Pictou County Sports Heritage Hall of Fame held ransom by online scammers


Published on April 24, 2017

Barry Trenholm, curator with the Pictou County Sports Hall of Fame, looks over paper copies of archives at the New Glasgow museum. The sports hall had its computer files corrupted by a virus that won’t allow access to them unless a price is paid.

©SUEANN MUSICK/THE NEWS

NEW GLASGOW , NS – Barry Trenholm’s filing system at the Pictou County Sports Hall of Fame is being held ransom.  

Not by someone he knows, but by a computer virus that has corrupted thousands of photos, documents and banking information stored on the computer at the hall.

“I was in shock, I didn’t know what to do,” he said, adding it all happened suddenly two months ago when he received a message on the computer after trying to access a file.

He called a few tech people who volunteer with the sports hall of fame, as well as the RCMP, to see if they could help unlock the files, but the news just got worse.

Trenholm was told the problem was  ransomware, where scammers demand money for unlocking files it has corrupted. The starting price for the files was $500 and, if he didn’t pay within five days, the price would go up to $1,000.  

“We couldn’t do that,” he said, adding that, because the ransom had to be paid in Bitcoin, it was untraceable. “It could be going to anywhere in the world and there is no guarantee that you would get your files back.”

Trenholm said he also contacted another Pictou County businessman who paid $1,500 in ransom, but only had some of his businesses files returned.

According to an RCMP website, ransomware is a form of malware that locks and denies access to victim computers, digital files and systems once encrypted. When a user learns their computer is locked, the cyber-criminal will demand payment to unlock files and allegedly allow consumers to regain access.

Often spread through email attachments and botnets, once opened, the ransomware installs itself on the computer and uses a public key to encrypt a variety of file types such as images, documents and spreadsheets. The malware searches for files to encrypt on all drives and in all folders.

Once the virus is installed, a pop-up will advise the user that payment is required to obtain a “private key,” which if not paid, will result in the encrypted files being deleted. There is no guarantee against exploitation. Advancements in technology continue to make prevention an important aspect to limit ransomware.

The user is given approximately 24 to 72 hours to pay before the private key is destroyed and the files are lost forever. Payments can be requested by Bitcoin, UKash, Green Dog or other digital payment systems.

Scammers claim paying the ransom will unlock the computer and enable the decrypting process; however, it is unknown if payments will result in obtaining the "key" or unlocked files.

Trenholm said he has many of the files also in paper form, but he was working toward a system over 10 years that filed everything electronically.

Since he refused to pay the ransom, now it’s a matter of getting those items rescanned and ensuring things are backed up.

“We have so much more to do. We have so many files and records. I will work at it.”

Trenholm added that the timing of the virus is disappointing: the hall was close to launching a new website that would allow all photos and exhibits to be accessed online.

“We can still do it, but we lost quite of bit of the good stuff. It is crazy. It just breaks your heart,” he said.

How to protect yourself

  • Avoid opening email attachments from unknown sources, especially .zip files.
  • Ensure your anti-virus software is active and up to date. Regularly schedule scans to search and remove already existing malware.
  • Keep your operating system and software up to date.
  • Make regular backups of important files.
  • Be vigilant against clicking on links or attachments within emails.

–  Source: RCMP