Search

When will your business be attacked by Ransomware?



Once upon a time to secure your business, client information and financial records against criminal break-ins, required door and windows locks, a fire-proof safe for sensitive documents, and a CCTV camera to deter criminals. In this ever evolving, digital world, every aspect of essential security protection for your business activities and records has changed exponentially.


Early in our digital evolution, most hackings were done by a bunch of amateurs, mischievous IT nerds and teenagers more interested in pulling pranks or getting the recognition of their peers on a social media site.


But the landscape of hacking and Cybercrime being committed today has gone professional and become extremely lucrative on a global level. Most of it is highly organised in nature, by criminal organisations targeting many thousands of businesses for financial gain or frankly, extortion under duress.


The tool of choice for Cyber criminals is the keyboard, which is used as a weapon for eliciting ransoms and wreaking havoc on countless Australian organisations. This year, the number of cyber security attacks on Australian businesses has been increasing, with one occurring every 10 minutes, and experts are warning that the number of victims will continue to rise rapidly.


In 2020, some of the recent Cyber security attacks involved Toll Group, Services New South Wales and MyBudget. A recent Cyberattack has forced BlueScope to change how it operates, with the company pausing some of its processes and reverting to manual operations.


These are just a few examples of the organisations who have confirmed they have been subjected to a Cyber incident. While there appears to be no obvious links between those attacks, Ransomware appears to be the common theme.


The devastating impact of Ransomware on Australian Businesses

We all hear and read in the media about Cyber security incidents, and one of the most common and malicious forms of hacking is Ransomware. This allows criminals to steal, encrypt and lock up data so that the victims cannot use their own computer or access any of their network files. That is until they agree to, and pay a ransom, hence the insidious name Ransomware.


Security experts acknowledge that criminals are becoming far more sophisticated with hacking into systems and have long called for business owners to turn their focus to online safeguards. As the pace of cyber security threats accelerates for modern Australian businesses, this requires an urgent, ongoing audit and upgrade of all aspects of their Cyber security.


Ransomware attacks have real world implications

Tom Uren, a Cyber expert at the Australian Strategic Policy Institute, said attacks using Ransomware are happening much more frequently, and businesses needed to beef up their security. In fact, new data shows Cyber security incidents are costing Australian businesses billions of dollars each year.


Mr Uren said the reason Australians are hearing about more Cyber crime is because they are impacting day to day operations. "In times past, data used to get stolen and companies would not report that because they didn't feel like it was material to their share price. I think what's happening now is that when there is a disruption to manufacturing, they have no choice but to report it if they are publicly listed," he said.


Cyber security experts agree that because of the rapid growth of Cyber crime across modern businesses today, it’s every user’s responsibility to be aware of the dangers, and to take steps to protect their company’s assets and client’s confidentiality.


HOW DOES RANSOMWARE SPREAD?

Usually Ransomware will arrive in an email which may seem to be genuine and will entice an unsuspecting recipient to click on a link or download an attachment. By clicking on the link or downloading the attachment, the Ransomware software is delivered and infects the user’s computer. Ransomware can also be delivered via drive-by-download attacks on compromised or malicious websites or been sent using messages to social media platforms. There is also generic Ransomware, which is not individually targeted, but distributed widely from attackers’ acquired lists of emails, or from compromised websites. Because they are not specifically targeting individuals, they are not as effective in getting recipients to open, however, there are always curious people in businesses who will unsuspectingly open to read more!


RANSOMWARE INFECTION IS A DATA BREACH

Ransomware attacks in 2020 have accelerated substantially, driven by cyber criminal’s success in getting more than half of today’s business victims to pay their ransom demands. They have become more cunning; by taking time to maximize an organization’s potential damage and increasing their payoff. After achieving access, they examine your computer and networks reading emails, financial and operational data troves and then create a strategy to cause the most panic, financial pain, and disruption to your operation.


With these sophisticated tactics, it’s no longer a matter of if, in all likelihood your business could be the victim of an attack at any time, because Ransomware is a rapidly expanding, multibillion-dollar criminal business which operates with minimal overheads. It will continue to expand rapidly, by creating havoc with tens of thousands of cybersecurity incidents occurring in Australia.


HOW DO ORGANISATIONS PAY A RANSOM?

