With three out of five Australian businesses facing a ransomware attack every year, Telstra’s Director of Security Solutions, Neil Campbell, discusses why everyone who is online needs to be aware of the growing risks of ransomware and what you can do about it.
By offering criminals a simple, direct and mass market way to monetise malware, ransomware has emerged as one of the top security threats facing business today. In the United States the FBI estimated that payments to cybercriminals to rescue infected files and systems is on its way to becoming a US$1 billion per annum market.
A recent report by Frost and Sullivan for Telstra found ransomware was the most downloaded form of malicious software (‘malware’) in the Asia Pacific region last year, with around 60 per cent of organisations in Australia experiencing at least one ransomware incident in the last 12 months.
Ransomware has been around for a decade but it has exploded recently as the malicious code it relies on has become easier to access and organised criminals have deployed it at scale around the world. It represents a problem for all types of business, large and small. Indeed many small businesses and individuals are vulnerable to ransomware because they may not have the best solutions in place or feel they are too small to be targeted.
The rise and rise of ransomware
Ransomware holds a device or system hostage by blocking access to the files on the system until a payment is made to remove the restriction. The most common variant is crypto-ransomware, where files on the target device or system are encrypted, effectively freezing access to them until a payment is made.
Like most kinds of malware, ransomware is usually distributed through phishing emails or exploit kits (which take advantage of device vulnerabilities to deliver the malware without the recipient’s knowledge).
The list of companies hit by ransomware is long and growing, with hospitals, universities, libraries and local councils among those impacted. For example, a hospital in California had its network down for a week and paid the equivalent of US$17,000 in bitcoin to regain access to encrypted files, and the University of Calgary in Canada ended up paying U$16,000 to recover encrypted emails. There are even multiple examples of police departments in the United States being forced to pay up after being infected by ransomware.
Closer to home, few companies are willing to publicly admit they have been a victim. However, the Frost and Sullivan research shows when asked anonymously a quarter of businesses in Australia experienced a ransomware incident, which impacted their business, on at least a monthly basis last year. The most common form of ransomware these companies encountered was Locky, which encrypts files through a Trojan usually downloaded via an email with a Word attachment.
The rapid growth of this form of malware has been spurred in part by the emergence of ransomware-as-a-service models, which allow any would-be criminal to access the tools they need to engage in this form of extortion regardless of their technical knowledge.
Ransomware-as-a-service has reached a point where developers now offer user-friendly online sites where people without coding experience can access their ransomware by either paying a one off fee to the developer or engaging in a profit share arrangement. Unfortunately, malware developers are getting savvy to the need to improve customer service just like any other business.
No honour among thieves
The standard advice for anyone who faces ransomware is to do everything possible to avoid paying the ransom. This is a critical way to combat the issue overall, as the fewer people who pay, the less incentive there is for criminals to pursue this type of activity.
Of course, it is not always so simple. If critical files are locked up and your business is grinding to a halt, the incentive to pay the ransom is very high. Our research report found that of the respondents who encountered a problem with ransomware, 57 per cent ended up paying a ransom.
However, payment does not necessarily rid you of the pain. Nearly one third of Australian organisations who paid the ransom did not recover their files, and even if you do regain access to the data there is no certainty it has not been compromised in other ways. Decrypting files does not mean the malware infection itself has been removed, and the perpetrators may still have stolen critical data as part of the attack, possibly even stealing your bank details when you paid the ransom.
The benefit of hindsight
When it comes to ransomware, there is no doubt that prevention is always better than the cure. The good news is prevention can take a number of forms, but it doesn’t have to be an elaborate security system. Good basic hygiene measures for business, like staff security awareness training, backing up important files and keeping security software up-to-date, can make a big difference when it comes to protecting yourself from malware.
Top five ways businesses can protect themselves from ransomware
- Ensure everyone in your business who interacts with your network is security aware and has training on the risks – you are only as secure as your weakest link. Read more about Telstra’s Five Knows of Cyber Security here.
- Identify your critical data and back it up regularly, including using offline back-up options
- Implement security measures, such as email gateways to block phishing emails, web gateways to block malicious code and network controls to stop the spread of ransomware inside your network
- Regularly update your operating systems and applications with the latest security patches
- Ensure you have incident response and business continuity plans in place and perform regular disaster recovery drills