A programer shows a sample of a ransomware cyberattack on a laptop.
A programer shows a sample of a ransomware cyberattack on a laptop. RITCHIE B. TONGO

Held to ransom: engineering business hit by hacker

ONE of Paget's leading engineering companies was brought to a standstill after a ransomware attack encrypted its entire network in what one IT expert says was the worst attack he had ever seen.

For DGH Engineering general manager Dave Hackett it was an 'oh f---' moment when he realised that the servers at his business had been hacked.

His thoughts turned first to concern over what might have been stolen.

Because the servers not only contained sensitive commercial information, it also contained all of his 190 employees' information, including payroll.

"It feels like being robbed and violated at the same time,' he said.

"Initially, you just don't know what they have done. Did they come in and take information out? You just don't know," he said.

The hacker, who gained access after a staff member clicked on an email link, left a cryptovirus on the server that went to work encrypting all the company's data, including the backup system.

The Paget business was crippled for four days.

"DGH would be the worst incident that we have ever had because they (the hackers) encrypted the backups as well," EHW Tech managing director Eddie Woodwell explained.

Mackay-based company EHW Tech has been in business for about 15 years and provides IT services to DGH Engineering, as well as thousands of other business clients in the wider region.

Without access to payroll, there was a real threat that staff wouldn't get paid during the ransom period, but administration staff manually calculated what the systems were down to ensure everyone was paid on time.

Ultimately, the engineering company was forced to pay $1300 to get the data back, after negotiating the hacker down from the initial demand for $20,000, in bitcoin.

"They had no choice. They had to pay it," Mr Woodwell said.

A cryptovirus is software that a hacker installs on a system after gaining access, usually through an email link to a user.

The software encrypts data on the victim's server and attacks any backups connected to the system, then the hacker offers the victim a decryption key for a fee.

But hackers are becoming increasingly clever, Mr Woodwell says, and the rate of attack has increased substantially in the last six months.

"Most of the attacks are from Nigeria or China, and we would have about 30 attacks every five minutes on our servers."

He said a hackers location could be discovered by their IP addresses.



PREPARE TO LEAVE: Fire edges closer to Kingfisher resort

PREPARE TO LEAVE: Fire edges closer to Kingfisher resort

A warning has been issued by Queensland Fire and Emergency Services

5 people facing charges in Gympie court today

Premium Content 5 people facing charges in Gympie court today

The people who are due to appear in Gympie Magistrates Court today.

19yo breaks aerial off car in drunken Melbourne Cup tirade

Premium Content 19yo breaks aerial off car in drunken Melbourne Cup tirade

The Rainbow Beach man fronted Gympie court for his alcohol-fuelled actions in the...