September 20, 2012

Police are urging small businesses to ensure their computer and network server technology is up-to-date following the report of two small businesses being targeted and held to ransom over their customer files.

Two small Queensland businesses have been targeted with an unknown form of malware known as “Ransomware” which has been downloaded onto their servers.

The businesses have found their customer records are now locked and both have been sent ransom emails demanding cash payment for the release of the files.

The software at this stage appears to have unbreakable encryption and is preventing IT managers and experts from investigating or detecting the source of the infection.

“At this stage it appears that infected websites are responsible for the problem. When this is combined with older or insecure web-browsers or poor network security, companies are essentially leaving the door open for these viruses,” Det Supt Brian Hay said.

Police are urging small businesses to consider taking the following steps to help prevent virus attacks:

  • Patch all servers with all available updates and/or update to the latest version of the software package currently used by the company (for example Microsoft Small Business Server etc)
  • Deploy a strong IT network security solution. Choose one that uses real-time anti-virus software, email scanning, real-time website protection, software and hardware firewalls, network intrusion detection and network monitoring technology
  • Ensure you are performing regular back-ups of non-infected systems
  • Ensure all machines on the network are regularly updated and include their own internet security solution. Ensure secure internet browsers are deployed across the network (avoiding non-updated versions of internet browsers wherever possible)
  • Ensure users on your network are aware of malicious software and website links and the importance of being careful when using the internet and the dangers of clicking on web links contained within emails

If you have been the victim of an attack, consider formatting your servers and performing a clean install of the server software.

“While the loss of significant customer information is a distinct possibility, the risk you may have just provided a large volume of data to the attackers is very possible and must be addressed,” Det Supt Hay said.

“The most important thing to do is to not respond to the emails and contact police.”