializing in ransomware. It wasn’t long after Gillespie began to stand out in this area; even his collaborators started calling him “Ransomman”.

The next step in Gillespie’s career came a couple of years later, when in collaboration with a team of researchers, he developed ID Ransomware, a website where victims of encryption malware can upload an infected file to scan for information about the ransomware variant in question and look for an available decryption tool.

Another collective effort involving Michael is Malware Hunter Team. Comprised of Gillespie, Wosar and researcher Lawrence Abrams, this team focuses on researching, reporting and monitoring the most advanced ransomware variants to develop tools that benefit victims.

So far, Gillespie has created over 100 tools, created from the reverse engineering of malware, that have been downloaded more than 320 thousand times for free from multiple websites dedicated to cybersecurity, mainly ID Ransomware.

According to specialists from the International Institute of Cyber Security (IICS), Gillespie has helped countless individuals, private companies and government organizations to recover their encrypted files; even the US government and cybersecurity firms resort to using Ransomware ID to generate statistics about this type of attack, as victims generally do not report these incidents to authorities.

In 2017, the FBI awarded Gillespie the Community Leadership Award for “public service, devotion, and help to ransomware victims in the US and the rest of the world”. It should be noted that Gillespie does not earn revenue from his work against ransomware; he has mentioned before that he is not really interested in money, despite the large amounts of cash he could earn. In a world full of fictional stories, Michael Gillespie has become a real life hero, helping thousands, or even millions of people without expecting anything in return. 

As for his personal life, in 2012 Gillespie married are his high school sweetheart, Morgan Blanch, with whom he has lived since in the company of their dog, their rabbit and their eight cats.