Ransomware hits Cowichan computers


A Sahtlam man is piecing together his business files after his computer was hit by data-encrypting fraudsters using ransomware.

Keith Bercier has run a custom woodworking and kitchen cabinet building shop (KWB Cabinets) for over 30 years. Like any other owner of a small business (he has two employees), Bercier fits many tasks into his day. So when a mysterious email showed up in his inbox in mid-December, he quickly opened it. It said “I’m sending you my resume for your consideration.” Bercier said, “I didn’t really think too much about it. I get them all the time.”

Data (Large)He clicked on the attachment. “As I did I thought that’s weird that he sent me a resume in a Zip folder,” he said, dismissing his doubts, assuming there were large photo files that accompanied the document.

“A second later things start flashing up on my screen telling me what happened. It’s basically your ransom letter that shows up.”

The extortionists wanted payment of $800 US right away to release his files. If he waited a week, the fee would be raised to $1,500 US. After that, the letter said, it would be too late. The funds had to be paid in bitcoin, a digital currency launched in 2009. While bitcoin is legitimate – often used for charitable donations (the first bitcoin ATM was installed in Vancouver) – the currency has attracted criminals, too. The Washington Post called it “the currency of choice for seedy online activities.”

Bercier in Duncan

Keith Bercier in his cabinet shop in Duncan.

He quickly realized that although he could access the Internet on his computer, he couldn’t use any of his files.  He was another victim of a ransomware extortion scheme called CryptoWall that has appeared in the last year, harming both individuals and companies. For businesses, the disruption can be worth thousands of dollars.  Three B.C. law firms were hit early in 2015. See related story

Not knowing about the trend, Bercier wasn’t too concerned at first. He reached out to a friend who works for HP Canada. “I thought, I’ll give him a call and he’ll tell me how to get out of this,” said Bercier. The friend consulted with his tech department and phoned him back. “He said you’re screwed. There is zero you can do about it. If you really need the files your only hope is to pay the ransom and hope they’re going to give them to you.”

In the end, Bercier decided not to pay, concerned about becoming a repeat target. “I thought what if there’s something left on my computer and six months later they do it again? How do you know your files don’t have a little snake in them?” He took the computer in to the local Geek Squad and had it reformatted. They reported handling four other cases this year.

You’re going to have to kiss that data goodbye is what Jeff Wright, of Teky Technical Services, tells his customers affected by the digital thieves. His Cowichan Bay business has handled eight CryptoWall cases in the Cowichan Valley so far this year. In one, an owner who shared broad access to a Dropbox account was infected. Wright recommends using a back up program that has versioning so you can go back to earlier versions to retrieve data. “This is the worst virus and most malicious I’ve ever seen,” he said, adding that people used to be wary of getting “exe” files on attachments. Now, he said, watch out for JS (Javascript) files.

In hindsight, Bercier wishes he had paid. “Every time I turned around, I thought there is something else I’ve lost.” His specialized saw for kitchen cabinets is computerized, so he lost his current job specs as well as his design software, his invoicing records and some decorative designs he made for a related business.

Since the incident, Bercier has altered his computer habits. He’ll never open a Zip file again. He had a hard drive connected to his computer that automatically backed up everything. But because it was connected, it got encrypted as well. Now he only plugs that in when he backs up manually at the end of the day. As a secondary precaution, he uses USB thumb drives as well.  “Make sure you have two back-ups,” he said.

“I’ve had computer viruses before. They’re annoying, like a sliver in your finger,” said Bercier. “But this was like a baseball bat to your head.”

The data loss comes at the end of a string of bad fortune – health and business issues – for Bercier. “It is very disheartening,” said Bercier, who lost some wooden art projects that were supposed to be Christmas presents for his adult children. “I’m glad I’m an optimist.”


About Author

Leave A Reply

Please identify yourself using your real name, otherwise we cannot use your comments.