Cyber Talk: Ransomware

Why is Ransomware a Threat?

Ransom is an old crime that has taken on a new form in ransomware. The Australian Cyber Security Centre defines ransomware as “a type of malicious software (malware)” that gets onto your device and makes it unusable (ACSC). How it works is not too far off the television and movie depiction of the concept of ransom. On an otherwise uneventful morning, you wake up to see that you have lost access to all your data. To accommodate this, a message is left behind demanding that money is to be paid for its release. The perpetrators are organised. You may even be given a reference number, details of the accepted payment method and the ability to contact their support team! Welcome to modern ransom i.e. ransomware.

More technically, ransomware is a type of malware that utilises cryptography to disable access to data. The victim can be you as an individual, a business, a multinational corporation or even the government. The offender then can demand a ransom to be paid to restore access to the data. Often the threat of losing access to the data is coupled with a threat of publicly releasing the data. Sophisticated ransomware attacks will target both the data and any online backups of the data. Regardless of the situation and regardless of the amount of money that is paid, the hacker is ultimately in control which means that the return of the data or the assurance of privacy of the data is not guaranteed. According to the Australian Cyber Security Centre (ACSC), ransomware attacks have increased by 15 percent over the 2020 to 2021 period. It is also estimated that at least one business will experience a ransomware attack every 14 seconds. The most threatening aspect to a ransomware attack is the ransom involved, with average payments increasing by 82 percent in 2021, and payments being uncapped but averaging as high as $570,000 according to PurpleSec.

How to Respond to a Ransomware Attack

Let us discuss some possible scenarios involved with a ransomware attack:

  1. The data is stolen. You can afford to pay the ransom; the ransom is paid; and the data is returned.
  2. You give up on the data because you do not find value in it or the data is renewable.
  3. You cannot afford to pay the ransom; either it cannot be paid and the data is lost, or the price is negotiated hence allowing for the payment to be made.
  4. You can potentially afford to pay the ransom but you need time. The average time given to pay is two-days. You attempt to negotiate the payment time.
  5. Ironically, the attacker listens to your plea and decrypts the data out of the kindness of their heart.

In most situations, both the ACSC and the Cybersecurity and Infrastructure Security Agency (CISA) of America advise against paying the ransom in the face of an attack as it does not guarantee the restoration of your files and would only fuel the ransomware market further. The best course of action is to report the technical details of the attack to the ACSC, try to understand the situation further through cybersecurity forensics and move onto recovery with the hope that your experiences have contributed to the efforts to disrupt future ransomware offenders.

With recovery, an external or offline backup would aid in restoring mostly everything lost before the backup point. If a backup is not made, attempting to salvage any data from personal drives, cloud-based drives, messaging software or as email attachments may be worthwhile.

How to Reduce the Risk of Ransomware

The three crucial things to consider when thinking about building a security-oriented business is its level of readiness against threats, the process of responding against attacks, and the effectiveness of the road to recovery. Why are these three points so important? To predetermine the possible value of losses in the face of an attack, one needs to be able to effectively apply these three points to any situation where an attack is imminent.

The ACSC Essential 8 Maturity model is a foundational security strategy developed by the Australian Government to aid a business in preparing for such events, thereby we highly recommend attempting to implement the bare minimum of the maturity model. Smaller businesses can refer to the ACSC guide for small to medium businesses. Ransomware attacks usually pose a larger threat to businesses than what is expected. Data is usually the corner-stone to any business, so having your data removed from your possession can crumble your operation from the core. That is why a proactive security approach is critical to keeping your business up and running. A critical part of evaluating the significance and value of data is to also consider the privacy obligations with regard to customer data and the consequences of this data being breached.

Businesses can prepare themselves to help mitigate damage by a ransomware attack by following these recommended readiness steps:

  1. Training and educating staff to raise the security awareness and the maturity of security practices. Often the weakest link is the all it takes for your network and devices to be breached.
  2. Implement zero trust architectures to silo and segregate data so as to limit damage.
  3. Implement network firewalls, intrusion detection and prevention systems.
  4. Backup all the data on the network and place it offline. Do this regularly.
  5. Clear out data stores of any old data and sensitive data that are no longer needed. Ensure that you handle customer and employee data with extra care.

We hope that you will work towards building a robust security system that would protect your business and its assets. If you have any questions or would like to discuss any of the points further or would like advice on a specific aspect of this piece, please don’t hesitate to get in touch with our team.