– Australian companies are being held to ransom by eastern European crime gangs that hijack their victims’ computers and demand thousands of dollars to enable them to be used again.
High-profile bookmaker Tom Waterhouse is believed to have been targeted by hijackers who forced his website offline for up to two hours on the day of the Cox Plate, one of the biggest betting events of the year.
Whether tomwaterhouse.com paid the ransom that was sought is unclear, but police say many victims have paid, believing it is the only way to regain control of their systems.
In another type of cyber sting, gangs are targeting individuals as well as businesses, often locking up computes by encrypting data. Police fear there may be already tens of thousands of Australian victims.
Fraud Squad police have told Fairfax Media that many companies have handed over the amounts asked for, usually between $1000 and $5000, rather than lose days or weeks of trade.
Northern Territory business TDC Refrigeration and Electrical paid a ransom of $3000. Its data was accessed and encrypted by hackers who demanded money to decrypt.
One of the companies that refused to pay a ransom was Miami Family Medical Centre on the Gold Coast. It had thousands of medical records hijacked by hackers who demanded payment of $4000 for files to be decrypted in December. It had to use a year-old back-up to recover files.
Detective Inspector Bruce van der Graaf of the Computer Crime Investigation Unit of the New South Wales Fraud Squad said he would not be surprised if victims of the scam numbered in the tens of thousands. There was no way of knowing because many people did not report their instances to police.
Another common rort is for victims to be told that police have discovered crimes ranging from copyright infringement to viewing child-abuse material. People are generally asked to pay a fine of about $100.
Scamwatch, run by the Australian Competition and Consumer Commission, said it received 190 complaints about the police scam in October and November.
Detective Inspector van der Graaf said Russian and eastern European syndicates were the best when it came to online fraud scams.
The encryption scam was deployed en masse in two ways, Detective Inspector van der Graaf said. One is a virus that arrives by email, infecting the systems. The other is brute-forcing the remote desktop protocol.
The latter, he explained, lets hackers gain control of a computer remotely, by force, in the same way a help desk operator might access a computer with a user’s permission.
Detective Superintendent Brian Hay said hackers found their victims by scanning the internet for open remote access ports.
Victims were often asked to pay through Western Union, Liberty Reserve and Ukash, an anonymous cash-for-vouchers system, generating hard-to-track transactions.
Detective Inspector van der Graaf said: “We haven’t had a successful prosecution yet but we haven’t given up, there’s lots of work being done in this area.” – Lisa Davies & Ben Grubb