The chief information officer (CIO) at Brisbane’s Langs Building Supplies dragged himself out of bed to check and discovered he also couldn’t get into the system.

He jumped in the car and raced to the office only to discover an anonymous message popping up on his screen saying that his employer had been hacked and demanding a $15 million ransom be paid in bitcoin.

“It became pretty evident we had a much more sophisticated style attack in place then I had previously seen in my career as the complexity of things has really ratcheted up in last four years,” he told news.com.au.

“It’s a bit like how Nigerian scammers were sending out emails and it was pretty easy to detect, but now its much more like a sniper attack where you are stalked for a period of time and the attack is executed once you are weak.”

The attack, which happened in May and came out of the Netherlands, was actually perpetrated via one of their suppliers, whose email system they had infiltrated and used to contact a staff member at Langs Building Supplies.

“The beauty of this attack and sophistication of it was the person it was meant to be from was a legitimate account not a fake account, it was in the manner they are used to seeing and came from a legitimate source,” Mr Day explained.

“The only difference being a link that went somewhere else than it would normally go and this staff member was just vulnerable in a split second decision and put in his name and password and had given away his credentials.”

Mr Day said normally this type of attack wasn’t too bad and is quickly identified but hackers have changed the game – not only freezing companies systems but also stealing crucial private data.

“These guys have learned over the years that encrypting files is one thing but if companies have good back up strategies it’s not a deal breaker,” he said.

“So the real threat is when they take malicious action on the infrastructure and exfiltrate data meaning they upload data they find after encrypting it to their own servers and threaten to expose it by selling it to the media or dark web to cause reputational harm, so that provides severe pressure for people like us to pay.”

Mr Day said the company has a policy of never paying up and had ensured they had a good system of protection in place.

He did have a “scare” that suggested 30 gigabytes of data had been stolen from their system, but soon uncovered that nothing was compromised.

However, the hackers were determined not to give in.

“What was interesting after they worked out the attack had been unsuccessful and we weren’t paying, they sent an email to all staff they knew of in the organisation telling them had their data and they would sell it on the black market if we didn’t pay,” he said.

“That was a threat to ratchet up pressure to try and take it out of our hands and they wanted to instil fear where there would be some doubt so the organisation would pay the bill, but luckily I could demonstrate that they didn’t have any data.”

Mr Day reported the attempted attack to the Australian Federal Police but did wonder why Langs Building Supplies had been targeted.

He said as the largest independent building supplier in the South East of Australia they deal with a lot of construction and QLD’s economic recovery is currently being led by tradies.

“If a cyber attack take us out of equation a lot of people can’t trade and if we had been out for an extended period of time it would have really been bad … You have to understand the human effect of these breaches,” he said.

“The forklift driver and the workers in the timber mill are the ones that are sent home if things don’t work and they have to use up annual leave or leave without pay and I never want to be a in situation where I have put people in a tough spot financially.”

The Brisbane company’s experience is part of a wave of cyber-attacks hitting Aussie operators, with Business Australia warning that they are seeing a ransomware attack on small businesses every 11 seconds.

The industry organisation found attacks are up 30 per cent in the last six months as cyber criminals exploit the pandemic and the shift to remote working and that Australian small businesses are now the primary targets for cybercrime.

There has also been a 60 per cent increase in ransomware attacks against Australian businesses in the past year, according to the Federal Government funded Australian Cyber Security Centre.

Even more concerning, one-third of Australian organisations hit by ransomware attacks paid the ransom.

“The average ransomware of a business is $280,000, and we’re seeing a ransomware attack every 11 seconds and this is escalating,” said Business Australia general manager of products Phil Parisis.

“Both methods are extremely common and all too easy to execute with many businesses, quite simply, sitting ducks.”

Melbourne IT company Network Overdrive was another Aussie business targeted by a cyber attack this year, caught up in a global hit with the hackers wanting $US70 million ($A96 million) to be paid out.

The hackers had targeted software company Kaseya and Greg Clarkson, managing director of Network Overdrive, said they were impacted when an update downloaded and the “malicious” code bypassed firewalls and security systems.

“This was one of the largest events in the world and the claim from the Russian group was a million devices around the world were infected and we know 15,000 businesses were infected,” he said.

“The ransom claim was largest at time at $US70 million and it was so big it got the attention of the FBI and President Biden made comments about it and issued the FBI to get involved so it was particularly damaging in the US and Europe and major food chains were impacted in Sweden for example.”

