Nova Scotia

Thieves holding Pictou County sports hall of fame photos for bitcoin ransom

Many of the thousands of photos stored on the organization's computer are now encrypted by a program called server ransomware.

'They wanted $500, if you pay that in the week they would restore your stuff'

Thousands of pictures on the computer at the Pictou County Sports Heritage Hall of Fame have been encrypted by scammers. (Canadian Press)

More than half of the photos painstakingly collected by the Pictou County Sports Heritage Hall of Fame are being held for ransom by online thieves.

The small volunteer organization has thousands of images stored on its computer documenting the teams and individual players who made sport come alive in the county.

Many of those photos are now encrypted by a program called server ransomware, which was unwittingly downloaded onto the organization's computer. In order to gain access, the hall of fame would have to buy special decryption software from the criminals behind the scheme.

"They wanted $500, if you pay that in the week they would restore your stuff," said Barry Trenholm, the curator of the hall of fame. "If you didn't pay in a week it would go up to $1,000."

Scammers want bitcoin

Ransomware usually ends up on a computer after a user clicks on an online link set up by scammers. That link uploads a malicious program to the computer.

It encrypts data the scammer will then hold hostage, said Kathy MacDonald, a cyber security expert and former Calgary police officer.

She said ransomware can also end up on person's computer if they accidently click on malicious programs disguised as advertising on the internet. 

Bitcoin, a virtual currency, is extremely difficult to trace. (Benoit Tessier/Reuters)

Scammers also wanted the hall of fame to pay them in bitcoin, a kind of digital currency and payment system. People can convert real money into bitcoin, which is virtually untraceable.

Trenholm called RCMP. He said they told him if he sent bitcoin money to anyone it would be hard to track down. 

So he took the ransom demand to the hall of fame's board of directors, which decided not to pay. Trenholm said he agreed with the decision. 

"There's no guarantee that they'll even fix it," he said, adding that even if the hall of fame did pay, the scammers could turn around and do the same thing again.   

Not all is lost

There is some good news, though. Trenholm said the hall of fame does have hard copies of many of the photos that are on the computer. It's just a matter of sorting through them to see what's there.

Trenholm isn't sure how the scammers managed to discover the Pictou County Sports Heritage Hall of Fame.

Once ransomware is on a computer it's hard to get rid of, said MacDonald. She said people can search the internet for a free decryption program but it's unlikely they will find exactly the right program to decrypt their files. 

"In most cases, if you haven't backed up your data and you can't find a method to get around that, your only option is to pay the ransom," she said.

People need to decide just how important their data is before they pay and remember there are no guarantees that they'll actually regain access to their data.

The best thing people can do is avoid getting ransomware in the first place, said MacDonald.  

She recommends people avoid suspicious links, keep their computer's software up to date, and back up important files to an external hard drive just in case.  

With files from Maritime Noon