When David Keam’s Manitoba mattress store was cyberattacked, he treated his ransomware hacker like a salesman.

“He’s trying to make a sale. How hard is he willing to work for that sale?” Keam told CTV Winnipeg.

The “opening bid,” as Keam called it, was a demand for 0.6 of a Bitcoin, which worked out to about US$6,500. To regain access to the Best Sleep Centre’s computer server, Keam negotiated with the hacker. He managed to work him down to US$2,000.

It’s just the latest example of Canadians getting hit by “ransomware,” which allows a hacker to lock a computer and hold its data hostage.

Last month, the Town of Wasaga Beach paid an undisclosed amount to regain access to one of its servers and planned to make additional transactions for access to two others. Also in May, there were attempts to extort BMO and CIBC-owned Simplii, hacks that compromised the information of up to 90,000 Canadians. Those banks have a policy not to pay random demands, but that’s not always the case for smaller institutions. In 2016, the University of Calgary paid $20,000 to unlock its computer systems.

“This is a highly profitable business,” said Caleb Barlow, vice president of IBM Security in Boston, Mass. Cybercrime costs the global economy an estimated US$445 billion each year, he added, quoting a figure from the World Economic Forum.

Getting the data back is difficult once files have been encrypted, said Tim Robinson with the Winnipeg-based computer consultant company Prophet Business Group. “The only way to decrypt them is either to restore them from a backup, or pay the ransom,” he said.

Experts suggest computer users avoid opening suspicious links and attachments.

“The idea is to try to trick the victim into running a malicious piece of code,” Jerome Segura, a senior malware intelligence researcher at San Jose-based Malwarebytes, told The Associated Press last year after a major cyberattack that hit hospitals, companies and government agencies. “The age-old advice is to never click on a link in an email.”

Though malware often infects computers through those “phishing” scams, Winnipeg mattress store owner Keam believes he became vulnerable to the ransomware attack by using an older version of Windows on his server that needed upgrading. He’s since updated the company’s software.

With a report from CTV Winnipeg’s Jon Hendricks and with files from The Associated Press