Describing the incident as a “traumatic event’, Mr Clarkson said the hackers were demanding $US50,000 ($A96,000) from each business but as far as he is aware, no one in Australia paid.

Mr Clarkson is frank, admitting it was an “existential threat” to both the business and its customers but the “reason they were able to survive it” was eight months prior they had asked another IT company to come in and audit their security system.

“They provided recommendations and we implemented a completely state of the art ransomware proof back up system and they told us to practice and simulate a disaster and practice how to do it, which we did,” he said.

“We were affected in our own every day operations but all our clients needed help, so if we were not able to fix ourselves to speak and get own system online, we would have really been hampered in our ability to help customers in need.”

Mr Clarkson said 30 other Australian businesses were impacted as well with some even having their backups impacted, which means restoring data from the cloud can take weeks. Clients took on average one to three weeks to recover while lost productivity cost up to $100,000, he added.

But he said they were lucky the hackers only had “time to wreck the joint but didn’t learn anything about us”, echoing the same warning as Mr Day.

”Nowadays they don’t want to encrypt everything and destroy everything … The future of ransomware is about stealthily watching you and learning about yourself, whether you’re an individual or business,” he said.

“And working out the best way of exhorting you and threatening to expose information that is embarrassing or setting up a scam to trick you.”

Despite all the warnings, most small and medium enterprises (SMEs) are still unprepared for a cyber-attack, according to Business Australia.

“Australian small businesses can be easy targets with SME’s accounting for nearly half of all cybercrime incidents,” Mr Parisis said.

“Research shows that business owners are aware of cybercrime, but they are just not prepared – 90 per cent of attacks are still successful due to human error.”

There are two main types of cyber-attacks, and both can be equally detrimental to a business, he added.

“Man in the middle, also known as a monster, monkey or machine in the middle, is a cyber-attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other,” he noted.

“Ransomware is the other one. It’s a form of malware that encrypts a victim’s file, and the attacker then demands a ransom to restore access to the data.”

Often businesses like a small law firm or building company don’t think they will be hit by cyber crime, he added.

“The reality is the cyber criminals don’t necessarily target you. Mostly you become an accidental victim of a large, broad scale phishing attack. Then all it takes is one employee to make a mistake and it triggers an interest in your business,” he explained.

There’s also been a huge increase in phishing campaigns that revolved around trending topics like coronavirus vaccines, warned Business Australia added.

“It’s the easiest way to infiltrate a business and hold it hostage – and there are TikTok videos showing exactly how this is done within minutes,” he added.

A lack of training and awareness are the biggest risk factors when it comes to cybercrime, he said.

“Attackers are also incredibly creative at playing on human emotions and creating links someone is most likely to click,” he said.

Mr Day adds relying on back ups isn’t the answer but ensuring staff are engaged in IT security is the key element.

“Your people are your best defence and biggest liability all in one … you’ve got to make everyone responsible for safety of email systems,” he said.

“You can stop 99 per cent of actions by the user making the right call, so if you educate those people and make them a part of the process and empower them and then the tech has to be there to fix the, 'Oops, I had a bad day’ situation.”

7 tips to prevent a cyber attack

1. Create a human firewall: Building a human firewall or educating yourself and employees is the most effective way of preventing a cyber attack.

2. Protect your passwords: It’s critical that passwords are not easy to guess. It might be worth considering a password manager and a multi-factor authentication, providing a second wave of authentications.

3. Beware of public Wi-Fi: Logging on to a public Wi-Fi is one of the easiest ways to get hacked. If you, or members of your team, are working remotely, a safer option is hot spotting to their phone.

4. Careful with what you buy: Cheap cables for iPhone chargers have been found to allow hackers to use malware to hijack your device, best to go with store approved products.

More Coverage

Cyber attacker’s vile calls to cops

Caroline Schelle

Cyber menace unplugged for trolling cops

Paul Shapiro

5. Upgrade your software: Ensure all your devices’ operating systems are upgraded regularly. These will include recent security patches.

6. Consider insurance: Cyber insurance doesn’t reduce the risk; it reduces the financial impact of a cyber attack. It can also help a business recover faster.

7. Update business policies and procedures: Ensure your business processes are up to date to protect, prevent and recover from any suspicious behaviour.