Hackers demand €20k as firms hit by 'ransomware'
Irish businesses also targeted by 'garda fine'
Published 06/03/2016 | 02:30
Wealthy business owners are being held "hostage" by hackers demanding more than €20,000 in ransom money to prevent a cyber attack, the Sunday Independent can reveal.
A new type of 'ransomware' that takes hold of a user's computer network is working its way through desktops in a number of businesses across the country.
The viruses are often sent as attachments to emails which infect an operating system once they are opened.
Malicious code locks the computer - or, worse, an entire network. The user then receives a message threatening to delete the company's files unless a ransom is paid into an offshore account.
If the money is handed over, a decryption code is sent to the user to unlock the computer.
The ransom usually stipulates that the money be paid within a certain timeframe using the virtual currency Bitcoin.
According to security experts, this type of computer attack is now "rampant" in Ireland. Gardai last night confirmed to the Sunday Independent that it is aware of criminal gangs trying to embezzle funds from companies.
"We are aware of incidents in relation to a ransom being demanded from businesses," a spokesman added.
Cybercrime is growing at an alarming rate in Ireland.
Last January, a number of government websites - including the Central Statistics Office, the Oireachtas, and the Department of Justice - were forced offline because of a large-scale cyber attack.
Experts say the 'ransomware' industry is continually innovating, offering cyber criminals new technology to conduct successful attacks on unsuspecting individuals and companies.
It's estimated that one-in-five Irish people have been the victim of online crime, which costs the Irish economy more than €350m a year.
Tom O'Connor, a cyber-security analyst with Lan.ie, said the tactic used by hackers is to bombard a website with unusually high volumes of web traffic, usually caused by a so-called 'distributed denial of service' (DDOS) attack.
Hackers use DDOS attacks to flood websites with so many online requests that they buckle under the weight of the traffic, taking them offline.
"This activity is rampant in Ireland; companies are being threatened and blackmailed all the time," he said.
"It's a common tactic used by criminals looking to get their hands on some easy cash.
"They usually attack at a particularly vulnerable time for the company, such as a week before a major announcement about the share price.
"They never ask for less than €20,000 and they would always ask for the payment using Bitcoin.
"They threaten to take the network down completely if the company doesn't pay up.
"Surveys conducted across the corporate world show people will pay out of fear. If the hacker is sophisticated enough, it is impossible to stop them. Gambling firms, e-commerce sites, and any businesses on the stock market, are particularly vulnerable to this kind of threat."
Paul C Dwyer, CEO of Cyber Risk International, said both medium-sized companies and large multi-national companies are vulnerable to attack.
"Ireland is now a big target for this kind of activity," he said. "People shouldn't pay the ransom, but in most cases when people do pay they get their data back."
Meanwhile, the Sunday Independent can reveal that ransomware scam notices containing An Garda Siochana's badge have also been used.
Known as the 'police trojan', it's a type of ransomware which, once the virus has activated, locks the computer.
Typically, the victim's computer becomes infected with a virus due to visiting a website which contains the malware.
Once the virus has activated, a page pops up on the screen, with the logo of An Garda Siochana.
A message accuses the victim of having committed "illegal activity" and demands payment of a "fine" in order to return control of the computer back to its owner. If the money is paid, a decryption code is then sent to the owner which unlocks the computer.
Concerns over cyber crime came to the fore once again last December when Ukraine suffered what is believed to be the first successful cyber attack on an electricity distribution network.
Security experts now fear a similar attack could be launched against critical infrastructure on mainland Europe.