Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Share
Canadian Firm Pays $425,000 to Recover from Ransomware Attack
Source: itworldcanada.com
Source Date: Thursday, July 13, 2017
Focus: Citizen Engagement, Institution and HR Management
Country: Canada
Created: Jul 17, 2017

A major Canadian company was forced to pay $425,000 in Bitcoin over the weekend to restore its computer systems after suffering a crippling ransomware attack that not only encrypted its production databases but also the backups as well.

“They literally had not choice but to pay” because the backups were frozen, said Daniel Tobok, CEO of forensics firm Cytelligence, which is helping with the investigation.

Tobok wouldn’t identify the company for reasons of confidentiality. He believes it to be the largest ransomware payment in Canada to date. By comparison last month a South Korean Web hosting firm reportedly paid the equivalent of US$1 million in ransomware, believed to be the biggest publicly reported payment so far in the world.

Although the forensic investigation is in its early stages, the attack was very sophisticated. It started with spear phishing targeting six senior company officials who were sent a PDF attachment with a malicious payload.

Staff apparently fell for two old ploys: Two of the messages purported to be from a courier company and told recipients the attachments were invoices for packages to be picked up, while the other messages asked officials to open and print the attached document. That led to the insertion of malware.

Average data breach could still cost a Canadian organization millions: Report
The average cost of a data breach suffered last year by 27 Canadian companies was $5.78 million, or $255 per...

June 20th, 2017 Howard Solomon @howarditwc
“It appears from early investigation there were vulnerabilities in unpatched systems in their Windows environment,” said Tobok. “They had a couple of outdated database servers that had not had all the recent patches on them.”

It is believed the attackers then spent several months hunting around the network to find data stores before releasing the ransomware, which spread across the corporate network including backed up data.

“They knew where the databases were, the confidential information,” said Tobok. “They knew everything.”

Before handing over the money the company demanded the attackers prove they had the decryption key.

The incident is another warning that Canadian organizations aren’t immune from being attacked.

The early lessons from the attack, Tobok said, are if the CIO/CISO can afford it have third party do a full penetration test. “A real security audit would have discovered some of these vulnerabilities,” he said. “You can never control phishing because that’s a human element,” he said, although adding that awareness programs are still essential.

Another lesson apparently is to ensure backups aren’t connected to the primary system.

And, as Tobok says, “patch, patch, patch.”

At this stage, Tobok said, no enterprise should be caught off guard by this kind of attack. “When you look at [recent ransomware attacks] Petya, WannaCry, if that’s not a wake-up call for companies I don’t know what else is.”

(By Howard Solomon)
News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 5

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2008-2010 by UNPAN - United Nations Public Administration Network