South Hill Fine Foods had received a note asking for ransom. The owner decided not to comply with the hacker’s demands and as a result, its system was compromised.
“Everything that scans in this store has to be reprogrammed in and that’s a major, major expense. Major workload,” said Perry Chambers, South Hill Fine Foods general manager.
“Anything that used to run this store can’t be downloaded into the new system now… just in case they hack us again because they already have our files, pricing, charge accounts; everything that runs this store they have access to.”
The grocery store lost its Sunday sales and had to throw away any food with a three- to four-day shelf life.
Perry said they hope to have the new system running by Friday but that will result in a loss of almost a week’s worth of sales.
“We’re not going to raise our prices just because we got hacked, but it’s a hit to our bottom line,” Chambers said. “I would never have thought we would get hit, but it happens.”
Around 25 per cent of all businesses will be targeted by hackers at some point, according to Heritage Insurance in Moose Jaw.
Additionally, 60 per cent of those stores that aren’t insured don’t recover and close within six months. Small shops are often the biggest target.
“A lot of these hackers are organized criminals and they’re training people,” said Greg Marcyniuk with Heritage Insurance. “They are able to go in and hack these systems very easily and very quickly.
“The ransomware basically just shuts your system down. It will not allow you to get in. Either way, they’ll want 10-, 20- or 30-thousand dollars and if it’s not paid they’ll up the ransom.”
Marcyniuk said it could cost a business a minimum of $50,000 to $60,000 to get everything back. For others, it could cost up to $200,000.
He said the least expensive way to deal with ransomware would be to buy a new computer system and start from scratch just like the Moose Jaw grocery store did.
In addition, he recommends businesses get insured and have some type of malware protection in place. He said employers should be trained on what emails should and should not be opened, and to limit the number of people who have access to data.