Victims have little chance of recovering money
A local business is out about $3,000 after being one of two Ransomware victims in the city.
A local business is out about $3,000 after being one of two Ransomware victims in the city.
This is the first time Whitehorse RCMP have learned of the scam happening to local businesses, though similar scams have been reported across the country for some time.
“In both cases, the businesses attempted to gain access to their computer files store ‘on the cloud’ but discovered that they could not access them because they had been encrypted,” police said in a statement late last week.
“They then received notification that their files had been encrypted and were told they had to pay money through Bitcoin, an online digital payment system, in order to get their files released.”
One company, whose identity isn’t being made public, made the payment and had its files restored.
The RCMP, however, noted victims don’t always get their files back after making the payment.
There’s next to no way to get that money returned.
“It would be pretty difficult,” Const. Julia Fox said this morning of recovering any money paid out.
The other business in the city affected by the same scam didn’t pay the ransom.
However, it has taken its computer to a local computer firm to try to get the files back.
“The Canadian Anti-Fraud Centre describes Ransomware as a form of malware that looks and denies access to victim computers, digital files and systems once encrypted,” the RCMP noted.
“It’s often spread through email attachments and botnets, sometimes through what appears to be legitimate emails.
“Once opened, the Ransomware installs itself to the computer and uses a public key to encrypt a variety of file types such as images, documents and spreadsheets.”
Fox noted that Scareware is also becoming a more common type of scam Outside.
There have been no reported victims of that in the Yukon yet.
The scam essentially begins with an email claiming there is illegal material on the computer that will be reported to the police unless a payment is made.
“It has happened across Canada,” Fox noted.
Police highlighted a number of tips to protect against being a victim of such scams.
They include:
• make daily backups of important files on an external hard drive;
• never click on popups that claim your computer has a virus;
• update your anti-virus software often;
• scan your computer for viruses regularly;
• don’t click on links or attachments in emails from anyone unknown, especially for .zip files;
• be cautious, even with emails from organizations or companies that appear to be legitimate;
• turn on pop-up blocking features in your browser; and
• never download anti-virus software from a pop-up or link sent to you in an email.
RCMP ask that anyone who’s received a message that may be such a scam report to the Canadian Anti-Fraud Centre at 1-888-495-8501.
Anyone that’s been a victim of a scam or fraud are also asked to contact their local RCMP detachment.
Comments (12)
Up 0 Down 0
June Jackson on Dec 4, 2016 at 9:27 pm
Tim Ardim: thank you for the advice, I followed it on Friday..I had thought that I am such a little fish that I wouldn't be worth any hackers effort. I have so little..but I'd like not to lose it.
Up 5 Down 0
Martin Lehner on Dec 1, 2016 at 3:38 pm
@Chickabowbow: public disclosure requirements should come from privacy legislation. HIPMA, PIPEDA and PCI all have various requirements for breach disclosure. This is independent from the RCMP and actually falls into the jurisdiction of the Information & Privacy Commissioner.
Up 3 Down 3
Tim jardim on Dec 1, 2016 at 12:05 pm
@June Jackson
Yes you are a target, everyone who is online is a target. The ransomware business is a multi-billion dollar business and as such the anti-virus companies are always playing catch up.
Although a USB flash drive is not perfect for doing backups, it is far better than nothing at all.
If you have not backed up your important documents, I would strongly recommend that you go to Staples and pick up a flash drive and backup your files today, and put the key in a safe space away from your computer
What I usually tell clients, is - What are the ramifications if you lose that data today? Can you get it back easy? What are the costs in involved in getting it back?
Up 7 Down 0
Chickabowbow on Dec 1, 2016 at 11:37 am
Martin Lehner. Do you believe the onus is on the RCMP or those businesses effected to be named publicly? I'd sure like to know if I was a customer of theirs that my personal information and possibly credit card/banking information has been compromised.
This is the 'elephant in the room' in this story yet no one is speaking about it.
Up 8 Down 0
June Jackson on Nov 29, 2016 at 4:37 pm
I am not a business, but I have all of my papers, my will, passport etc. copied to my computer. I thought it would be safe there if my purse got stolen or I lost stuff. I bank online.
I am reading this article, can someone tell me, can hackers get me too? Or would I not be worth hacking?
Up 6 Down 3
Martin Lehner on Nov 29, 2016 at 2:03 pm
Perhaps it's not reported to the RCMP, but I can tell you that, locally, 21 infections of ransomware occurred in just the first three months of 2016 against local business and NGO entities. A number of those resulted in a loss of data. My company has been compiling statistics on ransomware and malicious internet activity for several years now.
Up 8 Down 0
Tim Jardim on Nov 29, 2016 at 6:30 am
@ north_of_60
Actually a thumb drive is not a reliable method for regular backups. What ever medium you choose, remember not to leave it plugged into your computer or otherwise your backups will become encrypted as well if you get hit with ransomware.
Up 10 Down 3
jc on Nov 28, 2016 at 9:49 pm
I said this before, why report the scam to the Canadian anti-fraud centre. They can't do anything. Just a waste of time. Take the loss and suck it up. Report it just puts you in their data base.
Up 8 Down 0
Dr. Dave on Nov 28, 2016 at 8:17 pm
I'm curious as to whether or not the business that didn't pay up got heir files back.
Up 7 Down 2
Computer guy on Nov 28, 2016 at 7:49 pm
1) store your files on a Google Drive - don't use the 'sync' feature, that's how they'll get encrypted
2) weekly download your contents of the Google Drive as a single .zip file
3) upload this .zip file to DropBox (again, don't use any kind of syncing service)
Free and backed up in multiple locations you can access from anywhere.
Up 32 Down 1
north_of_60 on Nov 28, 2016 at 4:22 pm
Don't store anything valuable on "the Cloud".
Keep copies of important files on inexpensive "thumb drives" disconnected from the computer.
Up 43 Down 0
Alex Gandler on Nov 28, 2016 at 4:21 pm
PFFFFT - "the cloud" is just somebody else's computer!
Would you store the only copy of your important documents in the filing cabinet of a neighbor you had just met ?