Latest News

Outdoor Association pays hackers $5k ransom

Friday, 11 August 2017
By Print 21 Online Article

‘It was a matter of risk analysis’: Charmaine Moldrich, CEO, OMA

The Sydney-based Outdoor Media Association (OMA) paid hackers a ransom of $5,000 last month to unlock its office computer systems after an overnight cyber-attack.

“No alarms went off, no alerts were sent until the first team member arrived to work at 7.30am to find a hacker’s ransom message on all our computers. By this stage, the ransomware had encrypted every file on our server, including our back up,” writes CEO Charmaine Moldrich in an OMA newsletter blog titled, The robbers got in.

“Our last full off-site backup was 6.5 weeks old. Ostensibly, we had lost 65 weeks of work (10 employees x 6.5 weeks).”

Moldrich reported the crime to the federal Australian Cybercrime Online Reporting Network (ACORN) and the state computer emergency response team (CERT) – who both recommended not to pay the hackers.

“It was a matter of risk analysis,” she says. “Our information was worth more than the hacker’s ransom price of one bitcoin. I was conflicted, but I was willing to risk losing $5,000 to get back 65 weeks of work. I also considered it would be in the hackers’ best interest to return the data if the ransom is paid, otherwise their business model would not be sustainable.”

Moldrich says the national industry body – that represents most of Australia’s traditional and digital outdoor media display companies – enlisted a cyber attack specialist to navigate the ‘dark web’ and contact the hackers directly.

“This is eventually how we solved the conundrum, and it came to us through our network, someone introduced me to a cyber angel. Our cyber angel bypassed the hackers’ link and went straight to the dark web to negotiate directly with the hackers.

“We were finally able to send the hackers a file to unlock, to prove that they were genuine and had the solution. Once we received the file back, unlocked, our cyber angel purchased the bitcoin, made the transfer, and again, via a secure link on the dark web, directly paid our cyber robbers.” The recovery process took a total of four days.

The chief executive says the incident has taught her some valuable business lessons:

  1. Back up, back up, and then back up again – off-site
  2. Update your computer software
  3. Your office will grind to a halt …no avoiding that one
  4. Bitcoin is very difficult to buy
  5. Find a cyber angel to help you navigate the dark web.
    (For confidentiality reasons, our cyber angel will remain anonymous).

Comment on this article

To receive notification of comments made to this article, you can also provide your email address below.