Hong Kong Consumer Watchdog Suffers Major Ransomware AttackRansomware Actor Stole 65 GB of Data, Demanded $500,000 Ransom
Hong Kong's consumer watchdog organization said it had suffered a serious ransomware attack on Wednesday morning that damaged 80% of its computer systems and compromised 65 gigabytes of data about staff, subscribers and work partners.
The Hong Kong Consumer Council said in a press release on Friday said the ransomware attack had occurred over a seven-hour period on Wednesday.
Compromised information included employees and clients' data, internal records and possibly the data of current and former staff, their family members, and 8,000 monthly magazine subscribers who provided their credit card information to the council. The council also suspects the ransomware attack compromised the stored data of its work partners - such as company addresses, email addresses and contact numbers, but the extent of the breach is not yet known.
Consumer Council Chairman Clement Chan Kam-wing said in a press conference Friday that the ransomware group had demanded $500,000 to be paid before 11:20 p.m. on Saturday. If the ransom is not paid by the deadline, the cybercriminals said, it will rise to $700,000. He said the council will not pay the ransom.
The council notified Hong Kong police and the Office of the Privacy Commissioner for Personal Data on Thursday about the cybersecurity incident. A dedicated FAQ page about the incident has been set up on the council's website.
The privacy commissioner's office said in a press release that it has "commenced a compliance check" into the attack and has advised the watchdog group to notify the affected individuals as soon as possible.
Hong Kong established the council by statute in 1974 to study and promote the protection of consumer rights. CHOICE magazine, launched in 1976, was the world’s first Chinese magazine on consumer welfare and is the council's signature publication for promoting consumer education.
The PCPD advised Hong Kong residents to be vigilant about phishing scams, suspicious calls and text messages; beware of suspicious logins to personal emails or accounts; review bank statements for suspicious transactions; and consider changing passwords for online accounts.