A SCOTS hairdressing firm owner has issued a warning about a new breed of cyberattacker extortionists after he was forced to pay a 1000 euro ransom to hackers who had managed to lock him out of the company database and then deleted vital information.
Ellen Conlin Hair & Beauty which has salons in Hyndland in Glasgow's West End and Giffnock, East Renfrewshire in Glasgow have reported the cyberattack to the police but have become frustrated over a confusion over whether the inquiry should be dealt with by forces north or south of the border.
Ken Main, who fears for the future of the business he joint-owns, is now warning other small businesses about paying the ransomware attackers.
He stressed that no personal details of his 3000 clients had been compromised but that the attack could lose them thousands of pounds worth of business due to deleted data on a system used to store appointments, wage details, client histories, stock information, business monitoring and marketing information.
He is now considering action against SALONGENIUS, the firm who create and supply the software "who I pay to store my information securely". A police spokeswoman said: "Around 1923 hours on Tuesday 20 October 2015, police received a report of an attempt to extort money from a business owner in Glasgow. Enquiries are continuing."
The Federation of Small Businesses in Scotland say they believe this is the first incident of its kind to go public in Scotland, and that they believe other firms are suffering in silence, fearing the public relations backlash.
Police believe Scotland is currently being targeted by ransomware hackers because of the high number of small to medium sized businesses.
Details of the attack came as TalkTalk admitted they had an email demanding a ransom from a group purporting to be behind another cyber-attack suffered by the company. The phone and broadband provider said personal and banking details of up to four million customers may have been accessed in the "significant" attack.
Ransomware is a type of virus that prevents or limits users from accessing their system. The malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back.
Computers can be attacked in a number of ways, such as by opening a malicious attachment hidden in an an email, clicking on a malicious link in a social media message or by visiting a website which has been corrupted, often unknown to the website’s host.
Mr Main said: "You feel the whole world is caving in. I'm raging at it, quite honestly. I would love to strangle that wee Russian b.....d if I could get my hands on him. It could effectively ruin our business if I am not careful."
Mr Main said the hackers, who appeared to be from Russia, had managed to encrypted their entire system, locking them out so they could not access it.
A manager discovered the hack when starting up the computer system on October 19 and it began a chain of events which led to the cyberattackers extorting cash.
The business did have access to a badly worded ransom note, in the form of an electronic notepad document left by the hackers saying that they had encrypted "all your important data" and that if they wanted data back, they needed to send an email containing their IP address to server.recovery@mail.ru.
He said the negotiation was carried out by operators of their SALONGENIUS system run by the firm of the same name in Bournemouth in Dorset.
"I told SALONGENIUS I want my database back, pay the money, I want my business back, I cannot run my business," he said.
"We are sitting here with a blank appointment book, knowing there's appointments in there.
"It started off at 350 dollars, and I said to the computer company, you better get onto this guy and see what's happening. Which they did and they wanted 1000 euros." It had to be paid through Bitcoin, the payment network and virtual currency.
"The hacker sent a keycode, which you type in and that unlocks the information. But the majority of the information was corrupted so we couldn't use it."
A year's worth of information "critical to our business" had been deleted, he said.
"I don't understand the logic. The computer company thinks it is malicious," he said.
The incident came five days after Police Scotland issued a warning to users to ensure their devices have the latest versions of security software installed, following an increase in malicious attacks which locks out users from their data.
Mr Main said he was visited by two police officers from Partick, and was eventually told that as the ransom was paid in England, it had to be investigated there.
Mr Main said SALONGENIUS representatives after it was reported in England, told him that it was for a force in Scotland to deal with it. "So it is one police force arguing with another," he said. He warned that the attackers were "a danger to small to medium-sized enterprises and added: "It is not just big businesses like Talk Talk that are under attack".
"Nobody is telling people. I am sure there are hundreds of people being hacked and they are not saying anything and they are just paying the money and that's it.
"It's a money making scam. What people need to understand is they should not pay the ransom unless they are 100 percent sure they get their information) back. The word has to go out, do not pay hackers because they will not give you back the information."
They have now made an appeal for customers who have appointments to contact them so they can help start to piece together the lost information.
Colin Borland of FSB Scotland said: "It is the first case I have heard of its kind in Scotland but I would put a substantial amount of money on the fact it's not the first time it has happened in Scotland.
"We know there is a massive amount of reporting of cybercrime, and it is partly because people don't want to admit they have been conned, because you wouldn't. You don't want to give the impression that you might be a soft touch. "It is a significantly larger issue than the official figures would suggest. Small businesses are vulnerable to this and are being targeted."
The SALONGENIUS management system is installed in over 48 countries worldwide including Toni and Guy salons and is advertised on their website as a way to "keep your business secure and safe".
Details of the system state: "10 levels of security are available letting you give staff access to the areas they need whilst protecting sensitive business information.
"Once security is set up access to all areas is recorded, unauthorised access attempts logged and a full audit trail is provided of who did what, when and from which terminal.
"This not only provides you with peace of mind but also protects your staff particularly those handling cash."
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel