A major Canadian company was forced to pay $425,000 in Bitcoin over the weekend to restore its computer systems after suffering a crippling ransomware attack that not only encrypted its production databases but also the backups as well.
“They literally had not choice but to pay” because the backups were encrypted as well, said Daniel Tobok, CEO of forensics firm Cytelligence, which is helping with the investigation.
Tobok wouldn’t identify the company for reasons of confidentiality. He believes it to be the largest ransomware payment in Canada to date.
By comparison last month a South Korean Web hosting firm reportedly paid the equivalent of US$1 million in ransomware, believed to be the biggest publicly reported payment so far in the world.
Although the forensic investigation is in its early stages, the attack was very sophisticated. It started with spear phishing targeting six senior company officials who were sent a PDF attachment with a malicious payload.
Staff apparently fell for two old ploys: Two of the messages purported to be from a courier company and told recipients the attachments were invoices for packages to be picked up, while the other messages asked officials to open and print the attached document. That led to the insertion of malware.