A Canadian organization has reportedly paid criminals $425,000 in bitcoin after its systems were crippled in a ransomware attack.
The claim comes from Daniel Tobok, CEO of forensic firm Cytelligence, which he says is helping with the investigation. Tobok, speaking to IT World Canada, didn’t name the affected company, but said unpatched vulnerabilities and poorly designed backups exposed it to the attack.
If confirmed, this would be the largest ransomware payment made by a Canadian company. The record for the largest such payment was set in June, when a South Korean web hosting firm paid $1 million in bitcoin to recover 153 of its servers.
The attack was instigated with a spear phishing email that targeted six senior employees. The email included a PDF attachment that contained a malicious payload.
“Two of the messages purported to be from a courier company and told recipients the attachments were invoices for packages to be picked up,” IT World Canada writes. The other messages asked officials to open and print the attached document, which triggered the malware download when opened.
Tobok says that the company appeared to have unpatched vulnerabilities in its Windows operating system, and “a couple of outdated database servers that had not had all the recent patches on them.”
IT World Canada adds that, after gaining access to the network, the attackers “spent several months hunting around […] to find data stores before releasing the ransomware, which spread across the corporate network including backed up data.”
Phishing staff awareness
Despite the recent spate of successful phishing attacks, it isn’t that hard to spot a phony email. Unfortunately, it’s not only a case of knowing the signs but also remembering to stay vigilant.
It only takes one lapse in concentration for even the most tech-savvy employee to click on a malicious link and expose sensitive information. That’s why it’s important to get the key lessons ingrained in their mind. The best way to do this is through a dedicated phishing staff awareness course.
IT Governance’s course will help you and your team understand how phishing works, the tactics that cyber criminals employ, and how to avoid falling victim to an attack.