StagingAug2022

Held to ransom

When you hear about something involving ransom, you immediately think of phone taps, the FBI and shady characters collecting bags of cash. In 2020, the characters are still shady but now they’re operating online, and cyber security organisations seem powerless to stop them.
What is ransomware?

Ransomware is a type of malware that encrypts folders and files, rendering them inaccessible. Criminals then demand a ransom in return for the decryption keys and even an additional fee to prevent public release of the stolen data.

In fact, this is one of the most frequent and damaging forms of malware in Australia and globally. It disrupts operations, can be costly to repair or mitigate and can cause reputational damage to organisations.

These cybercriminals are often part of complex enterprises employing large numbers of people. They may have websites that advertise their successful compromises. These websites can also publish data stolen from victims.

Some even have customer service teams to assist victims with paying in untraceable cryptocurrency such as Bitcoin!

The criminals adopt guerrilla tactics including increasing the ransom price after a specific time period; offering to decrypt a portion of the encrypted network for a reduced price; targeting vulnerable sectors such as healthcare and threatening to release stolen information when a ransom is refused.

Anyone that stores information digitally is vulnerable to ransomware attacks, this includes individuals as well as organisations. Review your security policies and strengthen security posture periodically to keep you away from malicious attacks.

Who can be held to ransom?

Anyone that stores information digitally is vulnerable and includes individuals as well as organisations. The key is the value of the information to the victim.

Cybercriminals usually target large organisations. Their belief is that they’re more likely to pay the large ransoms demanded.

The healthcare sector has been a target of attacks during the 2019/2020 financial year. State and Territory Governments and the education and research sectors also received demands.

How can I protect my organisation?

Unfortunately, there’s no single method to protect against threats. The Australian Cyber Security Centre (ACSC) has published the Strategies to Mitigate Cyber Security Incidents which outlines the Essential Eight mitigation strategies.

These include:

  • restricting administrative privileges
  • patching operating systems
  • using multi-factor authentication (layman’s terms – 2 forms of login password and a key)
  • configuring Microsoft Office macro settings
  • snapshot backups that can roll back to just before a hack or attack
What should I do if I receive a ransom demand?

Don’t pay it! Australian Government cybersecurity experts advise not to pay the ransom. There’s no guarantee that the criminals will decrypt the files. And in fact, wiper malware (where files are permanently modified or deleted) can be used in conjunction with ransomware. So your files will disappear in any case.

Sometimes the link provided to the victim directing them to payment information can install further malware onto their system or network. By indicating their willingness to pay once and give into criminal demands, organisations open themselves to further attacks.

Report it.Cybercrime incidents should be reported to ReportCyber which is an Australian Government online portal. This is for individuals and businesses to report a variety of computer crimes, including ransomware.

Seek help. If you’ve been a victim of a ransomware attack, engage a cyber security provider to support your remediation efforts. Your provider should also review your network for security vulnerabilities to prevent future attacks from occurring.

At AUP IT, we can help you with innovative cybersecurity solutions to support your security efforts.

If you would like to have a confidential discussion about your cybersecurity and data security needs, contact us now.