SW council pays up to hackers

Karen HuntManjimup-Bridgetown Times

Bridgetown-Greenbushes Shire Council says it has taken steps to secure its computer systems after a cyber-attack on the Leisure Centre last month.

Investigations found hackers breached the centre’s system via a monitoring gateway used by software provider Phoenix, shire chief executive Tim Clynch said.

The hackers encrypted the centre’s membership data and demanded $2600 to unencrypt it.

“Our initial reaction to the ransom demand was not to pay criminals,” Mr Clynch said.

However, the advice of IT professionals, the council’s insurer and a specialist cyber-crime team was to pay the ransom, he said.

The costs of rebuilding the server and database were higher than the ransom demanded, and the advisers said data recovered after similar incidents was not copied or compromised.

“They can’t absolutely guarantee anything but they’re confident that people that undertake this type of activity aren’t interested in the data,” Mr Clynch said.

Four days after the payment of the ransom, the data was unencrypted and the operating system was functioning again.

Mr Clynch said it was important to make the incident public to be transparent and he said centre members had been informed.

“Each centre member has received a letter about the attack that details the outcomes and actions taken to resolve it,” he said.

Mr Clynch was “absolutely confident” that systems and firewalls in place were adequate to secure the council’s central server.

He said steps had been taken to minimise the risk of further attacks.

“It is evident that no business, local government or operator with an online presence is immune from this type of risk,” he said.

Get the latest news from thewest.com.au in your inbox.

Sign up for our emails