Entertainment businesses, mechanic's workshops and advertising companies across Queensland have also been targeted. Detective Superintendent Brian Hay of the fraud and corporate crime group said hackers were scanning the internet for remote access points to vulnerable file servers attached to businesses. "We also believe they're using encryption software to defeat very poor passwords," he said. With access to a business's file system, the hackers then encrypt the data on the server and lock it down, making it completely inaccessible. They then demand thousands of dollars for the return of the information.

"Their encryption is of military standard - it cannot be defeated," Superintendent Hay said. In order to survive, some businesses have forked out more than $3000 to retrieve their records. "One of the encryption keys that a business had to purchase [from the hackers] to retrieve their data was 78 characters long," Superintendent Hay said. However, had they backed up their data they might not have had to pay for it. Malicious software that demands payment for the return of access to personal or financial data, known as ransomware, has been around in various forms for over a decade and has been a popular tool among Russian cyber criminals.

Now hackers worldwide can purchase ransomware kits on the online black market for as little as $800. Queensland businesses were targeted by ransomware for the first time in September, Superintendent Hay said. However, he said businesses were reluctant to report cyber attacks. "I always suspect that if I receive one report, there's another 10 businesses out there that haven't reported it," he said. "When this first came to our attention we had about 14 ransomware attacks reported to us, so you might say that there has been 140 out there and that wouldn't surprise me at all."

Superintendent Hay urged business owners to encrypt their data to ensure that it is useless in the hands of hackers. “Our message is that of a proactive one," he said. "Take the steps now to prevent this from happening as we cannot guarantee a fix to this problem. But perhaps the most important thing is to not respond to these emails if you receive one - contact us immediately.” Police are urging small businesses to consider the following steps to help prevent virus attacks: • Patch all servers with all available updates and/or update to the latest version of the software package currently used by the company (for example Microsoft Small Business Server etc).

• Have strong passwords on remote access procedures. • Deploy a strong IT network security solution. Choose one that uses real-time anti-virus software, email scanning, real-time website protection, software and hardware firewalls, network intrusion detection and network monitoring technology. • Ensure you are performing regular back-ups of non-infected systems (don't have the back-up constantly connected to the regular server). Loading • Ensure all machines on the network are regularly updated and include their own internet security solution. Ensure secure internet browsers are deployed across the network (avoiding non-updated versions of internet browsers wherever possible).

• Ensure users on your network are aware of malicious software and website links and the importance of being careful when using the internet and the dangers of clicking on web links contained within emails.