Real-life cybercrimes Part 1

Cybercrime is rapidly increasing in Australia and with over 600,000 Aussie reporting scams to ScamWatch in 2023.

These are real examples of cybercrimes committed against a business that might be just like yours.  A seemingly innocent click could cost you thousands of dollars.

Eye clinic

Incident

An employee opened an email attachment that contained ransomware, causing the business to lose access to their network of digital patient records. The cybercriminals demanded a ransom payment in Bitcoin of approximately $6,000. The clinic was able to continue trading, however at greatly reduced efficiency, as they had not used paper records for accepting and treating patients in years. Despite having access to some paper filing, the business was not able to raise invoices as this is part of a paperless system. Forensic Investigators were able to recover the vast majority of data and restore the paperless system.

Outcome

$126,000 in forensic IT expenses, reputational damage, and lost work hours.

Payment: $126,000

Hairdresser

Incident
The business uses a VoIP telephone system. A hacker gained access to the telephone system and made multiple unauthorised calls to a premium number over the course of a month. At the end of the month, the business received its invoice, which included $30,000 of unauthorised calls.

Outcome

They made a claim on their Cyber policy which triggered the optional Social Engineering cover. The client was covered for their direct financial loss because of the phreaking attack.

Payment : $30,000.

Law firm

Incident

An unknown organisation gained access to a law firm’s network and may have gained access to sensitive client information, including a public company’s acquisition target, another public company’s prospective patent technology, the draft prospectus of a venture capital client, and a significant number of class-action lists containing plaintiff s’ personally identifiable information (PII). A forensic technician hired by the law firm determined that malware had been planted in its network. Soon after, the firm received a call from the intruder seeking $10 million to not place the stolen information online.

Outcome

The law firm incurred $2 million in expenses associated with a forensic investigation, extortion-related negotiations, a ransom payment, notification, credit and identity monitoring, restoration services and independent counsel fees. It also sustained more than $600,000 in lost business income and extra expenses associated with the system shutdown.

Payment: $2.6 million

Hardware store

Incident

An employee at a hardware store ignored internal policies and procedures and opened a seemingly innocuous file attached to an email. The next day the hardware store’s stock order and cash registers started to malfunction and business trade was impaired as a result of the network failing.

Outcome

The hardware store incurred over $100,000 in forensic investigation and restoration services. They also had increased working costs of $20,000 and business income loss estimated at $50,000 from the impaired operations.

Payment: $170,000 total costs

Hotel chain

Background

The Hotel Chain hired a contractor to perform works on one of their properties. They soon after received an invoice for $13,000 from the contractor. The following week they also received an email claiming to be the contractor, stating that their bank details had changed and provided the new details. They subsequently paid the $13,000 into the ‘new’ bank account. A few days later the contractor followed up for payment for their works at which time it was identified that their emails had been compromised and the Hotel Chain had paid a fraudulent account.

Outcome

The Hotel Chain made a claim on their Cyber Policy and after conducting investigations, indemnity was granted under the optional Social Engineering Fraud cover. They were reimbursed for the direct financial loss suffered as a result of the fraud.

Payment: $13,000.

If you don’t have Cyber Insurance, please reach out to one of our dedicated team after you have downloaded our free Cyber Guide.