A SCOTS hairdressing firm says it is now believed an electronic invoice may have been used by cyberattacker extortionists in a hack of their system, which led them to pay a 1000 euro ransom.
The payment was made after the hackers managed to lock Ellen Conlin Hair & Beauty staff out of the company database but they found 80% of their data was corrupted.
Ellen Conlin Hair & Beauty which has salons in Hyndland in Glasgow's West End and Giffnock, East Renfrewshire in Glasgow reported the cyberattack to the police who are now investigating.
Ken Main, who feared for the future of the business he joint-owns, has been warning other small businesses about paying the ransomware attackers.
The Herald revealed last week that the hackers, who appeared to be from Russia, had managed to encrypted their entire system, locking them out so they could not access it on October 19.
The business did have access to a badly worded ransom note, in the form of an electronic notepad document left by the hackers saying that they had encrypted "all your important data" and that if they wanted data back, they needed to send an email containing their IP address to server.recovery@mail.ru.
Staff have now provides statements to the police and a corrupted hard drive is now being examined to asceratain where the attack came from.
A Ellen Conlin spokesman said: "The police also believe that the 'bug' or 'virus' may have come into the system from a hacked supplier sending electronic invoices."
Mr Main who was initially concerned about the lack of action from the police now says it is "really comforting to know that someone is chasing these criminals".
He previously stressed that no personal details of his 3000 clients had been compromised but that the attack could lose them thousands of pounds worth of business due to deleted data on a system used to store appointments, wage details, client histories, stock information, business monitoring and marketing information.
He had said he was now considering action against SALONGENIUS, the firm who create and supply the software "who I pay to store my information securely".
The Federation of Small Businesses in Scotland had said they believe this is the first incident of its kind to go public in Scotland, and that they believe other firms are suffering in silence, fearing the public relations backlash.
Salon Owner Ken Main warned other businesses to "look at email addresses that are coming through as enquiries" and check whether the email extension is a dot come or a dot uk "and "be vigilant for something that wouldn't be at all relevant for you".
He added: "If you haven't got website analytics software - which tracks users activity, get some, as the geo - targeting can show where traffic to your site comes from around the world and if there is an alarming amount visiting trying to access admin areas as an example, this could be indicative of a potential attack."
The firm now have an upgraded website security package for which creates automated reports of website traffic from out of the UK.
Ellen Conlin said they have changed passwords, backed up all computers data, created hard copies of systems and "started to promote online safety with staff being more careful about what they do and don't do online" as well as additional external, removable, daily backup.
Mr Mains said: "For our small business it's a challenge to stay up to date with the constantly evolving digital market - investing heavily, we really push to make the salon accessible on mobile, tablet and laptop having recently launched a rewards mobile app so customers can benefit from every visit.
"Other than the obvious of having secure passwords and email addresses, you aren't even aware of other vulnerabilities until hackers strike. We are now taking steps to become safer online as a business and thinking about the social media sites and the software subscriptions we are using too."
Ransomware is a type of virus that prevents or limits users from accessing their system. The malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back.
Computers can be attacked in a number of ways, such as by opening a malicious attachment hidden in an an email, clicking on a malicious link in a social media message or by visiting a website which has been corrupted, often unknown to the website’s host.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel