Winnipeg mattress store falls victim to ransomware attack

Winnipeg mattress store falls victim to ransomware attack | Insurance Business Canada

Winnipeg mattress store falls victim to ransomware attack

A mattress store in Winnipeg has become the latest victim of a ransomware attack that ended with the business owner paying thousands of dollars to get rid of a hacker’s encryption.

David Keam, the owner of Best Sleep Centre, treated the hacker responsible for locking his store’s computer server system behind ransomware encryption like a salesman.

“He’s trying to make a sale. How hard is he willing to work for that sale?” Keam told CTV News in an interview.

According to Keam, the hacker made an “opening bid” of 0.6 of a Bitcoin – about US$6,500 – for the release of his store’s server. Keam then attempted to negotiate with the hacker, and managed to lower the ransom payment to $2,000.

Caleb Barlow, vice president of IBM Security in Boston, said that hackers are making a lot of money by staging these attacks.

“This is a highly profitable business,” Barlow explained, adding that cybercrime costs the global economy some US$445 billion each year (based on data from the World Economic Forum).

Tim Robinson, of computer consultant company Prophet Business Group, in Winnipeg, noted that in ransomware attacks, retrieving the data back is difficult once the attack encrypts the file.

“The only way to decrypt them is either to restore them from a backup, or pay the ransom,” Robinson remarked.

Although ransomware is often propagated via suspicious links and attachments, Keam believes he became vulnerable to the attack because his server was running an older version of Windows, which badly needed updating.

The store owner has since updated his server’s operating systems.

In an earlier statement covered by The Wall Street Journal, AIG global head of cyber risk insurance Tracie Grella said that only 10% of smaller businesses – such as Keam’s – have some form of cyber insurance.


Related stories:
Ticketing company hacked; 26 million US and Canadian customers' data exposed
AIG reveals smaller businesses often not insured for cyber