No antidote to cyber ransom
Netsafe admits it has helped victims pay off blackmail demands from hackers who have infected computers with "ransomware".
The cyber-safety organisation has been left in an invidious position because of the rise of "crypto-locker" ransomware attacks, which digital project manager Chris Hails described as being close to the perfect crime.
Mark Shaw, a spokesman for security-software maker Symantec, said the earliest forms of ransomware displayed fake on-screen "warnings" claiming that victims had been detected downloading illegal pornography and demanding they pay a fine to "police".
But mid-last year, crypto-locker ransomware emerged which encrypts the files on victims' computers and gives them a deadline to pay up before the key to decrypt the files is destroyed.
Symantec said in a just-released report that it had detected a 500 per cent rise in the number of ransomware attacks between January and December last year.
Netsafe had put some victims, including a business that had four years' data held hostage, in touch with the owner of a New Zealand Bitcoin exchange who could advise them how to pay off ransoms using the virtual currency.
Bitcoins were one of several virtual currencies favoured by the blackmailers because transactions were almost impossible to trace, but ransomware victims often did not know how to get hold of or use them, Hails said.
"For us to encourage people to pay is a pretty shocking approach, but in many cases we have had to say ‘all you can do is pay'."
Netsafe advises people to regularly back up their files and store them safely offline, which would reduce the likely impact of crypto-locker attacks.
Hails said Netsafe would "not really recommend" people paid ransoms because it encouraged crime, but he had spoken to about six businesses which decided to pay because it was their only resort.
"We have definitely seen people who had paid and got their data back, surprisingly."
Shaw said a large proportion of ransomware was served up from adult websites, but there were other methods of attack, such as email attachments and malware-infected advertisements on legitimate websites.
Hails said that Netsafe was notified of more than 1000 ransomware attacks in New Zealand last year.
- Fairfax Media