Australian Business Owner Pays Ransom After Hackers Encrypt Company Data (Updated)

The cybercriminals didn't decrypt his files even after he paid $3,000 (2,400 EUR)

By on September 22nd, 2012 10:36 GMT

Here we have a real-world example of why ransomware is so dangerous. The owner of Australian firm TDC Refrigeration, found that all his work files were encrypted after company computers became infected with a nasty piece of malware.

Judging by the description the man gave to ABC, this was most likely one of those pieces of ransomware that encrypts important files and accuses the victim of downloading illegal content.

Shortly after the computers started acting up, displaying all sorts of threatening messages, the fraudsters sent an email, asking the company to pay up if it wanted to have the files decrypted.

The affected files contained highly important information and the incident was costing a lot of money because the business workflow had been interrupted. So, the owner decided to pay the $3,000 (2,400 EUR) demanded by the cybercriminals.

However, the hackers didn’t decrypt the files even after the ransom had been paid. And why would they bother? They might not even know the encryption key.

That’s why experts always advise victims to turn to specialists, instead of paying up. As we highlighted on numerous occasions in the past, those who give in to extortion might be placed at the top of a list containing the details of “potential victims” for future criminal campaigns.

Also, company owners should educate their employees regarding Internet safety. Ransomware usually doesn’t simply fall for the sky and it doesn’t end up on devices unless someone opens an attachment or visits a shady website.

In this particular case, the owner of TDC Refrigeration claims that “very good security” measures have been deployed on the computers. However, while a decent antivirus is capable of keeping you out of trouble in most situations, the lack of best security practices will eventually turn internauts into the victims of such plots.

Update. After paying the ransom, the cybercriminals sent the encryption keys to the victim. However, we still highly recommend against paying up in such situations.

Update2. As one of our readers kindly points out, there is a type of ransomware that doesn't require drive-by attacks or social engineering to infect a computer. Instead, the attacker penetrates the system via Remote Desktop or Terminal Services by brute-forcing the passwords. More details are availabe here.

Users can protect themselves against such types of ransomware by setting strong passwords for accounts that are utilized to remotely access the system, or by disabling the services altogether if they're not needed.

6 Comments