Companies held to ransom as software hacked
text size

Companies held to ransom as software hacked

Victims are reluctant to go to police through lack of confidence in the force and fears their businesses will be further damaged, writes Wassayos Ngamkham

A typical ransomware warning, including the logo of the alleged Russian attacker, is shown in this screen capture made by Police believe ransomware attacks in Thailand emanate from South Asia.
A typical ransomware warning, including the logo of the alleged Russian attacker, is shown in this screen capture made by Police believe ransomware attacks in Thailand emanate from South Asia.

Cyber police are facing a new challenge. They have learnt that at least 10 companies' computer systems have been hacked and the companies under attack were forced to quickly pay a ransom in exchange for a password to salvage their crippled systems.

Almost any company can fall victim to escalating cyber criminal activities committed by a group of hackers based in South Asia, Technology Crime Suppression Division (TCSD) chief Supaset Chokchai said.

When hacked, the computer system of the targeted company normally becomes inaccessible, he said.

Most, if not all, of the company executives opted to pay the ransoms as they were given a short period to decide whether to pay, or risk losing valuable information stored in their computer databases.

Contact Crime Track:

In a damning indictment on pubic confidence in police, many victims didn't turn to them for help because they didn't think police would be able to do much, or act fast enough to prevent their businesses from being damaged, he said.

Another reason the hacked companies weren't willing to lodge a formal complaint with police over the hacking episodes was because they didn't want to risk losing confidence among their trade partners, he added.

In most cases, hackers stealthily spread malware into the targeted computer system to gain access to the system and seize control of it from a distance, said Pol Maj Pathompong Silapasuk, a police inspector with the TCSD's sub-division 1.

The first computer in a targeted network is known to computer security experts as a "zombie computer", which a hacker uses to launch further attacks on the entire system, he said.

"When ransomware is installed into the targeted computer network, the entire system is frozen. That is when the hacker normally contacts the administrator and demands a ransom payment," he said.

A password is needed to unlock and recover the hacked system, he said, adding the Thai companies hacked were ones that normally have to share a large volume of data with partners in other countries such as pharmaceutical and chemical companies.

The longer they delay making their decisions on the ransom, the higher the demand, Pol Maj Gen Supaset said.

The victim is normally given one or two hours to get the ransom transaction done, he said, adding the longest period given in past cases was three days.

There were three common risks found in past hacking cases, he said.

They were the use of illegal software, getting trapped in a fake free WiFi hotspot maliciously created by a hacker to spread malware, and downloading free software over the internet without realising the software was infected with malware.

Pol Maj Gen Supaset said when computer system hack attacks happen, police have to seek cooperation with their counterparts in the country where the hacking actually occurred, which can be time-consuming.

The hacker normally demands the ransom to be paid in bitcoin currency in which 1 bitcoin is currently equivalent to about 55,000 baht. The bitcoin currency can be bought through brokers. It's not a popular currency in Thailand at the moment.

"Tracking the culprits from bitcoin transactions is difficult due to the currency's complicated coding," Pol Maj Gen Supaset said.

Microsoft Word and Microsoft Excel are among the most common types of computer software hacked in recent cases, he said, adding the US Federal Bureau of Investigation has advised against paying ransoms as it only encourages the crooks.

Potential victims are advised to back up computer data regularly -- at least every three days -- so they won't have to worry about what the hacker may threaten to do with their hacked data, he said.

Somsak Vatinchai, 49, CEO of Design Alternative Co, a laboratory equipment installing firm, endured "a nightmare" when his company's system was hacked. The culprit demanded he pay a 500,000 baht ransom to restore the system. His computer program which controlled machinery was inoperative. The hacker threatened to double the ransom if he refused to pay it immediately and if he delayed the payment until the following day, the ransom would increase three-fold.

Mr Somsak said he lodged a complaint with police but they could do little to help. However, he heeded police advice not to pay the ransom.

Instead, he decided to contact his Germany-based software company asking it to send his company a new copy of the computer program so the company could edit and use it to replace the hacked software normally used to operate the machinery.

Mr Somsak, however, admitted the incident had damaged the company, as it took time to write a new version of the software hacked.

"That cost me more than 1 million baht [in total loss], which actually was more than the initial ransom they demanded I pay. And if I had paid it right away, I would not have faced this much loss," he said.

The company now prohibits staff from bringing handy drives and notebooks other than ones provided to use at work, in a measure aimed to prevent a repeat of the hack attack.

Contact Crime Track:

Do you like the content of this article?