A Calgary business is facing a huge bill after being the target of a ransomware attack.
It all started as something benign. In early April, the printers were acting up at Professional Excavators and Construction. A few weeks later, everything froze.
“We found out we were completely locked out of every part of our computer system,” said company president Jan Gryckiewicz.
“Accounting, estimating, payroll — everything that we do in our server was frozen.”
Professional Excavators and Construction became the latest victim of a ransomware attack.
Making matters worse, the company was about to submit a bid for a large project the day everything stopped.
“The damage of not being able to get one of the biggest pursuits in our company’s history is obviously damaging, but to get back up and running has been brutal,” Gryckiewicz said.
He said the IT price tag for getting things up and running will be in excess of $100,000.
“To recoup that money, we probably have to do $1 million of additional work this year just to be able to cover off $100,000 in additional cost,” Gryckiewicz said.
The attack happened on April 16 and the company is now 90 per cent back up. Its IT provider said the company did everything it could to prevent the situation, including backing up the data regularly.
IT experts say most ransomware attacks are not reported except when public institutions are victims and they are required to disclose the information.
“The police can’t help. There’s no help for this kind of thing,” said Troy Drever, president of Pure IT.
Pure IT is not the IT provider for Professional Excavators and Construction. The statements from Pure IT are opinion based on the larger issue around the threat of ransomware.
With more people working from home, Drever said it’s essential that data is backed up offsite and multi-factor authentication is used. But he said even with all the defences, people are one wrong click away from a ransomware attack.
“Anybody can be a victim — any organization can — any person can. Most people are oblivious to it, unfortunately, and find out the hard way,” Drever said.
He added that cyber crime is underreported and that ransoms are often paid because the victim needs the data that has been encrypted.
“If you are not willing to lose the data and if you don’t have a backup that you can restore, you don’t really have a choice. That’s why it’s called a ransom,” Drever said.
“The ransom gets paid a lot. That’s why this is becoming such a huge problem, because it’s making cybercriminals a lot of money.”
Gryckiewicz said they didn’t pay the ransom and he’s not interested in forking out more money to investigate the source of the attack.
“Because there’s no money that changed hands between us and whoever put this ransomware out, I don’t think the RCMP will pursue anything,” he said.
“Basically, it’s up to us to clean this up.”
The Town of Didsbury was also the target of a ransomware attack in March.
According to the town, fraudsters encrypted the town’s information systems with ransomware and made a ransom demand to decrypt those systems.
According to the town’s website, staff have “successfully minimized the interruption to its operations and have been taking steps to strengthen its defence against the evolving threat of cybersecurity attacks and minimize the risk of future incidents.”
The town is now encouraging residents and businesses to protect themselves by exercising caution when it comes to clicking on links or opening attachments, and advising people to change passwords frequently and to use different passwords for different accounts that are not easy to guess.
In 2020, in the Southern Alberta District of the RCMP, there were a total of 535 files that were flagged as computer crime.
There were 401 files that fell into the “fraud” category and 23 that fell into the “extortion” category.