JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Ransom racket hits Brisbane businesses

Date

Zoom in on this story. Explore all there is to know.

Medical centres, entertainment businesses, mechanic's workshops and advertising companies have been targeted by hackers.

Medical centres, entertainment businesses, mechanic's workshops and advertising companies have been targeted by hackers.

More than 100 Queensland businesses may have fallen victim to hackers holding their computer files to ransom, police say.

Medical centres in Brisbane's CBD and Chermside have been held to ransom over their financial data and patient records.

A Miami medical centre on the Gold Coast fell victim to "ransomware" hackers earlier this month, with Russian criminals demanding $4000 for the centre's medical records to be decrypted.

Entertainment businesses, mechanic's workshops and advertising companies across Queensland have also been targeted.

Detective Superintendent Brian Hay of the fraud and corporate crime group said hackers were scanning the internet for remote access points to vulnerable file servers attached to businesses.

"We also believe they're using encryption software to defeat very poor passwords," he said.

With access to a business's file system, the hackers then encrypt the data on the server and lock it down, making it completely inaccessible.

They then demand thousands of dollars for the return of the information.

"Their encryption is of military standard - it cannot be defeated," Superintendent Hay said.

In order to survive, some businesses have forked out more than $3000 to retrieve their records.

"One of the encryption keys that a business had to purchase [from the hackers] to retrieve their data was 78 characters long," Superintendent Hay said.

However, had they backed up their data they might not have had to pay for it.

Malicious software that demands payment for the return of access to personal or financial data, known as ransomware, has been around in various forms for over a decade and has been a popular tool among Russian cyber criminals.

Now hackers worldwide can purchase ransomware kits on the online black market for as little as $800.

Queensland businesses were targeted by ransomware for the first time in September, Superintendent Hay said.

However, he said businesses were reluctant to report cyber attacks.

"I always suspect that if I receive one report, there's another 10 businesses out there that haven't reported it," he said.

"When this first came to our attention we had about 14 ransomware attacks reported to us, so you might say that there has been 140 out there and that wouldn't surprise me at all."

Superintendent Hay urged business owners to encrypt their data to ensure that it is useless in the hands of hackers.

“Our message is that of a proactive one," he said.

"Take the steps now to prevent this from happening as we cannot guarantee a fix to this problem. But perhaps the most important thing is to not respond to these emails if you receive one - contact us immediately.”

Police are urging small businesses to consider the following steps to help prevent virus attacks:

• Patch all servers with all available updates and/or update to the latest version of the software package currently used by the company (for example Microsoft Small Business Server etc).

• Have strong passwords on remote access procedures.

• Deploy a strong IT network security solution. Choose one that uses real-time anti-virus software, email scanning, real-time website protection, software and hardware firewalls, network intrusion detection and network monitoring technology.

• Ensure you are performing regular back-ups of non-infected systems (don't have the back-up constantly connected to the regular server).

• Ensure all machines on the network are regularly updated and include their own internet security solution. Ensure secure internet browsers are deployed across the network (avoiding non-updated versions of internet browsers wherever possible).

• Ensure users on your network are aware of malicious software and website links and the importance of being careful when using the internet and the dangers of clicking on web links contained within emails.

15 comments

  • I have heard this happening to an I.T person I know. And it also encrypted the disks that the backups were running to. But they contacted the hacker, paid the money, encryption program was given and it was much longer than 78characters.. And all data was back.

    This is why you have insurance. Pay the money, get your data, claim insurance.

    Commenter
    Judgeos
    Date and time
    December 28, 2012, 9:18AM
    • Hackers know that Australians are easy targets as our computer and security systems are not as advanced as america and europe. That is why we always the target from eastern Europeans from banking scams. I work in a bank and we know this is a reason. Maybe we should ask our europe and american friends how to not become victims. This doesnt happen that much in europe.

      Commenter
      Branco
      Date and time
      December 28, 2012, 10:08AM
      • Sorry, but your comment is absolute BS.

