Drache Aptowitzer LLP

Tax and Charity Lawyers for Charities, Not for Profits, and Individuals in Canada

You are here: Home / Articles / Ransomware Hits Charities

Ransomware Hits Charities

By Arthur Drache C.M., Q.C.

In early May, the Charity Commission of England and Wales, issued an alert to charities about what has been called “ransomware”.

“Trustees, charity professionals and volunteers should continue to be aware of online extortion or ‘ransom’ demands affecting UK businesses. Charities could also be vulnerable to attack and so are encouraged to be vigilant. This advice is particularly relevant for those charities which operate overseas and/or deal with international partners in high risk zones.

The information contained within this alert is based on reports made during the past week, to Action Fraud, the UK’s national fraud reporting centre.”

Our initial reaction is that this had nothing to do with Canada, but within a week of the alert, we heard otherwise.

An Ottawa woman running an animal charity[1] from her home found this the hard way. Recently the computer she uses to run the organization’s website turned on her. As she was using it, a robotic voice suddenly announced that her organization’s “documents, photos, databases and other important files have been encrypted.”

Her computer had been compromised by what’s known as ransomware, a type of malware that gets into the computer either through an email attachment or by the user accidentally clicking on a compromised website.

The instructions on her computer demanded that she pay a ransom of $500 US, through the untraceable internet currency bitcoin, or risk losing all of her files.

“[The malware] encrypted all my files, all my files and photos for the last 15 years,” she said.

The ransomware also made it impossible to update the site, she said, meaning she couldn’t add photos of recently found dogs or receive messages from people wanting to adopt.

Her computer person said:

“In this case there is no recovery software.  The only recovery software is what the thieves have and you have to buy it from them. So to me, this is the most malicious virus that you can get,” her expert said.

Police say ransomware usually originates overseas and is difficult if not impossible to trace, so there’s little they can do except warn people to make backup copies of their hard drive.

Sgt. Paul Batista of the Ottawa Police Service’s computer forensics unit says prevention is the best defense.

“If you back up your computer, once you reset you can go back to the last known good copy of what’s on your system,” Batista said.

The charity says it can assure its supporters that they can’t get the virus by going on the website.

Now, the organization has to decide if she will pay the ransom. According to most of the computer specialists she’s consulted with, companies who’ve accepted the ransom demands end up getting their files back, the director said..

“So we are between a rock and a hard place,” she said.

And what did the Charity Commission advise?

“What to look out for:

  • a number of businesses throughout the UK have received online extortion demands from a group calling themselves ‘ Lizard Squad’
  • the group have sent emails demanding payment of 5 Bitcoins (a form of digital or ‘crypto’ currency) by a certain date and time. The email states that this demand will increase by 5 Bitcoins for each day that it goes unpaid
  • if their demand is not met, they have threatened to launch a ‘denial of service’ attack (‘DDoS’) against organisations’ websites and networks, taking them offline until payment is made
  • the demand states that once their actions have started, they cannot be undone

Action to take:

If you have received such a demand, or receive one in the future, you are advised to:

  • NOT meet their demands and pay the ransom
  • make a report to Action Fraud, a U.K. operation
  • retain the original emails (with headers)
  • make a note of the attack, recording all times, type and content of the contact
  • call your Internet Service Provider (ISP), or hosting provider if you do not host your own Web server, tell them you are under attack and ask for help”

Carl Mehta, Head of Investigations and Enforcement Operations at the Charity Commission, said,

“Charities need to be aware of the imminent danger posed by this fraudulent group and to take appropriate steps to protect their charity’s assets and good reputation – both of which could be damaged if the ransom demands of the group are met.

I urge all charities, if they suspect they may have fallen victim to such extortion or ransom fraud, to report it immediately to Action Fraud.

Get Safe Online tips for protecting your business from a DDoS attack:

  • consider the likelihood and risks to your organisation of a DDoS attack, and put appropriate threat reduction/mitigation measures in place
  • if you consider that protection is necessary, speak to a DDoS prevention specialist
  • whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits”

 

[1] We have chosen not to name either the organization or its director in this article.

DISCLAIMER
Before you send an e-mail to Drache Aptowitzer LLP, please be aware that your communications with us through this message will not create a lawyer-client relationship. Do not send us any information that you or anyone else considers to be confidential or secret unless we have first agreed to be your lawyers in that matter. Any information you send us before we agree to be your lawyers cannot be protected from disclosure.

View Newsletter Archives