How this business enlisted a “cyber angel” to pay a criminal’s ransom after losing 65 weeks’ worth of data

cyberattacks

An Australian business has coughed up and paid $5000 in digital currency Bitcoin to a cyber criminal after its servers were compromised by ransomware that caused it to lose a combined 65 weeks’ worth of data.

The Outdoor Media Association’s (OMA) chief executive Charmaine Moldrich took to the organisation’s blog to discuss the cyber attack that occurred last month, compromising all of its computers, with the last off-site backup being more than six weeks old.

“We were hacked at 10.25pm. No alarms went off, no alerts were sent until the first team member arrived to work at 7.30am to find a hacker’s ransom message on all our computers,” Moldrich wrote.

“By this stage the ransomware had encrypted every file on our server including our back up.”

Ransomware is a common form of cyber attack in which criminals encrypt files on a user’s computer and servers, demanding a significant payment before the files are unlocked.

The world has been rocked in recent months by ransomware attacks of unprecedented scale, with businesses across the world being knocked out of action due to attacks like WannaCry and Petya.

The amount of data lost was significant: an estimated 65 weeks’ worth of data if the work of ten employees over six and a half weeks is added together. Because of this, Moldrich made the decision to attempt to pay the hacker’s ransom via digital currency Bitcoin.

Businesses and individuals are often dissuaded from paying cyber criminal’s ransoms, warned against negotiating with criminals, but Moldrich believes it was a “matter of risk analysis”.

“Our information was worth more than the hacker’s ransom price of one bitcoin,” Moldrich wrote.

“All the advice we received, bar none was: ‘don’t pay the hackers’. While I agree with this in principle, on a pragmatic level we had lost 65 weeks of work, and I couldn’t let that go.”

“What I learnt was that it is less of an issue of hackers reneging on their side of the deal, and more about security agencies/good hackers shutting down payment links to disrupt the hacker’s activities (and therefore also interrupting the two-way flow between the bitcoin ransom being paid and the key to unlock the files being sent).”

Bitcoin is a digital currency based on the blockchain, developed in 2010, and was initially priced at around $US.08 cents. After a tumultuous seven years, Bitcoin’s current price is at an all time high of $4382 at time of publication, and OMA’s hacker was demanding an entire Bitcoin.

However, the company found buying one Bitcoin to be much harder than anticipated, being unable to buy it with credit card, and saying “who has a lazy $3,000 hanging around in cash to pay for a bitcoin?”

In the end, OMA recruited the help of a “cyber angel” who opened a direct line of communication to the hacker and helped the company purchase their Bitcoin.

“We were finally able to send the hackers a file to unlock, to prove that they were genuine and had the solution. Once we received the file back, unlocked, our cyber angel purchased the bitcoin, made the transfer, and again, via a secure link on the dark web, directly paid our cyber robbers,” Moldrich said.

The company received the key to unlock their files the next day, saying the whole process took four days to resolve from the first day they were hacked. Wrapping up the blog post, Moldrich said the attack “feels like a distant memory”.

“We were lucky. It happened in one of our least busy weeks as we had no pressing deadlines. Therefore, we were able to react without fearing the worst or panicking,” she writes.

“It brought us together. We had the time to have lunch together, we did go home earlier, and we managed to work around our file loss.”

From the experience, Moldrich divulged four “valuable” business lessons:

1. Back up, back up, and then back up again – off-site
2. Update your computer software
3. Your office will grind to a halt [if you are hit] …no avoiding that one
4. Find a cyber angel to help you navigate the dark web

SmartCompany contacted the Outdoor Media Association but did not receive further comment prior to publication.

Never miss a story: sign up to SmartCompany’s free daily newsletter and find our best stories on TwitterFacebookLinkedIn and Instagram.

COMMENTS


Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments