‘Ransomware’ Scare For Christchurch Law Firm Cavell Leitch

August 3, 2015 | Technology

A Christchurch law firm has narrowly avoided falling victim to a cyber scam.

Cavell Leitch chief financial officer Hugh O'Reilly was notified of an unusual corrupt file issue by a team member about noon on July 17.

It was confirmed as being Cryptolocker – a threat with the intention to lock files and pressure for a ransom of Bitcoin to unlock the server.

"We had our IT team check for infections and isolate the source quickly. They then restored a clean incremental backup from earlier that day and we lost minimal data," he said.

O'Reilly said he understood the law firm was not the only business in Christchurch to have been targeted that day.

"The anti-virus software can't be updated until they know about the threat. That's how they work, there's always that window of opportunity."

Julian Clarke, managing partner of Cavell Leitch, said he was confident that with the best systems in place, they were not at risk of losing their server but "it is still a frightening prospect and we are speaking out . . . to encourage others who might be less well prepared to be aware of the risk".

"I don't believe they targeted our firm at all, this is just a standard security threat that self-propagates and goes out randomly. We were just an unlucky recipient of an email received from someone else, and then somehow the file got through and got opened as an executable."

On the recommendation of their IT experts, the firm had made further changes to make it harder for some files types to come through their email system, even if they appeared legitimate.

"You plan for the worst and hope for the best. This is one of the situations where we planned for the worst and as a result of that planning managed to get out of it quickly and safely," Clarke said.

Shelley Inwood, Christchurch branch manager for IT firm CodeBlue, said it appeared many New Zealand companies were targeted heavily through email on the same day.

"All the system protection in the world may not have stopped this particular threat from being installed due to it being a new variant on the day – termed in the industry as a 'Day Zero threat'."

She said there had been an increase in similar attempts recently.

"The creators are getting smarter at making them look more legitimate and focusing on sending the right type of email to the right industry, and more people are falling into the trap.

"The critical point here is that it doesn't matter how much precautions you can take and how good your security is, there are always new threats emerging every day."

Cyber security tips:

The infection is called 'Cryptolocker' and is considered 'ransomware' – not a virus.
There are a number of variants of this type of threat, and they primarily come via email, camouflaged largely as bank statements or critical information from high profile sources, and often targeted with appropriate content for the industry and locality they are sending into.
Layered security systems are critical and must be regularly updated to ensure protection.
It is critical to educate end users for things to look for when opening email links or attachments.

Have you fallen victim to an internet scam? The Investigators Investigations can help. View our Cybercrime services here, or call us on 0800 747 633 for more information.

- Article originally on stuff.co.nz.

Article by: Mike Gillam, Senior Investigator

Latest News

Missing People in the Waikato: Not Just Tom Phillips Scam The Scammers With Updated Tool by Netsafe Private Investigators in New Zealand: Trust The Investigators for Professional Services The Role of Private Investigators in New Zealand Unveiling the Truth: How a Private Investigator's Covert Manned Surveillance Can Help You Navigating Commercial Lease Re-Entry in New Zealand: The Role of Licensed Private Investigators