Credit: Photo 96376908 © Audiohead - Dreamstime.com
Victorian Microsoft partner Software Objectives has found itself working to retrieve customer data after its systems were hit by Gandcrab ransomware late last week.
As reported by News Corp on 5 June, the Melbourne-based custom software and solutions development consultancy firm had been “blackmailed” by online scammers.
While the initial report suggested the company had been hacked, Software Objectives’ CEO and development manager Geoff Schaller told ARN that the ransomware campaign made its way past the company’s digital defences via a dodgy email, which is often the case for such exploits.
"What we suspect happened was one of the developers has unwittingly opened an attachment in an email, or opened up, clicked on a link in an email that looked innocuous,” Schaller said. “Some people are more diligent than others.
"And that way it gets past any firewall or any anti-virus, because you’re allowing something to execute, you’re giving permission to execute. It requires vigilance, unfortunately."
According to Schaller, some of the company’s clients’ data was corrupted before he and the Software Objectives team was able to halt the spread of the Gandcrab version three ransomware – a relatively new variant – into its various physical and virtual machines.
"There was some clients’ data corrupted," Schaller added. "And now we have to work to help retrieve it or help them rebuild it, or do what we need to do to get them back on the straight and narrow."
ARN understands that the scammers behind the ransomware exploit demanded payment in bitcoin and at least one other form of cryptocurrency.
While Schaller was not able to put a dollar value on the payment demands, Gandcrab perpetrators have been known to ask for ransoms of between hundreds and hundreds of thousands of dollars in DASH cryptocurrency, according to a report by media outlet The Register early this year.
Although Software Objectives, which claims Sophos and Microsoft among its key vendor partners, is still working to mop up in the aftermath of the ransomware hit, Schaller is already looking at taking new measures to ensure the company is protected from such exploits in the future.
"We have to do things like geo-redundant back-ups now, not just the back-ups we had,” Schaller told ARN. “It will change the way we do things.
"I never thought that that degree of protection was necessary, but as the organisation gets bigger, you get more and more people, the slip-ups are going to happen. I don’t know that you can prevent it. You’ve just got to be able to mitigate it."
