• Website held to ransom

    Posted February 12, 2013 at 6:12 am by Alexandra    

    TURN ON 2






    A hacker attack on a web site can be ruinous for a small business, as David Robinson, who has the Australasian licence to distribute Turn On Love Drink, found out recently.

    On the Tuesday after the Australia Day long weekend Robinson went to log into his web site only to find a message telling him hackers had hijacked the site and he needed need to wire $5,000 to a Western Union account for the site to be re-instated.

    There’s been plenty of publicity about the product, which is yet to hit shelves here, and Robinson has been doing the rounds of hotels, convenience stores and pharmacies to sign distribution deals. He’s relied on the site as a place where potential suppliers and distributors can go to get information.

    The site’s in-built Facebook functionality has also allowed him to develop an online community of people interested in being able to get hold of the product as soon as it’s available.

    “It was panic stations when I saw the message. We’d sent more than 1,000 presentations to distributors who were all going to the site to know more. [After the attack] there was nothing there for them. It was a disaster for us,” says Robinson.

    The site was being managed in the US and was built on the Ning platform. As soon as the attack happened Robinson got in touch with the US tech support team.

    “They took it very seriously and thought everything would be ok because it was backed up,” explains Robinson.

    Tech support took about six hours to get back to Robinson with the news that the problem was much worse than they first thought. It took them a week to get the site back up and running.

    “We obviously didn’t pay the ransom. But [when the site was down] we were incommunicado with customers, potential customers and followers,” Robinson says.

    “Luckily we could use social media to keep in touch with people. But it’s hard to track what this has cost us in potential sales,” he says, adding that a ballpark figure of lost sales would be “in the high tens of thousands.”

    Robinson is now working through a plan to get back in touch with suppliers and customers. “But it’s looking like we’re going to have to start from scratch. We’re going to have to go back to basics to start driving traffic to the site again. We’re back to square one,” he says.

    Internet strategist Nigel Burke from web developers AVS Networks says having a great relationship with your web developer is the first step in being able to recover from an online attack.

    “Make sure you have their contact details on hand and that they are familiar with your site. The webmaster should preferably be the person who made the original site. But if not, make sure the webmaster is familiar with the platform the site is built on and has the username and password to reduce the recovery time,” says Burke.

    He says it’s also essential to have a plan in place in case of attack and to make sure staff know what that plan is in case the business owner isn’t around when the site goes down.

    There are also lots of tools available to reduce the impact of an attack. For instance, says Burke, Google’s Webmaster Tools sends a message to the site administrator whenever a virus is found on a site. SiteLock is another tool that will notify the site manager if an external party makes changes to a site.

    “Businesses also have to keep backing up their site, especially if it’s an e-commerce site, which should be backed up on the same day. If you lose a week’s worth of business as a result of an attack you might lose 700 orders, which would be critical to the business.”

    Having a pre-written email that can be sent to customers in the event of attack to let them know what’s happening, as well as putting up an interim web site, are other ways to let the world know the business hasn’t disappeared.

    Burke’s other advice is not to take an attack personally. “Ninety-nine percent of attacks are untargeted. Web crawlers look for vulnerable sites and when they find a site they break into it automatically. Hackers aren’t trying to bring you down – they don’t care who they get.”

    Facebook comments: