Update: The IT specialist who was working on getting Caprock Business Forms’ system back up and running said Monday morning that he was able to remove the “ransomware.” He added that the computer systems were restored, with the exception of about two hours prior to the cyber attack.
“CBF will not be paying the ransom and will be filing a police report this morning,” said Terry Duvall. “Ongoing there will be some retraining of employees and upgrades to some backup and recovery software with operating systems.”
The Lubbock business was shut down Friday after being targeted by hackers demanding a ransom.
An employee opened a malicious email suspected to be the cause of the cyber attack.
Employees said they had received suspicious emails for several weeks, but the company’s operations were not affected until an employee opened the email on Friday that appeared to be about an overdue invoice.
“All of a sudden we couldn’t do anything. We couldn’t go anywhere. We kept getting error messages. And finally, a message came up on her computer that said something about ‘ransomware,'” said Caprock Business Forms personnel manager Jon Jones.
“We can’t look up our past jobs, we can’t do quoting, can’t do order entry” Jones explained. “We just want our system back. We’re dead in the water right now, we can’t do anything.”
He said a message appeared with instructions on how to make a payment in bitcoin, and unlock the company’s information.
The notice demanded 10 bitcoin, which is “a little over $4,000,” said Jones.
The company of about 25 was affected both at the office and the plant down the street.
“We have probably 13 computers that have been affected,” Jones added, saying that he believed the attack was random. He explained data after February 1 was lost.
A hospital in California faced faced a similiar situation in early February. Administrators chose to pay approximately $17,000 to receive data back and unlock computer systems.
“We called our IT guy and he came out and discovered we were hit by that ‘ransomware’ like that hospital in California,” Jones said.
That “IT guy” was Terry Duvall, owner of Duvall Technology.
“Looks like an email came in, a spam email, that contained a macro document that installed ‘ransomware’ on the computer in the network,” Duvall said.
Simply, when the email was opened, it triggered a chain reaction to the other computers on the network.
Duvall said paying the ransom in bitcoin would mean the money would be harder to trace. He said it is difficult to track down hackers in cases like this.
“You can report it, and everything else but, it’s pretty much a dead-end street because of the way they cover their tracks. Even paying the ransom is really in essence untraceable,” Duvall explained.
The Lubbock Police Department said it was not currently investigating any cases.
Our computer crimes section always stays abreast of all the computer crimes that are going on,” said Lieutenant Ray Mendoza, who explained that he recently spoke with members of that unit.
“If this actually happened today, this would be the first one for us,” he said.
Mendoza agreed with Duvall with the fact that crimes of this nature have been difficult to solve.
“We’re talking about somebody that would be overseas, or another state, even another country,” said Mendoza. “So those are very difficult for us to investigate. We work very closely with the FBI and try to come to a conclusion on any of these cases. What the difficulty is is as soon as they send that money, you’re probably not going to get it back.”
Mendoza recommended that anyone in a similar situation should not pay the ransom, rather contact law enforcement or a computer professional.
“There’s ways to try to eliminate that ‘ransomware’ off your computer,” Mendoza explained. “If you find yourself in that situation, that you unplug the computer and take it to a professional, and hopefully they can have it removed.”
“Make sure your backups are current, make sure that you have employee awareness. Don’t open things that probably look suspect, things like that,” Duvall said.
After speaking with the company’s president, employees advised EverythingLubbock.com that the company planned on paying the ransom, and was working on the process to purchase bitcoin.
