We have learned that major Canadian firm paid $425k in Bitcoin money to unlock their servers from ransomware attack. Their live servers were locked as well as their backup. The name of the company can not be published at this time due to confidentiality agreement.

Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

This is the largest ransomware attack pay out ever in the Canadian business history. Not so long ago, South Korean firm paid $1m to unlock their files.

While investigation is still ongoing, it started with phishing attack targeting 6 key company officials by sending them infected PDF documents. They faked PDF docs to be from the company’s current suppliers stating that this is an invoice for services provided.

After getting in, hackers spent few months exploring the system before locking up live servers, as well as backups.

Lesson learned? Way to make sure it does not happen to you?

1. Hire some ethical hackers to try to penetrate your system and see if you are secure. You will pay much less than they did.
2. Move your backup to a remote server not associated with your main live server;
3. Patch your systems religiously.

 

Learn more about WannaCry ransomware attacks here: