Cyber security series: ransomware – not so random
Posted on April 11, 2018
3 min read
It has been a notable year for security across the globe. With events such as the WannaCry ransomware, NotPetya malware, the Equifax breach, and the leaking of hacking tools by a group called the Shadow Brokers, the past year has seen large-scale cyber security events dominate the headlines.
This month, we released the Telstra Security Report 2018, which is more comprehensive than ever before. We interviewed over 1250 professionals for matters of security from 13 countries including Australia, Asia, Europe and the UK.
Some of the findings are encouraging. Others, surprising. The insights about ransomware, however, are ringing alarm bells. Ransomware is on the rise and is becoming increasingly targeted. Our respondents reported more ransomware attacks in this year’s survey than any previous year.
Attacks are inevitable
31 percent of Australian respondents whose business had been interrupted due to a security breach in the past year are experiencing ransomware attacks on a weekly or monthly basis, the highest among all countries surveyed.
- In the APAC and European region, this figure was only 22 percent.
- The UK figure is 25 percent, second to Belgium at 29 percent for the European markets.
Over the course of 2017, Australia had the highest rate of ransomware attacks at 76 percent, followed by Europe and Asia Pacific, both at 74 percent. Respondents reported more ransomware attacks in this years’ survey than previous years.
Around half of the business victims paid the ransom
47 percent of Australian businesses who found themselves victims of ransomware paid the ransom, which was consistent across APAC.
- Some 60 percent of ransomware victims in New Zealand, and
- 55 percent in Indonesia paid the ransom, making it the highest for Asia.
- In Europe, 41 percent of respondent ransomware victims paid up.
Most are able to retrieve data after payment
86 percent of Australian businesses who paid a ransom were able to retrieve their data after the payment. In Asia, this figure was slightly higher at 87 percent and slightly lower for Europe at 82 percent.
Our research suggests that ransomware that specifically targets businesses tends to be more sophisticated, with attackers having the ability to release files, typically through central command and control systems, once the amount has been paid.
Many would pay again
In Australia, 83 percent of respondents would pay the ransom again if there were no backup files available. Across Asia, 76 percent would also consider paying again as would 80 percent of European businesses.
It should be noted that an increased number of ransomware variants will attempt to attack some files, such as backup systems, as a first priority. This is often in an effort to increase the price of the ransom.
In the next blog post of this cyber security series, we’ll take a deeper look at how often breaches occur, and how we compare to the rest of the world in detecting these attacks.
Read the full report.