Businesses have been warned to update their security after an infectious email lead to Mandurah Quay Resort being “held for ransom”.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
The resort’s central server was infected by a malware program through an email on the business’s accounts email.
Manager Tanya McFarlane said the attack locked their computer system for five days.
“We got an email that was sent to our account email address that was sent as a statement,” Ms McFarlane said.
“It just basically took over our whole system and locked all of our computers.
“So obviously we ran our virus scans and then we realised it was bigger than what we could deal with.
“We contacted our IT people, and basically we found out they were holding us to ransom.”
Ms McFarlane said they then received an email with a countdown timer, informing them they were required to pay the money through Bitcoin, an internet-based form of currency.
The email said the amount demanded would double if not met within the time limit.
“They waited until they had received the money before they released the encryption code, then we had to run the encryption through our systems,” Ms McFarnale said.
“There was something like 16,000 files infected; it took more than a day to clean out the whole system.”
The malware program managed to infect the business’s bookings system, which is the basis of their operations.
“We don’t know if people are turning up or not without that system, which obviously causes us massive grief,” Ms McFarlane said.
“It’s pretty scary that this kind of thing can happen in this day and age.”
Ms McFarlane said they contacted the police, who were unable to assist them.
“I contacted the police straight away, because I wasn’t comfortable with what is basically a ransom demand,” she said.
“But the police just put me onto a website and said, ‘make a statement online’, which I’ve done. I haven’t heard a thing from them since.”
Acting commissioner for consumer protection Gary Newcombe said the specific type of malware, known as “ransomware”, was especially dangerous to businesses and those who use their computers for business.
“Ransomware can be devastating to both home computer users and businesses that don’t have the time, expertise or resources to deal with the problem,” Mr Newcombe said.
“Consumer Protection recommends not to pay money to cyber criminals if computers are infected by ransomware, as the scammers are likely to come back for more money.
“However, we are aware that the reality for some businesses, especially those who have not backed up their data for a considerable amount of time, is that paying the ransom is seen as a worthwhile investment to try to retrieve files that are valued at more than the requested ransom amount.
“Indeed some businesses have had the files unlocked/decrypted upon payment of the ransom.”
Mandurah Quay is one of many businesses and individuals who have contacted Consumer Protection after their computers were infected with ransomware.
Since the beginning of the year, more than 100 cases of malicious infections using ransomware have been reported to their office.
A spokesman form Consumer Protection told the Mandurah Mail about two similar cases occurring in the last two weeks.
“Consumer Protection in Perth was contacted by the owners of a removalist company that was attacked by ransomware after a staff member opened an attachment received by email,” the spokesman said.
“The small business lost several thousand dollars and information about clients before the problem could be rectified.
“A pest control business in Kalgoorlie also reported receiving a purchase order via email that looked just like their normal purchase order emails.
“They clicked to open it and got a pop-up message stating that the computer had been frozen and a $500 ransom would have to be paid to allow the user back in.
“Unfortunately they hadn’t backed up their data for six months.
“A computer technician was unable to decrypt the files and after three business days they had no choice but to pay the ransom.
“They have now saved all the recovered data and learned a costly lesson to back up daily.”
Consumer Protection offer a range of tips to prevent ransomware from infecting your system, such as educating all staff to not open emails that may be infected, especially from unknown senders.
They also advise to contact a reputable IT technician or search the internet using the term ‘decrypt ransomware’ as a search term.
“Importantly, beware of scammers seeking payment for decryption,” Consumer Protection advises if searching for a solution online.