Police warn companies against paying hackers a ransom

Police have warned companies that in the unfortunate event that their data is held hostage by criminals using ransomware they should not pay up – especially with cryptocurrency.

Officers said using virtual currency would make it extremely difficult for them to trace the money and investigate a case.

The warning came despite the force reporting a six percent fall in the number of email scams in 2020, with 767 cases. The total amount of money lost also dropped by 11 percent to HK$2.2 billion, when compared to the year before.

There was also a fall in cases in the first quarter of this year.

“We do not have a particular reason to explain the fall. Hackers use different means to get money or launch cyberattacks. In recent years, there have been much more attacks using ransomware, probably because of the surge in the price in cryptocurrency”, said detective chief inspector Ip Cheuk-yu from the force’s cyber security division.

Ip warned companies that paying a ransom would not guarantee that they would ever receive the digital key required to unlock the files.

Elsa Wong from the Hong Kong General Chamber of Commerce also noted that none of its members had ever paid a ransom via Bitcoin, saying it’s important that companies have a security policy and back up their data from time to time.

She added they encountered a case recently where an employee’s computer was attacked while working from home, leading to all the company’s files being encrypted by cyber criminals. Wong called on firms to provide their employees with a laptop and to access servers via a virtual private network.

A recent phishing email drill involving 46 companies from various industries, such as finance and energy, found that about one in 10 employees had clicked a link sent in mocked-up scam emails.