The owner of a local IT company says more Yukoners are falling victim to ransomware than the RCMP are being told about.
Last week police warned the public about two local, unidentified companies that had access to their computers blocked by criminals who demanded money in exchange for giving control back.
In one of the two cases, the company paid $3,000 in bitcoins as ransom for its information, said police spokesperson Const. Julia Fox. The second company was able to recover its system back without paying anything.
“This is, I believe, our first time dealing with ransomware in the territory, that’s been reported to us,” she said.
“It’s possible that this has happened and people haven’t contacted us.”
Martin Lehner, co-owner of Whitehorse’s Orange Technology, said his company this year started tracking the number of ransomware calls it helps with.
From January to October 2016, 79 systems got infected with ransomware, the data show.
Of those, there were only 25 cases where the information was not recovered, usually because the ransom was too high or the information was not considered valuable enough, Lehner said.
In most cases the data are recovered, usually without paying the ransom, he said.
During the first half of the year the company was seeing around two to four ransomware infections a month, with the exception of March, when that number spiked to 14.
The last half of the year has seen much higher numbers. September and October saw 15 and 17 infections respectively.
There’s no obvious reason for why this type of crime might be increasing in the territory.
Earlier this year information about thousands of compromised computer servers was sold by criminals on the internet. Lehner said a few of those were northern-based.
“They said, ‘Here’s the list, here’s how many computer networks we have that are compromised, who wants to buy the administrative user names and passwords for these networks?’”
There may be no connection, he said, but “certainly things like that don’t help.”
Ransomware is often accidentally installed on a computer when someone clicks on a fraudulent link or opens an infected attachment, Lehner said.
“The one that’s out there right now, that I see in my inbox too, is a (fake) FedEx notification that says your parcel couldn’t be delivered and then it gives you an attachment to open.”
In the two cases being investigated by police, the businesses don’t know how they were infected, Fox said. They received an email informing them their information had been encrypted and was being held for ransom.
One case happened earlier this month. The other happened sometime in March, though police just recently heard about it, Fox said.
Police do not recommend that victims pay to get their information back. There’s no guarantee the criminals will actually release the information once they are paid, Fox said. Paying up can also encourage the criminals to victimize more people because they see the scam works, she said.
Both Lehner and the RCMP say it’s important to have quality antivirus software and a good external backup system to store all your data.
That way, if your system is compromised you have a copy of all the important data, Lehner said.
Police are also reminding people not to click on links or attachments in emails sent by someone they don’t know, especially .zip files. Users must be cautious, even with emails from organizations or companies that appear to be legitimate, and should never download antivirus software from a pop-up window or link sent to them in an email.
Most ransomware criminals are located outside of Canada, Lehner said, which could explain why victims don’t consider going to the local police for help when they get hit with ransomware.
“So what’s the RCMP going to do with somebody in China, somebody in Russia, somebody somewhere else? A lot of people, I think, find their time is wasted by reporting it.”
The crime is still something that’s worth reporting, he said, though victims shouldn’t get their hopes up that anything will come of reporting.
Fox confirmed “it would be very difficult” for the company who paid the ransom to get its money back.
Ransomware is not the only cyber crime Orange Technology tracks. In the first three months of 2016 the company documented 1.2 million attempted intrusions into the networks it administers.
“When somebody or some system on the internet attacks a network and it’s blocked by a firewall or security appliance then that’s logged,” Lehner said.
He said he’d like the territorial government to create some sort of centralized database where all IT providers can submit information on attempted attacks.
It could be open to any third party IT providers as well as governments and local businesses that run their own systems.
That would allow the territory to gather statistics on where threats are coming from and spot any patterns, he said.
“I can tell you a lot of the threats we see, a disproportionate amount of the threats we see are coming from China. Is that an issue Yukon-wide? Is that an issue for the Yukon government? Does that line up with some of the things other people are seeing? We have no idea,” Lehner said.
“If the government had some sort of central repository where we could dump all this information in along with everybody else, we could start seeing what the bigger picture is.”
If you’ve received a ransomware message, police ask that you contact the Canadian Anti-Fraud Centre at 1-888-495-8501 to report it.
Contact Ashley Joannou at firstname.lastname@example.org