Archives for January 2017

The Herald is reporting the case of a website owner in New Zealand hit by a Ransomware attack, and extorted to the tune of $6,500, that he was forced to pay over in a secretive and untraceable Bitcoin transaction.

Although John Hussey, of seasonal jobs.co.nz decided to pay up – rather than pay even more for a decryption attempt he suspected was simply a revenue gathering exercise, it is not necessarily the best approach.

The cyber criminals are likely to be linked to organised crime at best and terrorists at worst, and every cent they earn makes the world a more dangerous and unpredictable place.

Further, the criminals keep registers of the “good payers” and often sell their lists on to other organisations so that they can also attempt to hit the victim again.

The Insurance industry has geared up for this, with policies covering decryption funds, reinstatement of records, limitation of damage to reputation and protection against the consequences of unwitting legal breaches – such as the Privacy Act, if sensitive client details are stolen.

For free advice and a no obligation quote on Cyber Insurance, please feel free to contact me here

The Herald story:

A New Zealand website administrator was forced to pay a $6500 ransom after his site was hijacked in an increasingly-common “ransomware” attack.

John Hussey, founder of popular job seekers website seasonaljobs.co.nz, said hackers had managed to encrypt his server and lock him out unless he paid their demand of 5 bitcoins – an untraceable virtual currency which at the time were worth about $1300 each.

“I was happily enjoying the Christmas-New Year’s period down in Dunedin when a couple of customers emailed me saying that the website was down.

“I logged into my server and that’s when I got confronted with the ransom message on the desktop, and my files were unobtainable.”

He had no communication with the hackers, who were able to stay completely anonymous through a hacker-friendly network.

Hussey tried to contact numerous companies he found online who claimed to be able to decrypt such attacks. But they wanted to charge even more than the ransom.

“[I] concluded they simply paid the ransom, added a commission and used the tool provided by the hackers to decrypt my files,” he said.

Although he considers it a “hobby”, Hussey has run seasonaljobs for some 15 years and he could not bear to see it destroyed by online criminals. It dawned on him that the only way he could revive it was to comply with their demands.

“Two minutes after I transferred the bitcoins, the page acknowledged receipt and diverted me to another page which had a link saying ‘download your tool here’.
“I couldn’t believe how simple it was actually and how quick it was, because I was of course worried that they might not give me the key even after I’d paid.”

Hussey said he was caught out by the hackers because he had neglected his website while away overseas.

According to a study published by Colmar Brunton in October 2016, one in five New Zealanders had been affected by cyber crime in the past year, a figure which rose to 72 per cent when spam and suspicious emails were included.

Since the attack, Hussey has taken steps to prevent further assaults, including creating multiple off-site backups, installing new anti-ransomware and malware software, and updating his server operating system.

He wanted to go public with his story to raise awareness of this growing form of online crime.

“These attacks can cause irreparable damage and are very easy to cause. They can be delivered by a simple email, with an attached … document containing malicious macros, but they are very difficult to prevent. The days when hackers attacked websites for glory is over, now financial profit drives many of them.”

Hussey was hoping to get collaborators on board to help him modernise seasonaljobs and to assist with running the site, which has about 50,000 unique visitors per month.

NetSafe chief executive Martin Cocker said these sorts of “ransomware” attacks were becoming commonplace.

“It’s something that we’ve seen growing steadily over the last few years. It’s growing both in the volume of attacks and also in terms of their sophistication.”

Hussey’s site would not have been specifically targeted but would have been the unfortunate victim of millions of infected files that were cast out into the web by the hackers.

“The criminals write software which goes out targeting particular types of networks or particular types of servers. So to some extent he’s been targeted but not as an individual but as part of a group because obviously there’s an opportunity with that particular type of user that the criminals have recognised.”

The other side to this sort of attack was hackers gaining access to personal, sometimes sensitive information, and threatening to leak it unless a ransom was paid.

NetSafe advised people in Hussey’s situation not to pay up, however, Cocker understood why people made the decision to do so.

