The Herald is reporting the case of a website owner in New Zealand hit by a Ransomware attack, and extorted to the tune of $6,500, that he was forced to pay over in a secretive and untraceable Bitcoin transaction.
Although John Hussey, of seasonal jobs.co.nz decided to pay up – rather than pay even more for a decryption attempt he suspected was simply a revenue gathering exercise, it is not necessarily the best approach.
The cyber criminals are likely to be linked to organised crime at best and terrorists at worst, and every cent they earn makes the world a more dangerous and unpredictable place.
Further, the criminals keep registers of the “good payers” and often sell their lists on to other organisations so that they can also attempt to hit the victim again.
The Insurance industry has geared up for this, with policies covering decryption funds, reinstatement of records, limitation of damage to reputation and protection against the consequences of unwitting legal breaches – such as the Privacy Act, if sensitive client details are stolen.
For free advice and a no obligation quote on Cyber Insurance, please feel free to contact me here
The Herald story:
A New Zealand website administrator was forced to pay a $6500 ransom after his site was hijacked in an increasingly-common “ransomware” attack.
John Hussey, founder of popular job seekers website seasonaljobs.co.nz, said hackers had managed to encrypt his server and lock him out unless he paid their demand of 5 bitcoins – an untraceable virtual currency which at the time were worth about $1300 each.
“I was happily enjoying the Christmas-New Year’s period down in Dunedin when a couple of customers emailed me saying that the website was down.
“I logged into my server and that’s when I got confronted with the ransom message on the desktop, and my files were unobtainable.”
He had no communication with the hackers, who were able to stay completely anonymous through a hacker-friendly network.
Hussey tried to contact numerous companies he found online who claimed to be able to decrypt such attacks. But they wanted to charge even more than the ransom.
“[I] concluded they simply paid the ransom, added a commission and used the tool provided by the hackers to decrypt my files,” he said.
Although he considers it a “hobby”, Hussey has run seasonaljobs for some 15 years and he could not bear to see it destroyed by online criminals. It dawned on him that the only way he could revive it was to comply with their demands.
“Two minutes after I transferred the bitcoins, the page acknowledged receipt and diverted me to another page which had a link saying ‘download your tool here’.
“I couldn’t believe how simple it was actually and how quick it was, because I was of course worried that they might not give me the key even after I’d paid.”
Hussey said he was caught out by the hackers because he had neglected his website while away overseas.
According to a study published by Colmar Brunton in October 2016, one in five New Zealanders had been affected by cyber crime in the past year, a figure which rose to 72 per cent when spam and suspicious emails were included.
Since the attack, Hussey has taken steps to prevent further assaults, including creating multiple off-site backups, installing new anti-ransomware and malware software, and updating his server operating system.
He wanted to go public with his story to raise awareness of this growing form of online crime.
“These attacks can cause irreparable damage and are very easy to cause. They can be delivered by a simple email, with an attached … document containing malicious macros, but they are very difficult to prevent. The days when hackers attacked websites for glory is over, now financial profit drives many of them.”
Hussey was hoping to get collaborators on board to help him modernise seasonaljobs and to assist with running the site, which has about 50,000 unique visitors per month.
NetSafe chief executive Martin Cocker said these sorts of “ransomware” attacks were becoming commonplace.
“It’s something that we’ve seen growing steadily over the last few years. It’s growing both in the volume of attacks and also in terms of their sophistication.”
Hussey’s site would not have been specifically targeted but would have been the unfortunate victim of millions of infected files that were cast out into the web by the hackers.
“The criminals write software which goes out targeting particular types of networks or particular types of servers. So to some extent he’s been targeted but not as an individual but as part of a group because obviously there’s an opportunity with that particular type of user that the criminals have recognised.”
The other side to this sort of attack was hackers gaining access to personal, sometimes sensitive information, and threatening to leak it unless a ransom was paid.
NetSafe advised people in Hussey’s situation not to pay up, however, Cocker understood why people made the decision to do so.
“Some people pay and they don’t get the unlock key so they get burnt double. And the money you’re paying is going straight into organised crime and clearly we don’t want money channelling in that way.”
He was aware of some sites out there which offered to disable ransomware attacks, like the ones Hussey found, but some of these sites were actually run by the same hackers.
“A lot of it’s just a second-tier scam,” he said.
The best way to protect yourself was prevention, by keeping security and other software up-to-date and remembering to back up to a drive not connected to your device.
People who did fall victim could also contact NetSafe, who may be able to help to disable some of the simpler attacks.
See the full story http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11781191