“Drive $500,000 or you’re done”: a major tour operator was extorted by hackers

A major Croatian tour operator was hacked from using malicious software that encrypts data on the victim's servers. In exchange for the restoration of information, the criminals extort a $500,000 ransom, Total Croatia News reported.

Adriagate, Croatia's largest tour operator serving foreign tourists, based in the city of Split, almost lost the results of 22 years of hard work in just a few hours. The company's servers were subjected to a cyberattack, as a result of which almost 90% of the data was encrypted, about 50 applications and the website fell, and the accounting records simply disappeared.

Adriagate co-founder Tony Blazkowicz said: “We have a monitoring system for our applications that notifies us when something is not working properly. When I woke up, I saw a message on my phone that our site was down and unavailable. Well, nothing strange, so I went to make coffee, and when I connected to the server with coffee, I was greeted with a message from AvosLocker called “Get your files back.” I quickly turned everything off, and for five hours everything remained off, but for three days we didn't know how badly we were affected, because we didn't know if everything would work if the process wasn't completed. We reported this to the police, contacted data recovery companies from Croatia and Germany, tried everything, but in this version of the virus there is no solution other than paying a ransom, but without any guarantees.

AvosLocker is a relatively new ransomware that has been active since 2021 and works by encrypting data with a ransom offer. The Croatian tour operator initially received a request for a $500,000 fee, which was reduced to $250,000 after further communication with the hackers. Ultimately, Adriagate did not pay, as is recommended in cases like this.

“We started talking to the hackers, but we didn’t pay, but we were able to get the data back using our own resources. A police report has been filed, but only 0.05% of the time the perpetrators are found, and even then they are very well protected. In Germany, a similar attack recently took place, after which the criminals were identified and identified by Interpol, but in the end it was not possible to arrest them. Now that we have started to install everything again, we have completely rebuilt the entire infrastructure, built a completely new system from scratch on new servers with completely different protection,” added Blazkowicz.

There is always a risk of paying a large amount without any or guarantees that the data will be returned. Therefore, with such attacks, it is recommended not to be led by blackmailers. It should be noted that for payment, the criminals require the use of cryptocurrencies, which must be purchased in advance, and hackers are completely protected.

It turned out that the Croatian police do not have the resources and experience in combating this type of crime, which is becoming more common in the context of ongoing digitalization. Tour operator Adriagate pointed out that Croatian insurers do not offer policies to protect in such cases, unlike some other countries where this is a relatively common practice.

Those who care about a healthy lifestyle, we recommend reading: “A nutritionist explained to those who want to lose weight why they need to measure their waist, and not constantly weigh themselves.”

Leave a Reply

Your email address will not be published. Required fields are marked *