Once your computer and network files have been encrypted (stolen), the hackers will display a screen or webpage with details how to pay to unlock the data or prevent the unauthorized release of your data. Usually, Ransomware offers a one-week deadline to pay the ransom amount, however, if this time passes, the ransom amount will be increased. Depending on the size of the organisation, ransoms can start from around $500, however, can be well in excess of hundreds of thousands of dollars.


Paying the ransom involves paying with untraceable e-currency (cryptocurrency) such as Bitcoin. When the hackers verify payment, they will provide “decryptor” software and/or decryption keys, and the computer starts the arduous process of decrypting all of the data.

Negotiating with Cyber criminals via an untraceable money transfer, does mean there is a risk that paying a ransom isn’t a guarantee that you’ll get your files back. Even if the ransom is paid, be mindful that attackers will also attempt to extract valuable data from your computer and network.


When dealing with criminals you should expect that any valuable data will have been compromised, and this could include usernames and passwords for internal or web resources, payment information, email addresses of contacts, etc. Many organisations around Australia today have had their client files encrypted or copied as a result of a Ransomware attack!


Negotiating with Cyber criminals via an untraceable money transfer, does mean there is a risk that paying a ransom isn’t a guarantee that you’ll get your files back. Even if the ransom is paid, be mindful that attackers will also attempt to extract valuable data from your computer and network.


When dealing with criminals you should expect that any valuable data will have been compromised, and this could include usernames and passwords for internal or web resources, payment information, email addresses of contacts, etc. Many organisations around Australia today have had their client files encrypted or copied as a result of a Ransomware attack!


DOUBLE DIPPING RANSOMWARE EXTORTION

Without a Cyber security plan in place, your business may unknowingly have already been infected with ransomware. Ransomware criminals could be already be targeting your business, exfiltrating and interrogating your most valuable data (financials and client files). Armed with highly sensitive, restricted access information, they will then threaten to expose it on publicly available websites as an additional extortion method. Greed among some of these criminals could see you have to pay twice, the first time for the decryption key, and then to delete the data they have stolen and stored.


Other Cost Implications of a Ransomware Attack

In addition to the Ransomware payouts for a company, there are other important costs to consider, including:


• security implications with your business and client’s data

• recovery and decryption of data and downtime costs

• temporary, and possibly permanent, loss of your company's data

• financial loss as a result of revenue generating operations being shut down.

• possibly a complete shutdown of your company's operation

• pausing some online processes and reverting to manual operations.

• reporting and regulatory investigations

• exposure threats with potential damage to your reputation and loss of client’s trust (which may far exceed the cost of the ransom).


Right now, there are countless thousands of Australian Ransomware victims (many more prefer not to confirm publicly), including schools, government agencies, private and public health facilities, businesses and not for profit organisations. However, Cyber criminals are expanding their Ransomware activities across other sectors, including small and medium size businesses, tourism, retailers and sports organisations. So, today every reasonably successful business operation in any sector could also become a target for extortion.


Cyber criminals constantly use social engineering and update their ransomware themes. Some themes currently in Australia include the ATO, energy companies, Telstra, and without conscience, now COVID-19 pandemic-themed ransomware. Mostly though, they will send emails through with attachments that are supposedly invoices or other business documents. Invariably, without thorough ongoing Cyber security training, staff members will most likely open.


In 2020, the most “popular Ransomware programs” being used by Cyber criminals to infiltrate organisations These Strains/Types include Ryuk, Dharma, Bitpaymer, SamSam, Sodinokibi, Phobos, GlobeImposter, Mrdec, and GandCrab.


It is anticipated that more sophisticated programs will continue to evolve as Ransomware attacks become more prevalent and profitable!


If you’ve been Hacked and Infected, Now What?

Once you have determined you have been infected with ransomware, it is imperative to immediately take action. CyberWorqs has prepared a Ransomware Attack Response Checklist to help you through the attack.



Cyberworqs Ransomware Checklist
.pdf
Download PDF • 496KB


Now that you know the scope of the damage as well as the strain of ransomware you are dealing with, you can make a more informed decision as to what your next action will be.

Protecting Yourself in the Future


Regardless of whether you’ve been hit with ransomware or not, protecting your network from these types of attacks is now an integral part of any network security framework for both individuals and companies.


Talk to CyberWorqs about how you can manage your cyber security risks to prevent against ransomware and other types of cyber-attacks and data breaches.







7 views
Subscribe to Keep Up to Date with Cyber Security Risk Management

© 2020 CYBERWORQS PTY LTD

Level 21, 60 Margaret St SYDNEY NSW 2000 | PHONE: 1300 984 340