Several Cayman businesses have been hit in the last few months by a “ransomware” virus scam.

The scam involves computer hackers loading malicious software on to a company’s IT system, encrypting important files and extorting a ransom, to be paid in untraceable Bitcoin digital currency.

Industry experts say cybercrime of this type is an increasing concern in boardrooms across the Cayman Islands.

Meanwhile, police believe such attacks are being significantly under-reported here amid business fears of reputational damage.

Detective Sergeant John Williams, of the Royal Cayman Islands Police Service Financial Crime Unit, said there had been three reports since January of ransomware-type scams in the Cayman Islands.

But police are aware of several other incidents which went unreported.
“A lot of companies are concerned about their reputation and they don’t want clients walking out thinking they can’t keep their data secure,” said Detective Williams.

He said police treat cybercrime reports confidentially but need to be informed of all such incidents to help them get a clearer picture of what is happening and liaise with international investigators.

“We encourage business to report to us, to see if there is any assistance we can give,” added Anhill Carsana, a computer forensic examiner, with the police service. “We have had a few incidents, but nobody is really reporting. We are aware that it is happening much more regularly.”

Micho Schumann, an IT expert with KPMG in the Cayman Islands, said the threat posed to the territory’s businesses by digital extortion or similar scams was growing.

“This is one of the top boardroom discussions right now. Companies are asking us about it because their investors, their clients are asking about it. In the last 12 months, the requests we are getting have skyrocketed,” said Mr. Schumann, who helps train companies to manage their staff and systems to avoid becoming victims.

Recent ransomware scams in the Cayman Islands have involved staff opening a seemingly routine email with an infected Word or pdf attachment. The user is then asked to follow a second step, for example to “enable macros.” At that point, the malicious software begins downloading onto the computer and encrypting files.

“It may be localized to one PC, or, if the software is more sophisticated, it is able to propagate throughout the network. The more files they are able to encrypt, the more they are able to extort,” said Mr. Schumann.

“If they are able to get to the file servers, that’s where the real gold is for these criminals,” he added.

Typically, the malware does not give the hackers access to a company’s information but enables them to block access to key files. Once it is downloaded, it sends a message to desktops with instructions about how users can pay to have files unlocked.

Police and IT experts in Cayman advise businesses not to pay the ransom fees.

“The added risk with ransomware is that if a victim pays the ransom, the bad actors will usually attack again because the victim is known to pay up,” said Sonji Myles, of the Cayman Islands Cybersecurity Incident Response Team, which works with the private and public sector to offer advice and resources to combat cyber threats.

In some high-profile cases in the U.S., paying up has proved unavoidable. The Hollywood Presbyterian Medical Center in Los Angeles paid 40 bitcoins – equivalent to US$17,000 – to hackers who hit its computer system in February.

Typically, the fees extorted are relatively low in an effort to convince companies to pay, rather than go through the costly and time-consuming process of trying to recover the files independently.

Mr. Schumann said the most common advice to clients was not to pay. But, he said, if businesses did not maintain good backup systems, they may feel they had no choice.

“If you are a financial services company dealing with highly time-sensitive information, if you can’t process your clients in a timely manner, you can be in trouble very quickly,” he added.

As a consultant, he specializes in prevention, rather than cure. KPMG’s IT advisory unit advises clients on how to spot scam emails, as well as how to maintain backup files to minimize the disruption caused by an attack.

He said businesses needed to be backing up their vital files daily and to keep the backup files offline.

Police computer forensic examiner, Mr. Carsana, said the malware and methods used by hackers are becoming more sophisticated every day. In some scams, hackers have been able to gain access to a company or institution’s information – meaning they are able to steal files rather than simply block access, a potentially concerning development for the financial services industry in the wake of the Panama Papers leak, which law firm Mossack Fonseca claims stemmed from a hack of its computer system.