Ransomware – Are you the next target?

Posted On September 17, 2021

With so many of us working from home the cybercriminals have seen a new opportunity and they have been more active than ever.

Many home computers do not have the same levels of firewalls, antivirus software and IT support that business networks have, and this chink in the armour is seen as the perfect opportunity for cybercriminals.

The Office of the Australian Information Commissioner (OAIC) reported an increase of 24% in ransomware incidents from the previous six month reporting period.  Average ransom payments have risen dramatically in Australia and New Zealand over the last year as malicious actors have become more sophisticated.  Whereas cybercriminals used to be looking for a vulnerability, now they are more targeted in their approach and goals.  One of the biggest costs of cyber attacks and incidents is not the price of the ransom itself, but the expenses associated with hiring forensic IT companies to investigate potential data breaches and exposures.

As many as one-third of Australian organisations hit by a ransomware attack simply paid cyber criminals for the decryption key to restore their network despite failing to examine why the attack was able to happen in the first place. The lesson is that if you fall victim to a ransomware attack, find out how it was possible for cyber criminals to embed themselves on the network undetected.

Ransomware is often just a visible symptom of a more serious network intrusion that may have persisted for days, and possibly longer.  In order to install ransomware, cyber criminals may have been able to gain backdoor access to the network potentially via a previous malware intrusion as well as having administrator privileges or other login credentials.

According to the OAIC, malicious attacks were the main source of data breaches, accounting for 65% of all occurrences. Human error was attributed to 30% and system faults for the remainder.

Some might believe that paying the ransom to cyber criminals is going to be the quickest and most cost-effective means of restoring the network but that is rarely the case. The ransom paid potentially costs a lot, but the post-event analysis and rebuilding of a damaged network is also very costly. Recovering from a ransomware incident is rarely a speedy process. The investigation, system rebuild and data recovery often involves weeks of work.

Cyber attacks on high profile companies:

Here is a list of high profile companies that fell victim to ransomware – are you the next target?

  • Nine Network
  • Uniting Care Queensland
  • Toll Group
  • JBS
  • Regis Healthcare
  • Service NSW
  • Nielson
  • Lion Australia
  • MyBudget
  • Bluescope Steel

On 21 June 2021, Labor politician Tim Watts introduced the Ransomware Payments Bill 2021 into Parliament.  If implemented, this will impose reporting obligations on certain entities looking to pay cyber criminal’s ransom demands following a ransomware attack, with penalties for non-compliance.

Scale of cybercrime in Australia:

Cybercrime is one of the largest threats to the Australian GPD. Cybercriminals do not just target big business. In fact, in many cases smaller businesses are targets that are more desirable. This is because small businesses hold all of the information that big business has – such as client data, but often do not have all the resources to invest in the best software and hardware to protect their data.

Although smaller businesses may not have the resources of the likes of the Nine Network or Toll Group, they still need to protect their client data and implement a strategy to reduce the impact if a cyber attack occurs.

How to avoid cyber attacks:

The best way to avoid any of this is to ensure your network is secure against cyber attacks in the first place by doing things like making sure operating systems and security patches are up to date and applying multi-factor authentication across the network. Organisations should regularly backup their networks and store those backups offline so in the event of a successful ransomware attack, the network can be restored with the least disruption possible.

Rather than trying to hide a breach, today most companies will come out and say something like:

We have experienced a ransomware attack. Here’s what we’re doing to contain it, remediate it, protect consumer information, and this is how we’re planning to strengthen our systems going forward to make sure this doesn’t happen again.

According to the Australian Criminal Intelligence Commission (ACIC), cybercrime costs the Australian economy up to $1 billion annually in direct costs. On a global scale, Cybersecurity Ventures, a cyber security research and publishing company estimates that cybercrime damages will cost the world $6 trillion annually during 2021.

Don’t be the next victim of Cybercrime, keep yourself and your staff aware and alert to the potential threats and follow the above recommended actions. Most of all, live by the rule, “If in Doubt, DELETE”.