Held to #ransom: engineering #business hit by #hacker

ONE of Paget’s leading engineering companies was brought to a standstill after a ransomware attack encrypted its entire network in what one IT expert says was the worst attack he had ever seen.

For DGH Engineering general manager Dave Hackett it was an ‘oh f—‘ moment when he realised that the servers at his business had been hacked.

His thoughts turned first to concern over what might have been stolen.

Because the servers not only contained sensitive commercial information, it also contained all of his 190 employees’ information, including payroll.

“It feels like being robbed and violated at the same time,’ he said.

“Initially, you just don’t know what they have done. Did they come in and take information out? You just don’t know,” he said.

The hacker, who gained access after a staff member clicked on an email link, left a cryptovirus on the server that went to work encrypting all the company’s data, including the backup system.

The Paget business was crippled for four days.

“DGH would be the worst incident that we have ever had because they (the hackers) encrypted the backups as well,” EHW Tech managing director Eddie Woodwell explained.

Mackay-based company EHW Tech has been in business for about 15 years and provides IT services to DGH Engineering, as well as thousands of other business clients in the wider region.

Without access to payroll, there was a real threat that staff wouldn’t get paid during the ransom period, but administration staff manually calculated what the systems were down to ensure everyone was paid on time.

Ultimately, the engineering company was forced to pay $1300 to get the data back, after negotiating the hacker down from the initial demand for $20,000, in bitcoin.

“They had no choice. They had to pay it,” Mr Woodwell said.

A cryptovirus is software that a hacker installs on a system after gaining access, usually through an email link to a user.

The software encrypts data on the victim’s server and attacks any backups connected to the system, then the hacker offers the victim a decryption key for a fee.

But hackers are becoming increasingly clever, Mr Woodwell says, and the rate of attack has increased substantially in the last six months.

“Most of the attacks are from Nigeria or China, and we would have about 30 attacks every five minutes on our servers.”

He said a hackers location could be discovered by their IP addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *