This latest ransomware attack, targeting Tamarind House, The New Place Café, The Rickshaw and La Casita Mexican Café, has sparked management to issue a warning to other businesses: “Don’t send money. Call for IT help as soon as possible.”
The “Phoenix” ransom demand hit the restaurant group’s networks on Thursday and was not detected until Sunday. Staff were locked out of their accounts, their point-of-sale system and the rest of their files, said general manager Pasha Carruthers.
Although they did not have to turn away any customers, she estimated it would cost $500 to recover their data and secure their systems again. “It will have ongoing effects on us,” she added.
International computer security specialist Bojana Dobran says someone falls victim to ransomware every 14 seconds, at an average cost to each business of US$133,000 ($202,000). And around the world, that rate is worsening.
The Empire Theatre in Rarotonga has also been hit – and unlike the restaurants, was not able to recover its data. Manager Pa Napa said the cinema lost all its spreadsheets three years ago, including its box office reports.
But he would rather take that hit and rebuild their data than pay the extortionists’ demands of US$1600 ($2420).
Instead, he scrapped the infected PC and bought a new one at a cost of $1000. “I wasn’t going to pay them a cent,” he said. “They can go and jump!”
Local IT consultant George Ngatikao, from Techtro Solutions, helped the restaurants respond to the cyber attacks. He said the Phoenix ransomware first appeared about three years ago and seemed to be making a resurgence.
Typically, it might arrive through an email purporting to be from courier companies FedEx or DHL, advising that they had a parcel waiting for the email’s recipient – and telling them to open an attachment.
That attachment contains a programme that corrupts every file on the network – and if someone tries to open a file, it flashes up a message demanding US$1600 to unlock the files. “They use Bitcoins for the ransom payments, because it’s untraceable,” Ngatikao said.
“And most of the time when you pay the ransom, they don’t unlock it anyway.”
New Zealand’s Computer Emergency Response Team (CERT NZ) works with public sector cyber-security professionals across the Pacific. The authority has received reports of 122 ransomware attacks over the past two years.
“Protecting your business from ransomware is a matter of following simple steps, like having good backups and keeping software and operating systems patched and up-to-date,” said operations manager Declan Ingram.
“Ransom amounts are usually quite low to encourage people to pay them and justify the cost even if they didn’t get the files back.“
He warned: “CERT NZ doesn’t recommend that businesses pay ransoms; there is no guarantee that you will get your files back. If the files are returned, they may be infected with further types of malware that could infect your system.”
*George Ngatikao is at www.techtrosolutions.com or 23734.
PREVENTING A RANSOMWARE ATTACK
Update your operating system and apps.
Update antivirus and anti-ransomware software on your computer.
Regularly back up your computer and phone files to an external hard drive that is then removed from your system, and to the cloud.
Install a firewall to stop traffic from untrustworthy sources getting into your computer.
Don’t enable macros in Microsoft Office.
IF YOU ARE AFFECTED BY RANSOMWARE
Talk to your IT support person or a local computer services company if you need help with anything. They can check to see if you have ‘real’ ransomware on your computer, and try to get rid of it.
Restore your system from your most recent backup.
Reinstall your operating system if you don’t have a backup but note that this may erase all of your files.
Source: CERT NZ