High River charity outwits hackers who held website for ransom

A High River charity thwarted an attempted hacking attack by doing the last thing assailants would expect — abandoning their website and starting fresh.

Rowan House Society, which offers emergency shelter and domestic violence services, turned the misfortune into opportunity and after six weeks is launching its updated, re-imagined website.

“Sometimes you just do what you have to do,” said Sherrie Botten, executive director of Rowan House. “A website is only as good as how current it is.”

There were two possible reasons Botten thinks they may have been hacked, either because of dated software and low-security or for information on a client who fled abuse.

However, protection of the women has always been paramount to the shelter, said Botten.

“There is nothing that is linked through our files, our server or website that would ever link to a woman’s information,” she said. “Safety and privacy are our top priorities.”

They first became attuned to the hack when they saw odd messages appear on their site. Then a link popped up asking for ransom, threatening their online page.

Botten said they had learned from other public hacking situations and called IT immediately to shut down the site.

They back up their files recently and had, fortunately, backed up the night before. They recommend all agencies do the same.

Thomas Kennan, computer security expert and University of Calgary professor, said they reacted correctly.

“If you’re Air Canada, you don’t want to shut your website down. I saw an estimate that they would lose $200,000 an hour, but if you’re something like Rowan House, people can live without your website for a day or two,” he said.

He believes it was a crime of opportunity due to vulnerabilities in the website and could likely have been a distributed denial-of-service attack.

“This is a scenario where somebody, perhaps, goes out and buys a bunch of compromised computers and directs a whole bunch of traffic to a certain site and they can’t keep up,” said Kennan. “It sounds like the threat was ‘we’re going to (attack) you if you don’t give us the money.'”

He recommends people who have been subject to attack immediately get an expert to bring everything up to date and enhance security measures.

Rowan House was able to update its site due to the pro-bono work offered by IT company Avanade and consulting company Accenture.

Although the hack put a dent in the charity’s online presence, it is stronger than ever and Botten is “very excited about the changes.”


. . . . . . . .

Leave a Reply