Ransomware attacks take a bite out of Antigonish meat business

Dan MacGillivray can now smile when he remembers the morning of May 30.

It’s not a big happy smile.

It’s more one of relief.

The hackers, whoever they were, have been paid off and Tony’s Meats has access to its own computer network.

“When it happened things were just happening so fast,” said MacGillivray, general manager of the Antigonish meat processor.

“We couldn’t function. I felt ill all that week.”

When MacGillivray arrived at work on May 30 nobody’s computer was working. He rebooted their server and the following message appeared on screens: “All YOUR FILES HAVE BEEN ENCRYPTED!!! IF YOU WANT TO RESTORE THEM, WRITE US TO THE EMAIL.”

While their grammar may be lacking, MacGillivray would soon learn the threat of the hackers was very real. All the company’s accounting information and orders from customers across North America for its processed pork and beef products were locked down.

Crippling businesses worldwide

The world of cybercrime has arrived in rural Nova Scotia.

Actually it’s been here for awhile.

Last November, St. Francis Xavier University discovered that its entire computer network had been hacked and its excess processing power made to mine the BitCoin cryptocurrency for someone, somewhere.

It’s also everywhere else.

At a Monday night meeting, Riviera Beach city council in Florida voted to pay hackers $600,000 to return access to its computer systems. It joins eight other American cities, including Atlanta and Baltimore, that have been crippled by ransomware attacks over the past year.

In May 2017, some 200,000 computers, including those belonging to England’s National Health Service, were locked by hackers demanding cryptocurrency payment using a ransomware named WannaCry.

“It’s a booming industry,” said Ryan Mattinson, information security practice lead for Munich-based tech company Nagarro.

If you boil down Mattinson’s mouthful of a title you get — good-guy hacker.

For the past decade, large companies have been paying the 36-year-old Springhill native to hack their computer systems, exposing gaps in their digital fortresses they then seek to patch.

Earlier this month he left the Norway office where he leads a team on the front line of a widening cyber war to visit old friends and family around Cumberland County.

“So when I come to Nova Scotia and hear from a buddy stories of ransomware attacks here it shows that this will get worse before it gets better as everyone learns to exist in the new digital economy,” said Mattinson.

There are many ways hackers attack computer systems, but ransomware is a new tool in the old extortion game.

Easy scam to start

You don’t even have to be that knowledgeable about computers to get in on it.

Ransomware programs are sold online.

Armed with the software, perpetrators just need to infect a computer in a network. There’s a variety of ways to do that but one of the most popular is via an email phishing scam — an unsolicited email that either contains an infected attachment or asks you to open a link to an infected website.

Then the program replicates itself through the server, locks it down and demands payment — usually in an untraceable cryptocurrency — in return for access.

When Tony’s Meats computers were infected MacGillivray called his insurance company. Fortunately for him, they covered such attacks. They also directed him to a company called CoveWare, which negotiated a payment to the hackers.

They demanded 1.2 bitcoins (about $14,000 Canadian).

“(The hackers) were actually very upfront and responsive,” said MacGillivray.

“But when you pay them you don’t know if they will give you the encryption codes.”

The hackers, who according to CoveWare had a Russian I.P. address, did provide the encryption codes and the insurance company covered most of the cost.

For MacGillivray it was still an expensive and incredibly disruptive week.

Precautionary measures

The reassurance both MacGillivray and Mattinson can provide is that while you’re beholden to the hacker when they’ve locked down your computer system, there are some reasonable steps you can take to prevent it.

The first is understanding that you can’t keep all hackers out.

Those firewalls you put up on your server are porous.

The battleground is actually inside your network.

“They have the advantage until they come in your network,” said Mattinson.

“Once they’re there, they are on your turf and you should know it better than they do.”

Tony’s Meats had a backup system on its server that automatically made a copy of all the company’s files every night. Unfortunately the attack happened after hours and the backup automatically saved all the now corrupted files, thereby corrupting itself.

The system MacGillivray had in his office on Thursday would provide multiple points of backup and could be disconnected from the server and taken home with him each night.

So if a new attack happens he can restore his server to a point before the ransomware struck.

“If you’re a small- or medium-sized business person you just want to get your business up and running again,” said Mattinson.

“Finding out who did it and where in the world they are is difficult and not necessarily relevant to you. That person is likely somewhere in the world well outside the jurisdiction of your law enforcement.”

Const. Byron Mercer couldn’t disagree with Mattinson’s statement — Canada doesn’t have extradition treaties with countries like Russia, Iran or North Korea where many cyber attacks have originated.

But the member of the RCMP Digital Forensics Services in Halifax does want local businesses to report attacks.

“A good defence can be the best offence,” said Mercer.

“You protect yourself and the best way to do that is through good backup systems.”

Other steps include making sure your firewalls and antivirus programs are up to date, patches issued by software companies are installed and directing staff to not click on links sent in suspicious emails

The case of Tony’s Meats is the first ransomware attack he’s heard of in Nova Scotia during his year with the unit. However his staff sergeant was in Ottawa on Thursday for meetings that aim to produce a national ransomware strategy for law enforcement agencies.

“If it’s just ransomware you have to worry about you can count yourself lucky,” said Mattinson.

“It’s the low hanging fruit of cybercrime. It’s just folks using off the shelf automated tools to make money while they sleep. That means you should be able to defend while you sleep as well.”

RELATED: