Firms paying ransom demands to cyber criminals who infiltrate IT security systems and block access to information
West Midlands businesses are being blackmailed by gangs of organised cyber criminals who are charging monthly fees for them to access their own databases.
Police have revealed shadowy hacker gangs have forced firms to hand over regular payments after breaching IT security systems before demanding payment for encryption codes.
Because of the potentially disastrous consequences for businesses when customers realise what has happened, officers believe the problem may be widespread with bosses refusing to raise the alarm.
The authorities are now so concerned that they are devoting more resources to tackle it.
The names of the West Midland-based businesses involved have not been made public, but the issue was raised at a meeting of the West Midlands Strategic Policing and Crime Board
Committee member Brendan Connor said victims had been identified during two separate businesses community consultations that were organised by the West Midlands police and crime commissioner, Bob Jones.
Mr Connor said: “Local business are effectively falling victim to blackmail. This was raised at meetings held in the West Midlands to try to engage more with the business community.
“They told us that their own cyber security had been breached and they had received an email soon after demanding money.
“The origin of the email appeared to be foreign and they were told that if the fee was paid an encryption code would be provided, but further charges would be made on an ongoing monthly basis.
“We had the exact same story relayed to us by an IT consultant representing local firms at another meeting and it is starting to look like this is not an isolated problem.
“The force wants to understand the scale and methodology of what is happening so that we can combat this and hopefully bring those responsible to justice.
“If we are told about it we can try to deal with the problem and can work with the business community to develop counter measures. I think it’s fair to say that these people are not going to go away.”
Mr Connor said officers spoke to victims at the meetings.
Professor Ali Abdallah, who lectures on online security and computer science at Birmingham City University, said: “It’s not going to go away. It is going to increase in volume, intensity and sophistication.
“In the past businesses thought that information could be locked away in a safe or in an office, but that is not the case anymore. These businesses are connected to the internet and in turn to people they are not aware of. Through software they may have downloaded, attachments opened from emails or weaknesses in their own defences they can be vulnerable to attacks from hackers.
“Business do not really understand or perhaps pay enough attention to cyber security until something big happens. In many of the cases the security is not really up to scratch on some systems. In the last 10 years these hackers have become extremely sophisticated.
"They are also very difficult to track down and could be based anywhere in the world from Russia, to Africa or South America.
“Some of the businesses may think that if details are in the public domain it could be damaging to them, but this does need to be reported.”
A report submitted at the meeting said West Midlands Police had a Cyber Crime Control Plan for 2014. It added: “We have a Force Cyber Crime Board and are supporting the Regional Organised Crime Unit.”
The force said the new National Crime Agency was leading the response against cyber crime with the launch of the new National Cyber Crime Unit. The Agency has pledged to train 400 new intelligence officers over the next year.
The head of a team of specialist Birmingham-based prosecutors has described cyber crime as one of the ‘biggest threats’ to face the UK today.
John Davies, who heads the Crown Prosecution Service’s Organised Crime Division (OCD) in Birmingham, said cyber criminals were making millions.
“Cyber crime is a big priority for the UK law enforcement,” said Mr Davies. “There can be threats to state systems such as defence systems and that type of attack. Then there can be the ‘conventional’ types of crime committed using cyber.
"There are very big sums to be had for example by breaking into people’s bank accounts, over the internet, or doing similar from which criminals could actually steal vast sums of money.”