“Some people pay and they don’t get the unlock key so they get burnt double. And the money you’re paying is going straight into organised crime and clearly we don’t want money channelling in that way.”

He was aware of some sites out there which offered to disable ransomware attacks, like the ones Hussey found, but some of these sites were actually run by the same hackers.

“A lot of it’s just a second-tier scam,” he said.

The best way to protect yourself was prevention, by keeping security and other software up-to-date and remembering to back up to a drive not connected to your device.

People who did fall victim could also contact NetSafe, who may be able to help to disable some of the simpler attacks.

See the full story http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11781191

A cruel theft on a Hospice fundraising shop is a reminder that nothing is beyond the thieves and that insurance is unfortunately a worthwhile component in any charities and businesses budgeting, recovery and risk management programme.

The Waipuna Hospice was targeted and items of value, like laptops, power tools and even their own tools used to repair the goods they sell on were taken.

Their trusty Ford Transit was also stolen.

Though they will be able to claim on the contents insurance for the items stolen, it will be a long time before they have enough valuable items to sell to really get business moving again.

Business Interruption Insurance can be of immense value to a business that cannot simply move premises immediately after a incident at their current site, loses significant amounts of stock that cannot easily be reordered or a business that can restart as readily by “buying a new laptop”.

It can cover Profits, ongoing bills like Rates, Water and Power on a premises that is still owned or leased but is unfit for use and Wages, both of the principal and staff who may be vital to the ongoing success of the  enterprise, for 1 or multiple years. Many businesses looking to restart elsewhere founder on the Resource Consent Act and the delays it can cause.

The original Story from the BoP Times is here:

Anna Whyte wrote

Waipuna Hospice has suffered a huge financial blow after thieves stole their van and ransacked the charity’s depot in Parkvale.

Business manager James Turner found the ransacked depot yesterday morning and thought it had happened between 4pm Saturday and Monday morning.

Almost every draw had been rifled through, soft toys lay strewn across the floor, paperwork rooms were turned upside down. Even a large wooden ship model had been moved from its original position.

Among the Items stolen were a laptop and tools used to repair items that would later be put up for sale.

The perpetrators had worn gloves.

Waipuna Hospice chief executive Richard Thurlow said he was “fuming and angry”.

“The depot is critical to the success of our shop, so to not have transport, it’s actually quite damaging. And it’s not just a loss of a van, it’s the trading. That’s a major part of our fundraising for the year. It hits everything.
“It will knock us back a few days, it doesn’t sound like a lot but it’s actually considerable, it could cost us tens of thousands of dollars. We’re going to lose out whatever happens, that’s the sickening thing.”

Manager Barry Stiles said the burglary was obviously “well planned”, judging by the state the building was left in.
“They’ve gone through every single nook and cranny.”

“It’s bizarre, they just spend so much time here.”

He said they had been targeted for saleable items, such as the tools and power tools.

“Now we’re at a standstill,” he said.

Mr Stiles said the hospice were still assessing the total value of the items stolen. The van was insured and the charity had contents insurance,

The hospice appealed on Facebook for any sightings of the van, which was believed to have been loaded up with stolen gear before being driven off.

The white 2007 Ford Transit Van has a registration of DUY554.

A police spokeswoman said the property had been locked and secured, but it was possible the offenders gained entry through a side door.

“The entire building has been completely ransacked which is not a nice thing at all. They’ve just rifled through everything,” she said.

If you recognise the van or have some information which might help police track down the stolen gear, or people responsible, please contact Tauranga police on 07 577 4300 or provide information anonymously on 0800 CRIME STOPPERS.

The Waipuna Hospice provide symptom control and pain management for people needing palliative care.
– It is predicted 1000 patients this year will need support
– They have about 700 volunteers supporting their service
– Over $2.4 million needs to be raised in the financial year to meet the shortfall between our Government funding and our operating costs.

If you’d like to help by donating, please go to
http://waipuna-hospice.co.nz/paymentextra/donate

See the original story here