Adelaide newsagent’s hacking blackmail nightmare

An Adelaide newsagent held to ransom by computer hackers last month says it was the worst experience of his life, and should be a grave warning to other local businesspeople.

Jun 11, 2019, updated Jun 11, 2019
"It’s been the worst month of my life by a long stretch." Adelaide Newsagents director Steve Hewish urged all businesses to check their computer security. Photo: Tony Lewis / InDaily

"It’s been the worst month of my life by a long stretch." Adelaide Newsagents director Steve Hewish urged all businesses to check their computer security. Photo: Tony Lewis / InDaily

Steve Hewish noticed his computer software looked different than normal when he arrived at Adelaide Newsagents at about 5:30am one Friday morning last month.

“I restarted the computer and then the screen came up with: Your Computer Has Been Encrypted – Do Not Call The Police,” Hewish recalls.

“The stress levels are just beyond anything I’ve ever experienced before.”

Once Hewish, director of the company, received the message, the clock was ticking.

His blackmailers – believed to be from Russia – gave him 24 hours to transfer $3500 US dollars into an account using Bitcoin.

“Initially, I thought, blow them – we’re not going to pay a ransom,” he says.

“We’re going to work our way around it.”

But he delayed calling the police as he mulled the decision.

At the same time he was scrambling to deliver newspapers to some 1500 residential and business customers across the CBD and North Adelaide with no up-to-date record of who his customers were, where they were located or how much they owed on their accounts, among other key details.

A cloud system had failed to back up his files. The most recent records he had to work were 18 months old.

As the 24-hour deadline approached, he made the fateful decision to pay the ransom.

The potential alternative – losing everything – was just too high a price to pay.

“The software program (has) a list of all my customers, the orders we do the runs, how much money they owe me – everything; basically the entire running of that company,” he says.

“If we lost that … and tried to rebuild it, the potential financial cost could have closed the company.

“So when I came into work Saturday morning, I said to my computer people that I want to try and pay the ransom.”

He began working feverishly to meet the hacker’s demands – first desperately negotiating for a time extension, so that he could obtain a Bitcoin account.

My concern was, if the police got involved, that they might then take control of that ransom situation and I might not get my information back

Adelaide Newsagents employs seven full-time and about 40 part-time staff, delivering an array of newspapers, including CityMag (which, like InDaily, is published by Solstice Media) The Advertiser, The Australian (News Corp) and the Sydney Morning Herald (Nine) among others, to businesses and homes across the CBD and North Adelaide.

“I had to apply to a Bitcoin company with my photo ID to get authenticated – then they rung me back and wanted to know what I wanted it for, and I was honest, and they couldn’t help me,” he says.

“I tried with about 3 different companies and was refused.”

He asked another person – whom InDaily has chosen not to identify – to acquire the Bitcoin on his behalf.

In their attempts to obtain the electronic crypto-currency, that person’s own bank account was frozen, he says.

“We had all this drama over the Saturday, Sunday, Monday, Tuesday.”

Meanwhile, Hewish put extra people on to take phone calls about incorrect deliveries and held off contacting the police altogether.

“My concern was that if the police got involved, that they might then take control of that ransom situation and I might not get my information back,” he says.

“I wanted to try and do that first and then I was more than happy to approach the police (something he tells InDaily he will soon do).”

Fortunately, he says, the hacked computer system did not contain any credit card details for customers – who he says were very sympathetic to his situation – and the business managed to get about 80 per cent of the deliveries right during the crisis.

We’re so reliant these days on computers – every business is.

By Wednesday, the week after his computer system was locked down, one of the companies approved the Bitcoin.

He paid the ransom.

“The money went through at 2:23pm on the Thursday, and we got the key to un-encrypt our data at 11pm that night.”

InDaily in your inbox. The best local news every workday at lunch time.
By signing up, you agree to our User Agreement andPrivacy Policy & Cookie Statement. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

After more than a week of working 17-hour days to fix it, the crisis was over.

The hack was, according to Hewish, the most serious threat to the existence of his family business – started by his father in 1959 – he had ever experienced.

“It’s been the worst month of my life by a long stretch,” he says.

“Would not wish anyone to go through it.”

Hewish has now implemented a series of security measures to ensure the business is never vulnerable to such an attack again, working with IT companies Tower Systems in Melbourne and Seek Technology in Adelaide, which he says were incredibly helpful during the crisis.

He urges other businesses to do the same.

“We take it for granted (computer security),” he says.

“We’re so reliant these days on computers … every business (is).

“Have a computer security health check.”

SA Police’s Commercial and Electronic Crime Branch strongly recommends that people proactively protect themselves against ransomware and other cybercrime by creating regular backups of important files and storing them offline.

“We also recommend that people do not pay the ransom – there is no guarantee this will fix the computer, and it could make the computer vulnerable to further attacks,” a spokesperson for the agency said.

“Instead, we would urge businesses to restore files from backup and seek technical advice.

“Other key advice would be to use antivirus software, use strong passwords, make regular backups, don’t click on links in emails or messages or open attachments from people or organisations you don’t know.”

Additionally, the spokesperson said it was important to use Two-Factor Authentication or Multifactor Authentication where possible, and urged business managers to limit administration access only to necessary users.

Want to comment?

Send us an email, making it clear which story you’re commenting on and including your full name (required for publication) and phone number (only for verification purposes). Please put “Reader views” in the subject.

We’ll publish the best comments in a regular “Reader Views” post. Your comments can be brief, or we can accept up to 350 words, or thereabouts.

InDaily has changed the way we receive comments. Go here for an explanation.

Local News Matters
Copyright © 2024 InDaily.
All rights reserved.