A new cyber threat called "ransomware" has hit Australian shores and is capable of fleecing millions of dollars from victims.
Cyber criminals use ransomware to take computer files belonging to
individuals or businesses hostage and then demand a hefty payout for
codes to unlock the files.
Earlier this month, financial data for
Brenton Deane's NSW bus company was taken hostage by a surprisingly
friendly hacker who told him he must transfer thousands of dollars to
criminal syndicates abroad to retrieve it.
The hacker originally
claimed to be "anti-child porn spam protection" and threatened to report
Mr Deane to the FBI if he didn't pay a penalty.
"It was surreal," Mr Deane told Nine News.
"We were absolutely, totally disabled. Just couldn't do anything."
A typical "ransomware" message.
After receiving no help from police, Mr Deane turned to local IT
expert Denis Pecnik, who negotiated with the polite hacker who
identified himself as "Jack Williams".
"He informed us that he
didn't want copies of the files, that he didn't want to delete the
files, he was simply doing a business transaction," Mr Pecnik from Ox
Data Tech said.
Five days later, Mr Deane and Mr Pecnik decided to
send a $3000 ransom to China and in return "Jack Williams" promptly
emailed them the unlock codes for the server.
Symantec, which
monitors nine million threats to Australian computers every day,
estimates organised criminals are using ransomware to extort more than
$5m a year.
But Sean Kopelke from Symantec said paying the hackers was extremely risky.
"You
don't know who you're dealing with, you're transferring money overseas
and you don't know if they're going to send you the unlock," Mr Kopelke
said.
AusCERT information security analyst Marco Ostini said
ransomware infections were widespread and the number of incidents was
increasing rapidly.
"The cost of damage to small businesses that
don't have dedicated IT staff and hire them on a time and materials
basis makes them especially at risk," he said.
"Frequently, they
may not devote the time and attention required to secure their systems
and thus have sufficient weaknesses for cyber criminals to exploit.
"Once
a cyber criminal has compromised the primary server of a small business
and installed ransomware, then the road to recovery is a rocky and
costly one."
How to protect your computer from ransomware:
1. Make sure your computer has the latest antivirus software and security updates;
2. Use memorable but complex passwords that are at least 12 characters long;
3. Back up all important information on your computer to a hard drive separate to your computer;
4. Restrict administrative privileges on your computer and don't browse
the website using a host account with administrative privileges;
5. Disable unnecessary remote access and only allow secure remote connections;
6. Configure the host-based firewalls to block all access and to only allow external access to required services; and
7. Enable application whitelisting.
What to do if your computer is infected with ransomware:
1. Don't interact with cyber criminals;
2. Immediately disconnect the computer from the internet;
3. Tell the police;
4. Ask an IT professional to use a parallel live operating system to
recover any essential data, wipe the infected computer clean by
formatting and do a fresh install of the operating system and any
required applications;
5. The IT professional should then make sure your computer has all
security updates and necessary security or configuration changes before
restoring all data.
Read some of the emails from friendly hacker "Jack Williams" below:
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 8.32am
Hello
You can send me one not important file for decrypt for proof I have your password and I can decrypt this file.
Of course after payment you will be sure I am sending you passwords for
decrypt and decrypt tool, you just need copy-paste this passwords and
click start. You dont need decrypt each file manually.
Thanks
**********@gmail.com
To: Jack Williams, ausec222999@gmail.com
Tuesday, November 6, 10.03am
Jack,
I have also read that some people claim once you send through the
password and derypt software and I try and run the software it will
immediately start deleting my data files?
How can I be sure this wont occurr??
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 10.13am
Lol where this you read, can i ask you?
What for i need to do this? I want money for passwords, i dont want delete any people information, why I need to do this?
And anyway if i want to do this, why after i got money i just not run
off? Or why send passwords and decrypt tool? For just delete ppl files?
This is very illogical dont you think?
I think you understand what i am talking about.
Thanks
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 10.59am
I can give you discount and new price is 3500$
Thanks
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 11.09am
Minimal price is 3200$. I can accept this only.
Thanks
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Tuesday, November 6, 11.48am
Like i said you before minimum is $3200 , i give you discount already for $800 !
Thanks
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Wednesday, November 7, 6.27pm
Any news?
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Thursday, November 8, 3.46pm
Like i said you before i never trick any people. Yes i am understand
maybe i am bad person anyway but i am not just swindler who never send
passwords after got money.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Friday, November 9, 1.00pm
Try wm-center, they have Online Chat, you can ask them about all your
questions :) There is no registration needed and a bit easy to make new
order. just read.
But i think if you do this like you said they cannot pick up money from you.
Thanks
**********@gmail.com
To:Jack Williams, ausec222999@gmail.com
Saturday, November 10, 10.52am
Jack,
Yeah I still have to contact them again like I did yesterday to now get
the new Street Address for the new name on the account. It took forever
yesterday to get the postal address for NAN GAO now I have to try and do
it all over again for Weisi Liu and try and get it all done before
postal office closes at 12pm EST here!!!!
Thanks
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 10.55am
Oh ok. Good Luck.
**********@gmail.com
To:Jack Williams, ausec222999@gmail.com
Saturday, November 10, 11.01am
Sorry jack its a very invloved process to send the money fro australia to western union.
thanks.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 11.05am
NP we are both waiting. Thanks
**********@gmail.com
To:Jack Williams, ausec222999@gmail.com
Saturday, November 10, 11.43am
Jack,
Hooray I just reprocessed the orders on Western Union and with Exhere to
the new guys name. I spoke with Exhere and they said they will have it
processed in 2 hours for me. So all Paid Jack. I hope this is ok.
Thanks.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 12.19pm
I need to go sleep now, i think this is not problem for you if i send
you your all info after i am back?.. My eyes going down and i am
sleeping on the keyboard wight now..but i love better to sleep in teh
bed ofc.. :)
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 12.26pm
All will be ok in the end dont worry about this, i will give you your passwords and decrypt tool.
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 12.30pm
I really cant stay more at the PC...when i am back i immediately send to you all info you need for decrypt. See You!
Jack Williams, ausec222999@gmail.com
To: **********@gmail.com
Saturday, November 10, 7.21pm
Hello. All is ok, DONT PANIC please. I got money from you, gimme 2 min i will send you all info.
Thanks
Source: Nine News
Author: Alexandra Pleffer, Approving Editor: Nick Pearson
When your Java installation completes, you may need to restart your browser (close all browser windows and re-open) to enable the Java installation.
