Cyber criminals successfully targeting Wexford small businesses

WEXFORD businesses are being targeted by ransomwear experts, with up to 60pc paying up for fear of having sensitive material stolen or their entire accounts wiped out.

etective Sgt Eoin O’Connell heads up the Wexford division’s Cyber Crime Unit which is manned by five detectives.

Sgt O’Connell said the fact that small and medium sized businesses are being targeted most has been a surprising development over the past year.

“We all think with ransomware that it will be the likes of Facebook, Coca Cola or Pfizer and we are all aware of the HSE attack, whereas actually it’s smaller businesses who are being targeted more and more because there security systems aren’t as elaborate and their systems share information.”

If a hacker hacks into a large business, there are accounts or HR on separate networks, but in smaller businesses there is most likely only one sever.

About 60pc of businesses pay the ransom.

“Our advice is not to pay. If you pay there is no guarantee you’ll get any or all your data back and you could become a repeat victim. This can be incredibly stressful and we are there to provide assistance to victims.”

Sgt O’Connell said with ransomware people are ashamed or worried that their customers will find out and move business, or that they will be shut down.

“We have to accept that we are going to put ourselves out there but it’s how we control that. People getting friend requests from people and spoofing Whatsapps or emails with the name or number of the owner of the business or Chief Financial Officer (CFO) because people post their job titles on LinkedIn. You can find out so much online through company websites and that’s how people are getting caught.”

Everything is urgent in messages from hackers. “This bill needs to be paid now. The goods are waiting for release or it will come in at 4 p.m. on a Friday evening when you just want to be out the door. Or first thing on a Monday morning when people are taking a while to settle back in. These are criminal enterprises; they are run like businesses so they do their researched no less that ay other business does.”

He said: “Someone in a company’s finance department may receive an email from the CFO’s address and it looks legitimate because it’s very easy to spoof an email header or a WhatsApp number, like the An Post one about paying your custom charges.”

Much of the information comes from ‘open source intelligence gathering’ (what’s available to everyone online).

Invoice Redirect Fraud cases have also been investigated in Wexford.

“They are difficult to investigate because in most cases the suspects are abroad. We are seeing an increase of ransomware as a service, whereby it is sold, so that will slowly increase the number of local suspects who can buy a ransomware attack on the dark web.”

Many investigations overlap with the dark web, especially child abuse images and drug trafficking.

“If there are ransomware attacks a lot of people are given instructions about how to but Bitcoin to pay them.”

Increasingly Wexford businesses are logging on and seeing a pop-up screen informing them all their data has been taken and they are informed you how to get Bitcoin.

“Your system is locked down and there is a demand for Cryptocurrency and you’ll lose all your data which will be published online. There is a slight trend towards moving in extracting all of the data and selling it. You still have access to your system but they’ll sell your sensitive data.”

In most cases ransomware is initiated through phishing.

“It’s the link that comes in that someone clicks on, so it’s really important that there is a no blame policy in the company. That one of your employees is not worried about being sacked or docked wages for clicking on a link.”