Hackers ransom $3000 from NT business

Powered by SC Magazine
 

Vital financial data encrypted.

A Northern Territory business has been forced to pay a $3000 ransom to hackers who had encrypted its financial records.

The business found last week it was locked out of accessing vital credit and debitor invoice information stored on its network.

Hours after discovering the data, TDC Refrigeration and Electrical received an email demanding cash for the password.

Hackers had encrypted the data with 256 bit AES, IT manager Matt Cooper told SC.

“They had demanded the ransom within seven days, or it would go up another $1000, and again for every week the payment is late,” Cooper said. “I guess this is their way of making sure victims don’t try to crack the encryption.”

The money was paid by the request of the hackers through Western Union and Liberty Reserve, a favourite method of money transfer in underground circles. 

Attackers had in broken English claimed that child pornography was detected on the victim’s computer and payment must be made to unlock files, owner Jeremy Spoehr told ABC radio Alice Springs. 

Credit: Emsisoft

Two further Queensland businesses were also recent victims of ransomware attacks, according to Queensland Police. Those attacks appeared to use “unbreakable” encryption and were difficult to properly investigate and identify a source of the infection.

Detective Superintendent Brian Hay said those attacks were likely linked to drive-by-download websites which used web browser exploits to compromise machines.

Origin

While the origin of the TDC hackers has not yet been determined, several indicators pointed to Eastern European nations.

The hacking hotbed of Romania was linked to similar ransomware scams in many victim accounts. The method of attack also linked the attacks to the Eastern European nation: The hackers had accessed the financial data by a series of brute force password guesses likely using the DUBrute tool against vulnerable active Remote Desktop Protocol (RDP) connections, a method which the Australian Federal Police have linked to an organised criminal gang operating in the region.

That method was used in the attack which saw half a million credit cards fleeced from an Australian business, and 146,000 cards stolen from US merchants, including Subway restaurants.

Romanian cyber crime officials told current affairs program Today Tonight in March that cybercrime in that country was surging amid large raids by police.

Correspondence from the gang was professional too. Cooper said attackers immediately replied to correspondence and had provided detailed instructions to pay the ransom.

Moreover, Cooper could not find any similar victim accounts were attackers had taken ransom and not unlocked data, an act that could undermine the ransomware business model.

“We had to make sure they wouldn’t just run off with the cash, leaving us in a worse state,” he said.

Malware rising

The attackers had used a new malware variant designed for ransomware attacks. A new fourth variant of the ACCDFISA malware – so called because it purports to demand payment on behalf of the fictitious Anti Cyber Crime Department of Federal Internet Security Agency – was deployed by the attackers once the vulnerable RDP connection was accessed.

The first ACCDFISA malware strain was detected by Emsisoft in February. The subsequent three variants had increased in complexity and used different password generation methods and application names. It was capable of displaying a ransom notice and locking users out of their machines, encrypting files and deleting backups.

Later versions prevented users from entering safe mode and used two different passwords to encrypt files, preventing users from recovering data.

Cooper said that attackers were demanding larger ransoms be paid with each new variant.

“It started off with them asking for a hundred bucks, and now they’re up to $3000. I guess they are realising that can hit up businesses for a lot more money.”

Emsisoft said the best defensive measure was to increase RDP password security. It said there was no evidence to suggest the recent RDP vulnerability (MS12-020) was used in the attacks.

Queensland Police urged victims to contact police and anyone with knowledge of the attacks to contact Crimestoppers.

“While the loss of significant customer information is a distinct possibility, the risk you may have just provided a large volume of data to the attackers is very possible and must be addressed. The most important thing to do is to not respond to the emails and contact police,” Det Sup Hay said.

Copyright © SC Magazine, Australia


Hackers ransom $3000 from NT business
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  23%
 
Westpac
  19%
TOTAL VOTES: 1515

Vote