        Your statement that the reason Australian businesses are being targeted is because our "computers and security systems aren't as advanced as others in America or Europe" is completely false.

        The reality is that we do have access to the same Computer and security systems as those in America and Europe.

        The real cause of problems such as this come down to the fact that many Australian companies hire people who don't have a clue about security, who don't patch their systems and/or don't use firewalls.

        Most of these businesses being targeted are small businesses and I can almost guarantee that they don't have a full time IT person ensuring that their systems are properly patched or that they have adequate security in place.

        Most small businesses will have an external company providing limited (usually very limited) support or they will have an "expert" (usually someone who knows a little about home computers, but who doesn't know anything about business systems).

        This is what I see on a regular basis.

        And of course, we have the leading cause of security problems in all businesses - end users.

        I've lost count of all the times I've caught people clicking on links they've received from people they don't know, or browsing sites that are riddled with malware.

        Commenter
        DC
        Location
        Brisbane
        Date and time
        December 29, 2012, 2:46PM
    • I find the poll results quite funny..

      "Tell the police and leave it to them." has received the highest amount of votes.

      But just 3 years ago, a credit card scammer in QLD was trying to defraud us and managed to get over $3000 of services with stolen credit card(s) (our anti fraud systems stopped it all).

      But when I reported it to QLD police, with all the proper credentials we managed to find about the perpetrator, they told me "they were too busy to deal with it". So whoever thinks they are going to get any help, is probably dreaming..

      Commenter
      John
      Location
      Sydney
      Date and time
      December 28, 2012, 10:10AM
      • Been in IT since year dot (well the 70's) and have always harped to all who will listen and those that won't, BACKUP daily to at least 2 separate storage mediums with at least 1 off site or taken off site daily.
        Of course that is overkill for the average home user BUT even so still do it once a month or straight after any major changes to the system.

        As much as static IP's are convenient for VPN's etc they are a open invitation for repeat visits for DOS and port attacks. Always use router/firewall combo's that will alert you when either occurs via email. If you have bog stock internet connection reboot the modem/router weekly at a minimum or better yet daily to ensure your IP address is changing.

        And of course the bleeding obvious as pointed out in the article, keep all software up to date.

        Regardless of weather its a ransom attack/fire/theft/lightning strike or just plain bad luck........ BACKUP, BACKUP, BACKUP

        Commenter
        Shamu D-S
        Date and time
        December 28, 2012, 10:36AM
        • I used to work for Storagetek. I agree. Backup, backup, backup. Every day, week, month.

          Commenter
          Sue Denim
          Location
          Brisbane
          Date and time
          December 29, 2012, 7:30AM
      • The secret is - backup every day! Once a week, you need to do a full backup, then every day until the next weekly backup is done, you do a backup of all changed files. Don't backup to the server - backup to a USB drive, or even more secure, a DVD. If you use a USB, then have 6 of them - one for each day and then one for the full backup. I prefer to use a DVD for the full backup, then destroy the previus DVD each week the full is done. The USB's can be used for the daily backups. If you do this without fail, in addition to your good security on your files, then whilst you will never be 100% safe, you will be safer and will be able to restore your data!

        Commenter
        Megan
        Location
        Brisbane
        Date and time
        December 28, 2012, 10:40AM
        • Those who voted to Hold Out, either thinking it's a joke or holding out based on principle, is also dreaming. I'm not promoting paying the ransom, but $3000 vs potentially losing 10 times that amount from loss of service or sales, you can take the 'joke' or 'principle' and kill your business along the way.

          Commenter
          Principled but practical
          Date and time
          December 28, 2012, 11:23AM
          • Once they have your money, can you trust them to give you a key? No way I would ever pay them anything,

            Commenter
            g
            Date and time
            December 28, 2012, 8:05PM
        • I keep my backup's on a USB Harddrive, since I have a Mac Timemachine automatically updates it whenever I plug it in, great little piece of software.

          Commenter
          David
          Location
          Gold Coast
          Date and time
          December 28, 2012, 12:32PM

          More comments

          Comments are now closed