'I treated it like a sale': Winnipeg business owner negotiates after ransomware attack

For more than a quarter century, Winnipeg's Best Sleep Centre has been telling people, "You'll find us."

Well, someone found them, online. But they weren't looking for a new mattress.

"We got ransomwared," said David Keam, Owner, Best Sleep Centre.

Someone, somewhere in the world, managed to get access to Best Sleep Centre's computer server. They then changed the password, locking Keam out.

"We couldn't see that Mrs. Jones’ mattress was supposed to be delivered today, and that we owned Mrs. Jones’ mattress," said Keam. "And we couldn't write a new invoice for Mrs. Smith."

In other words, he could not conduct his day-to-day business. But then the hacker offered him a way out. They sent an email demanding payment to unlock his computer data. "Send us point six of a bitcoin was the opening bid," said Keam. "And point six of a bitcoin? That's six thousand dollars American that day."

Keam is far from the only one dealing with this problem. Hospitals, drug companies and home computer users around the world have found their data suddenly encrypted.

"This is a highly profitable business," said Caleb Barlow with IBM Security. "You know, we have to remember that organized cybercrime totals up to almost 445 billion dollars on an annual basis."

And that's because getting the locked-out data back isn't easy. "Once its encrypted, the files, the only way to decrypt them is either to restore them from a backup, or pay the ransom," said Tim Robinson from Winnipeg Information Technology consulting firm, Prophet Business Group.

That's what David Keam chose to do. He paid the hacker. But not the full amount he was demanding. "I treated it like a sale," said Keam. "He's trying to make a sale, how hard is he willing to work for that sale? And I talked him down from six thousand dollars to two thousand dollars."

The hacker sent him the passcode, and David Keam has since upgraded his servers. He says none of his employees opened an email. Instead, he was running an older copy of Windows on his server that hadn't been updated recently. It allowed the hacker to keep trying millions and millions of different combinations until it guessed his password.

If there is any good news to come out of this situation, it’s that no customer credit card or financial information was compromised. Best Sleep Centre doesn't store any data like that. Keam says all of the purchases go directly through banks encrypted servers, not his own.

He said the only thing the hacker could have learned is what type of mattress a customer likes, and when the warranty expires on it.