A major car auction company has been hit by a malware attack that has locked its computer networks, with the hackers demanding a $30 million ransom.

The Australian branch of Manheim Auctions, which runs car auctions online and in person, was the subject of a cyber attack last month that locked staff out of its computer system, forcing it to stop trading for several weeks.

Earlier, the firm revealed it had been the subject of a cyber attack but the full extent was not revealed until a statement from Western Australia Consumer Protection this week, which confirmed the cyber criminals were demanding a $30 million payment for access to Manheim Auctions’ computer network to be restored.

The company has insisted that no personal data of its users has been compromised as part of the attack, and that it will not be paying the ransom.

WA Commissioner for Consumer Protection, Penny Lipscombe, said the incident involved a ransomware attack.

“Often the ransomware is downloaded by an employee who opens an attachment in a scam email or clicks on a link, giving the cyber criminal access to the computer system,” Lipscombe said.

“The system is locked by the criminals and files encrypted, followed by a ransom demand to have the system unlocked.”

IT experts from Manheim Auctions’ parent company in America, Cox Automotive, are now working to restore the firm to normal operations and develop a new website.

Lipscombe backed the company’s decision to not pay the ransom.

“Of course, we recommend that companies do not pay the ransom as the criminals are likely to come back asking for more money,” she said.

“Paying will also give the criminals added incentive to continue their illegal and highly disruptive practices. Instead, seek expert IT assistance to have the computer system restored.”

The hack is believed to have taken place on 14 February. Two days later, the company posted on its Facebook page that its website was down due to ‘technical issues’.

On 18 February, the company revealed that it was a “cyber incident related to a third party”.

“As a result, we still have restricted access to some of our computer systems and the information contained within,” Manheim Auctions said in the Facebook post.

“Since first becoming aware of this IT security incident, we have been working closely with external professional IT security advisors to help facilitate a restoration of services as soon as possible.”

Manheim’s website was offline and it was forced to cancel a number of planned auctions. It soon began to run auctions in person only.

The cyber incident appears very similar to one that impacted transport giant Toll earlier this year. The company was hit with one of the largest ransomware takedowns ever seen in Australia at the end of January, leaving its IT systems down and having to resort to manual processing for several weeks.

The company’s network was infected with a strain of the Mailto ransomware, which locks the files into the unusable “mailto” format.

Toll also refused to pay the hacker’s ransom and claimed there was “no indication that any personal data has been lost”.

Global money exchange firm Travelex was also hit with a ransomware attack late last year which left the company conducting its services manually. The hackers reportedly demanded a ransom of more than $8.5 million to decrypt 5GB of customer data that had apparently been obtained.

Lipscombe said there are a number of steps companies can take to protect from ransomware attacks, including educating staff to not open email attachments from unknown senders, keep antivirus software up-to-date and maintain a backup of all data in a safe place.

“All businesses should have their cyber security reviewed and updated so that they have the latest antivirus software and firewalls installed to be protected from malware,” she said. “Staff also need to be trained not to automatically open attachments or click on links in emails, especially if the sender is unknown.

“Money spent on cyber security is money well spent, especially when compared to the cost of having computer systems locked and, in extreme cases, businesses not being able to operate for a considerable amount of time.”