A ransomware attack that affected about 50 small businesses in Flanders had ended, after the payment of $300,000 (about €250,000) in ransom.
The attack began on 2 July, and was initially thought to be the work of Russian hackers. It is now reported to have been the work of a group known as Conti, who despite the name are based in St Petersburg.
Ransomware attacks happen when a malevolent piece of software is planted on the victim’s system which then locks up the computer or network, while displaying a message demanding payment of a ransom, and advising how to get the system unlocked again.
The technique is becoming more common with the growth in the use of bitcoin and other tokens, which can be used to wipe out the tracks of the hackers in a way that cash could never entirely achieve.
The businesses affected – mainly small companies working in human resources, temp agencies and service cheques – contacted the IT service company ITxx, which went to work on the problem, which had in the meantime basically wiped out the companies’ backups. That work took a full week before the systems were restored.
“We took action all week to restore the deleted backups, but the hackers acted very professionally,” said Geert Baudewijns, CEO of cybersecurity company Secutec.
“Often there is still a trace, but further investigation at, among others, a Norwegian firm specialising in complex data recovery, showed that the backup data had been made permanently unusable.”
However there was another cost. The original ransom had demanded $1.5 million be paid in bitcoin. In the end a deal was made for $300,000, only one-fifth of the original demand, but still a hefty blow for the small businesses affected.