Yukon businesses hit by ransomware

The owner of a local IT company says more Yukoners are falling victim to ransomware than the RCMP are being told about.

The owner of a local IT company says more Yukoners are falling victim to ransomware than the RCMP are being told about.

Last week police warned the public about two local, unidentified companies that had access to their computers blocked by criminals who demanded money in exchange for giving control back.

In one of the two cases, the company paid $3,000 in bitcoins as ransom for its information, said police spokesperson Const. Julia Fox. The second company was able to recover its system back without paying anything.

“This is, I believe, our first time dealing with ransomware in the territory, that’s been reported to us,” she said.

“It’s possible that this has happened and people haven’t contacted us.”

Martin Lehner, co-owner of Whitehorse’s Orange Technology, said his company this year started tracking the number of ransomware calls it helps with.

From January to October 2016, 79 systems got infected with ransomware, the data show.

Of those, there were only 25 cases where the information was not recovered, usually because the ransom was too high or the information was not considered valuable enough, Lehner said.

In most cases the data are recovered, usually without paying the ransom, he said.

During the first half of the year the company was seeing around two to four ransomware infections a month, with the exception of March, when that number spiked to 14.

The last half of the year has seen much higher numbers. September and October saw 15 and 17 infections respectively.

There’s no obvious reason for why this type of crime might be increasing in the territory.

Earlier this year information about thousands of compromised computer servers was sold by criminals on the internet. Lehner said a few of those were northern-based.

“They said, ‘Here’s the list, here’s how many computer networks we have that are compromised, who wants to buy the administrative user names and passwords for these networks?’”

There may be no connection, he said, but “certainly things like that don’t help.”

Ransomware is often accidentally installed on a computer when someone clicks on a fraudulent link or opens an infected attachment, Lehner said.

“The one that’s out there right now, that I see in my inbox too, is a (fake) FedEx notification that says your parcel couldn’t be delivered and then it gives you an attachment to open.”

In the two cases being investigated by police, the businesses don’t know how they were infected, Fox said. They received an email informing them their information had been encrypted and was being held for ransom.

One case happened earlier this month. The other happened sometime in March, though police just recently heard about it, Fox said.

Police do not recommend that victims pay to get their information back. There’s no guarantee the criminals will actually release the information once they are paid, Fox said. Paying up can also encourage the criminals to victimize more people because they see the scam works, she said.

Both Lehner and the RCMP say it’s important to have quality antivirus software and a good external backup system to store all your data.

That way, if your system is compromised you have a copy of all the important data, Lehner said.

Police are also reminding people not to click on links or attachments in emails sent by someone they don’t know, especially .zip files. Users must be cautious, even with emails from organizations or companies that appear to be legitimate, and should never download antivirus software from a pop-up window or link sent to them in an email.

Most ransomware criminals are located outside of Canada, Lehner said, which could explain why victims don’t consider going to the local police for help when they get hit with ransomware.

“So what’s the RCMP going to do with somebody in China, somebody in Russia, somebody somewhere else? A lot of people, I think, find their time is wasted by reporting it.”

The crime is still something that’s worth reporting, he said, though victims shouldn’t get their hopes up that anything will come of reporting.

Fox confirmed “it would be very difficult” for the company who paid the ransom to get its money back.

Ransomware is not the only cyber crime Orange Technology tracks. In the first three months of 2016 the company documented 1.2 million attempted intrusions into the networks it administers.

“When somebody or some system on the internet attacks a network and it’s blocked by a firewall or security appliance then that’s logged,” Lehner said.

He said he’d like the territorial government to create some sort of centralized database where all IT providers can submit information on attempted attacks.

It could be open to any third party IT providers as well as governments and local businesses that run their own systems.

That would allow the territory to gather statistics on where threats are coming from and spot any patterns, he said.

“I can tell you a lot of the threats we see, a disproportionate amount of the threats we see are coming from China. Is that an issue Yukon-wide? Is that an issue for the Yukon government? Does that line up with some of the things other people are seeing? We have no idea,” Lehner said.

“If the government had some sort of central repository where we could dump all this information in along with everybody else, we could start seeing what the bigger picture is.”

If you’ve received a ransomware message, police ask that you contact the Canadian Anti-Fraud Centre at 1-888-495-8501 to report it.

Contact Ashley Joannou at ashleyj@yukon-news.com

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

U Kon Echelon hosts Tour de Haines Junction

U Kon Echelon continued its busy schedule with the Tour de Haines… Continue reading

Melted beeswax, community pottery take centre stage at Arts Underground’s August shows

Two new, and very different, shows will be opening at Whitehorse’s Arts… Continue reading

Northern First Nations call for a major overhaul of mining legislation

The Na-Cho Nyäk Dun, Tr’ondëk Hwëch’in and Vuntut Gwitchin Governments say change is long overdue

Yukon Salmon Sub-Committee recommends First Nations take ‘additional measures’ to conserve Chinook

Recommendation comes as Chinook run on the Yukon River appears unlikely to meet spawning goals

Students prepare for online learning as Yukon University announces fall semester

The school plans to support students who may struggle with remote learning

Changes to federal infrastructure funds allow for COVID-19 flexibility

Announcement allows for rapid COVID-19 projects and expands energy programs to Whitehorse

City hall, briefly

A look at decisions made by Whitehorse city council this week

C/TFN announces Montana Mountain reopening plan

Carcross/Tagish First Nation and the Carcross/Tagish Management Corporation announced the partial reopening… Continue reading

Roberta Joseph reelected as Tr’ondëk Hwëch’in chief

Unofficial results show Joseph with more than double the votes of runner-up

Development incentives considered for three projects

Projects will add 24 rental units to the market

Delegate calls for crosswalk changes to show support for people of colour

Mayor states support for idea, but cautions it could take some time

Whitehorse advises of water system maintenance

Residents on the city’s water system are being advised they may notice… Continue reading

Walkway, signs planned for West Dawson paddlewheel graveyard

Unofficial attraction may get 135-m walkway and interpretive signs, if YESAB application approved

Most Read