A recent survey by Symantec claims that this year, cyber crime will cost the UK economy an estimated £1.9 billion, or £103 per cyber crime victim, and that an estimated 19 million Brits – almost a third of the population – will be affected by cyber crime in some that during 2011.
Cyber crime has already come to the North-east with at least one company receiving an email ransom demand after a hacker accessed its computer system and encrypted 50 gigabytes of data.
“This probably happens more often but it isn’t spoken about much because people are embarrassed to admit their security is so lax that they have been hacked, and the amount of money demanded isn’t very high,” according to Bruce Skinner, managing director of Pisys Net, who managed to rescue almost all the “kidnapped” data. It’s the first time in eight years of working in IT that Bruce has experienced this.
“We had recently taken on the company and were sorting out a lot of their IT issues,” he explained. “But before we persuaded them to address all the security needs, their system was hacked into. The weakness of the company passwords and use of internal remote access software meant that hacking was possible.”
The hacker, who could be based anywhere in the world, had logged on and managed to access the server to see how it had been set up, realised there was an operations system on one drive and all the company data on the other. “So all he had to do was install some encryption software which is available to buy on the internet for about $20, create an encryption folder and drag all the data into it. If you don’t have the encryption password you’re never going to get that data back. It’s still there on the server, you just can’t get into it.”
The hacker then sent an email (see below) with his terms and conditions. “But the risk is, if you pay up will you get the key? Will you be seen as an easy target? And if you pay you are giving in to cyber crime.”
In this case, Bruce and the Pisys-net team managed to recover virtually all the data because so much of it had been backed up and printed off.
+++++++++++++++++++++++++++++++++++++++++++++++++++++
The Ransom note:-
Your server has been hacked and your data has been encrypted.
Read the following message for more information and decryption details.
Your reference ID is [*****]
We accessed your Windows 2003 server and encrypted selected data folders using TrueCrypt data encryption.
See www.truecrypt.org for details of the encryption used, you may see there that we have fully encrypted your data using AES 256 bit with a strong encryption key. This data is not coming back to you without the encryption password.
We require a small payment, then we will provide you with the encryption key and simple, quick instructions to decrypt the data.
All you need to do is email us at decrypter@mail.ru and include your reference number. We will respond quickly with instructions to decrypt the container.
We will send you payment details. If you pay our modest fee, we provide you with the encryption password and simple instructions.
Your data file is stored at e:\encrypted_data_1
This is how we work.
Let us talk about some alternate scenarios:
Q...... You don´t believe this is happening and ignore us.
A...... This is happening, it has happened, the damage is done, your only hope is to interact with us.
Q...... You believe that the police can help you catch us and force us to give up the passkeys to your data
A...... This is wasting our time and is wasting your time. Don´t hold false hope. When was the last time that Soviet hackers been extradited anywhere?
Q...... You are believe that we bluff, and that it is possible to get your data back with some data recovery company.
A...... It is simple to encrypt your data beyond recovery with good tools.
We have gona to the trouble of breaking into your system and encrypting your data. We have done this correctly, your own investigation should make this apparent.
Q...... How long will it be before I get my data back?
A...... Usually less than 4 hours after you send payment.
Q...... I will just buy "data recovery" software, or use "data recovery" service.
A...... Before you waste your time, check with the supplier if it can decrypt AES 256 bit disk encryption... Data recovery software "undeletes" data, it can not decrypt encrypted information.
Q...... I see a new file "encrypted data", what is that and can I delete it?
A...... That is an encrypted store of your data. If you delete this, your data will not be recoverable.
Q...... I had confidential information on that server.
A...... No data escaped your server. You can verify this from your logging system. We are not interested in your data.
Q...... How can I pay, and how much do you want?
A...... Contact us via email to discuss this.
Q...... What can I do now?
A...... Just email us at decrypter@mail.ru and include your reference ID
No comments:
Post a Comment