A cybercrime warning has been issued after a NSW bus operator was forced to pay a hefty ransom
By Sean Muir | December 19, 2012
A cybercrime warning has been issued after a NSW bus operator was forced to pay a hefty ransom to retrieve files.
BusNSW has warned operators to be wary of unsecured servers and IT systems after New South Wales operator Forster Bus had its computer files taken hostage for almost $4,000 in ransom recently.
According to BusNSW, a
hacker used ransomware, a type of malicious software (malware), to encrypt files and lock the operator’s computer.
“The hacker then contacted the operator and demanded a ransom for the decoding tool to unlock the files,” a BusNSW statement says.
Forster Bus head Brenton Deane says after contacting police, and paying about $15,000 in IT costs, the company paid the ransom and was given a code to unlock the files.
“We had no choice,” Deane says.
“Our IT bloke worked on it for a week, and we went to every authority we could find and still couldn’t forensically get our data back because they erased our back up hard drive.”
Police also issued a warning this week after two South Australian businesses became victims of the internet extortion scam.
“As with any extortion, you are advised not to pay,” police say.
According to police, attackers are known to use the Remote Desktop Protocol (RDP) as an entry point to networks.
Authorities believe the criminals gain access by using authentication credentials obtained by key loggers – a covert software program which tracks the keys struck on a keyboard – or by accessing systems with weak passwords.
Payments are often sought via a wire transfer, premium-rate text messages, or through an online payment voucher service.
Police say victims of the offence are often small to medium businesses.
After first appearing in Europe, the United States and Canada,
the scam is thought to be on the rise globally.
Police say cyber security experts predict ransomware will be one of the main types of attack by online criminals in 2013.
Police recommend organisations consider taking the following measures to protect against this type of cyber security vulnerability:
- Ensure that all computer systems and programs are fully patched and updated
- Limit remote access to your systems directly from the internet
- Monitor remote access to your systems directly from the internet
- Enforce strong passphrase/password policies on your RDP services to reduce the risk from brute force attempts at cracking passwords
- Implement account lockout policies (account locks if too many false attempts are made) to reduce the risk from brute forcing attempts
- Where remote access is necessary, use secure methods such as a Virtual Private Network (VPN), require two-factor authentication (two methods, not just password), and restrict access to only those individuals, systems and services that really require the access
- Use up-to-date anti-virus software, and consider using different vendors for gateway and desktop systems.