Hackers are holding personal photographs and crucial business documents to ransom – forcing Bendigo computer users to pay up or risk losing their files forever.
Such cryptolocker ransomware viruses are part of a surge in a new breed of sophisticated, online scams and cyber crimes.
AFS Chartered Accountants’ Brad Ead said his company was receiving daily reports of new “devious” phishing scams in Bendigo, including a recent attempt to swindle $1 million from a local non-profit and $400,000 successfully conned from a private company.
"What we’re seeing is that the approach of scammers is becoming more tailored, so they're doing their research and they're understanding your organisation,” he said.
“For example, when a CEO goes on leave, they’ll personalise emails portraying themselves as the CEO saying, 'the holidays are going great and, by the way, can you process this transaction for me?’."
But large organisations are not the only targets. Joule Computer Systems owner Jim Poole said he had dealt with 20 cases of ransomware attacks on small businesses and families in Bendigo this year.
“We’re talking thousands of hours of work, photos of people with their kids all gone,” he said. “If you get it, you aren’t getting those files back – the encryption level is extremely high...it’s what ASIO or NASA would use.”
One local cryptolocker victim is Mike Doolan.
“When I opened the computer there was a horrible face appeared with fire coming out of its mouth and eyes,” Mr Doolan said.
Within seconds, the small-business owner shut down his computer. But that moment was all it took for him to lose months of invoices. With no digital record of how much it was owed by clients and how much it owed suppliers, the company had to spend the next three months tracking down invoices, cross-checking them and uploading them back onto the system.
“It was a pain, it was horrible, it was hundreds and hundreds of hours,” Mr Doolan said.
“And I hate to think of what it cost in monetary value.”
Despite his ordeal, Mr Doolan was spared a far more excruciating fate by his quick thinking and the variation of the virus.
Viridian IT Bendigo managing director Ronnie Lowe said more common was cryptolocker ransomware in which hackers demanded money for the return of files.
He said computers were infected by fake emails purporting to be from companies and institutions such as Australia Post or the Australian Federal Police.
“You might get an email, supposedly from the AFP, and it says ‘you may've been fined and you need to click this link to see if it was your car in the photo or we're going to take your licence,’” Mr Lowe said.
At some point after clicking the link, the computer user was normally given 48 hours to pay about $1000 or the virus would automatically destroy the encrypted files.
Mr Lowe’s company is a service provider for businesses with as many as 1000 computers – some experience such threats every week.
Centre Com Bendigo sales representative Eli Buchan said his company – whose services are more tailored to individual users – dealt with about one ransomware incident a month.
“We had a business come in recently who didn't have a back-up for their files and all their customer data was encrypted,” Mr Buchan said. “They paid it, just to get rid of it, 'cause they were locked out. Basically, you’ve got to have a back-up, that’s the only way to solve it, or you'll have to pay them money.”
But not all small businesses are willing to give in to those demands. Despite his ordeal, Mr Doolan said he would never have considered it.
“Absolutely no way would I consider paying – on principle,” he said. “It’s almost a form of terrorism, and if you start giving in to that they’ll just keep on doing it.”