Hackers demand ransom in Bitcoin from small firms
A BLACKMAIL computer virus unleashed against Irish businesses, which demands a ransom to be paid in Bitcoin, may be spread by email, experts have warned.
The virus, dubbed Cryptolocker, is described as "data-locking ransomware", which shuts down a user's computer files and demands a ransom.
Several small- to medium-sized firms were forced to close for a few days to allow IT experts in to 'disinfect' their computer network, while at least one small firm took the decision to pay the "ransom" to cybercriminals.
Anti-virus firm ESET Ireland reports it has witnessed an increased number of victims of Cryptolocker in the past weeks.
The scam locks Word, Excel, PDF and other files and demands the user pay a 'ransom' using the digital currency, Bitcoin (pictured)– with the average amount between €216 ($300) and €361 ($500).
This enables the owner to purchase a 'decryptor' from the attackers, which then unlocks the files.
Malware experts from ESET Ireland described the virus as "one of the most malicious forms of malware".
They said that it had mainly hit small and medium businesses, with an average of 15 computers each. There have been cases reported all over the country including Westmeath, Wexford, Waterford, Galway and Donegal.
A previous UK survey showed 41pc of those hit decided to pay the ransom, with cybercriminals making €14.45m every month, according to Bitcoin traffic associated with accounts related to ransomware.
IT expert Urban Schott of ESET Ireland warned that in the majority of cases the Irish companies hit had exposed themselves by having poor security measures in place, with partial or no anti-virus software.
Several companies suspect their infection came from an email attachment – while Mr Schott warned that it can also be spread by spam which invites users to "check out this funny link". In most cases, the virus first hit one machine in the network and then encrypted all the remaining computers in the system.
Many of these companies also didn't have their data backed up, so some decided to pay the ransom to retrieve their files, ESET said.
"This is direct blackmail," said Mr Schott. "It's a digital hold-up and it's fast – one of these cybercriminals can infect thousands of computers and the money starts pouring it."
His advice is not to pay the ransom but instead to contact an IT professional who may be able to unlock it.
He also advised that while it may be possible to 'get past' the lock screen displayed by some forms of ransomware, it does not mean you are safe because of the strong encryption.
He advised that backing up of files on cloud services, such as would render users immune to filecoders, as it will save files from being devoured by malware.