Reseller saves Byron Bay school from scammers

By on
Reseller saves Byron Bay school from scammers

A Byron Bay primary school has had its records encrypted by scammers who demanded a $5000 ransom.

The Eastern European-based ransomware attack first occurred in October. The damage from the incident lasted about two months.

Byron Community Primary School financial manager Frank Binkley told CRN sister site SC the school recovered most of the records by running a forensic probe on the affected hard disks, with help from local reseller Hi-Performance Technologies and its manager Liam Dufty.

"We were bloody lucky, we came out a lot better than we could have," Binkley said.

The past month's financial data and some historical photos of the school were unrecoverable and remained bound in the AES 256 encrypted RAR file.

Staff at the 100-student school initially agreed to pay the ransom. Binkley then pleaded with the scammers, who used the alias Jack Williams, to lower the ransom price which they subsequently dropped to $1235.

"The strategy was to negotiate. I told him that we're a tiny school and to go play Robin Hood somewhere else."

The ploy was a ruse designed to give Dufty time to salvage the school's data and track the scammers.

The attack bore striking similarity to an attack last month against a small business some 500 kilometres away in Foster.

Deanes Buslines operator Brenton Deans had his company's records encrypted by the same scammers. The records contained data on school kids the company ferried around the area, and were critical to the daily operations of the business. As a result, he paid the $3000 ransom.

Not so smart

Ransomware scammers do not need to be tech-savvy. Scammers generally break in via an open port and brute force any user accounts that stand in the way.

"You don't have to be a genius to do this," Dufty said. "They found an open port, tracked the user accounts and ran brute force on the password."

"These guys are script kiddies."

Duffy had processed-mapped the attack in minutes and discovered that the scammers were using British-based proxy Hide My Ass, a service which maintains logs of when users log in and off its service.

The information was passed on to the FBI.

In another attack this month, scammers used the remote desktop protocol to break into a Gold Coast medical centre, encrypt 65000 files including medical records within a SQL database, and demand a $4000 ransom.

And in September, a Northern Territory business was forced to pay a $3000 ransom to hackers who had encrypted its financial records.

Sophos director of technology strategy James Lyne predicted that ransomware infections will increase in 2013 with a massive increase in the quality of implementation.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
fraud nsw police ransomware scam security

Partner Content

How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?