Latest News

It feels like ransomware attacks make headlines every few days at this point — is this the start of a dangerous trend in Australia? 

What used to be simply one threat present in the cybercrime landscape has now become the most clear and present danger to modern businesses, and the country as a whole. Telstra estimated that cyberattacks cost the national economy $3.5 billion in 2020. 

Ransomware is a key contributor to that total. Don’t assume we’re exaggerating this for effect — experts estimate that a ransomware attack will occur every 11 seconds in 2021.  In Australia alone, there has been a 60% increase in ransomware attacks in the past year. 

Do you understand the true nature of the threat of ransomware?

The Growing Threat Of Ransomware In Australia

Australian businesses have become especially easy targets for ransomware attacks, which has led to a series of devastating incidents in the past year:

• 
  JBS Foods pays $14 million in response to ransomware infection.
  
  
• Logistics company Toll Holdings is attacked twice in as many months.
  
  
• Nine Entertainment is taken offline by ransomware attack.
  
  
  

Attacks like these have prompted The Cyber Security Advisory Committee to consider ransomware one of the most serious growing threats to Australian businesses. They are advising owners and managers to think more carefully about both their defensive strategies, as well as their policies for dealing with ransom payments once infected. 

The Threat Of Ransomware Is Evolving

Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware. 

Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. Characteristics of modern ransomware attacks include:

• Expanded Timelines: Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
• Improved Capabilities: Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.

Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility.

4 Important Lessons To Learn From Recent Ransomware Attacks

The most important lessons we can learn from the recent attacks on JBS and Toll Holdings are the following:

1. Big Targets Require Comprehensive Protection: More emphasis should be made on protecting critical infrastructure such as organisations that process and provide fuel, power, and other vital resources for life and economic survival.
   
   
2. Secure Network Configuration: Business leaders need to re-evaluate which machines absolutely need to be on the network, and if so, whether they can be isolated from all other networks, especially in terms of exposure to the Internet.
   
   
3. Assess, Improve, And Repeat: Those in charge need to re-evaluate the security measures that are in place currently and immediately remediate any weaknesses found.
   
   
4. Accept The Reality Of Cybercrime: It is not a question of "if it happens", but "when it happens”. Is the business positioned to recover quickly and efficiently, and avoid extended periods of downtime or the access to or production of critical resources?

How Is Australia Responding To The Increased Rate Of Ransomware Attacks?

In order to address the rising tide of cybercrime activity in Australia, the Australian Federal Police (AFP) has put together a joint task force. Dubbed “Operation Orcus”, this coalition of Austrac, state and territory police agencies, the Australian Criminal Intelligence Commission (ACIC), the Australian Cyber Security Centre (ACSC), and other industry partners aim to mitigate the threat of ransomware and other cybercrime tactics

Operation Orcus will both gather intelligence on cybercrime methodologies and endeavour to actively disrupt cybercriminal activity in Australia. They will target known cybercriminal groups that use ransomware, and help to further mitigate the extensive damage it has caused in recent years. 

How Do You Protect Your Business?

It is recommended that organisations continue to be vigilant when it comes to safeguarding systems and educating employees. Not every organisation is the same. Similarly, the risks within each organisation are different. 

Two key areas of focus to reduce your organisations’ risk from ransomware attacks include:

• Conducting a cyber risk assessment along with a vulnerability scan of your systems provides you with the starting blocks to plan and resolve your risks to ransomware.
  
  
• Ensuring employees receive proper awareness training and that prevention controls are in place and comprehensive.

You Can’t Ignore Ransomware And Hope It Goes Away

In summary, there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risk of being infected with ransomware can be dramatically reduced.

Get in touch with the CyberUnlocked team to discover more about developing a modern ransomware defence.