Secure your business

When your data is held captive: Dealing with ransomware

Highlights
  • Carbon Black estimates the ransomware market grew by 2,502 percent in 2016 to 2017, costing businesses US$1 billion dollars.
  • The Telstra Security Report 2018 found that 76 per cent of Australian businesses experienced a ransomware attack in 2017.
  • 47 per cent of Australian victims paid the ransom, but 14 per cent did not get their data back.

How much is your data worth, and would you pay to get it back? What to do about the explosive growth of the global ransomware market.

You arrive at work and turn your computer on, ready to close a huge deal. Instead of the familiar log-in message, you see a countdown timer and a simple message – your data files are encrypted. 

When your data is held captive: Dealing with ransomware

If you don’t pay a certain amount of money by the time the clock runs out, you’ll lose your data forever. You check your email on your smartphone and discover the entire executive team is being held to ransom after someone opened an infected file attachment.

 

 

76 per cent of Australian businesses experienced a ransomware attack in 2017 

Telstra Security Report 2018.

Ransomware is malicious software that encrypts the data on your computers. The only way to recover the data is to break the encryption (typically a difficult and time-consuming course of action); recover from a backup that has not been infected; or to pay a ransom to the hacker that encrypted the data – and even if you pay there are no guarantees you will get your data back.

According to the Telstra Cyber Security Report 2018, 31 per cent of Australian businesses who stated they had a security breach in the last year were experiencing ransomware attacks on at least a monthly basis.  The report also highlighted that 47 per cent of Australian businesses paid the ransom, with 86 per cent of these successfully retrieving their data. This indicates that around 14 per cent don’t get their data back.

Australian companies and private citizens are significant targets. This is because Australia is perceived as a relatively wealthy country with the capacity to pay. Our research suggests ransomware that specifically targets businesses tends to be more sophisticated, with attackers having the ability to release files, typically through central command and control systems, once the amount has been paid.

Like much malicious software, ransomware enters organisations through targeted attacks on individuals. Hackers can use tools such as the social media profiles of executives to carefully craft email messages that either deliver malicious software directly to an individual – usually in the form of a new game to try or some other supposedly non-threatening file attachment – or direct them to a fake website that exploits a specific personal interest.

A maturing market

The growth in ransomware is being greatly assisted by the emerging Ransomware as a Service (RaaS) market, where malware authors create user-friendly versions for distribution.

This sophisticated market is situated on the dark web, with Carbon Black estimating that there are approximately 6,300 marketplaces with more than 45,000 products listed. These range from DIY kits priced as low as US$0.50, up to custom malware. 

Some firms even provide their software for free on a profit-sharing agreement, offering PDF reports and charts tracking the success of their clients’ attacks.  

This suggests ransomware is profitable and becoming mainstream. New strains of ransomware in 2018 will also focus on exfiltration of data prior to the system’s encryption to reap additional commercial rewards for stealing corporate intellectual property.

What can you do about it?

Keeping systems up to date with the latest security patches for operating systems and applications is a good first step. This is particularly important for Java, Adobe Reader, Flash, Silverlight and other applications regularly targeted by exploit kits.

A regularly tested backup regime will also help minimise the damage should a ransomware infection occur. It’s important to note a ransomware payload may infect a machine many weeks or months before it is triggered so that the impact, and therefore the likelihood of a ransom being paid, is increased.

Some variants of ransomware are also targeting backup systems, therefore these should also be encrypted so that data does not fall into the wrong hands.

Given the prevalence of ransomware attacks, it’s imperative to have incident response and business continuity plans in place. These need to include regular disaster recovery drills to ensure that backup data can be used to return the business back to normal operation within acceptable time frames. 

Access the full Telstra Security Report 2018 now and find out how you can defend your organisation from ransomware and other against threats, so you can focus on your business.

Find out more

Related News

Creating a hybrid cloud project for your business
Optimise your IT
Optimise your IT
Creating a hybrid cloud project for your business

The sheer volume of variables facing businesses when they take stock of their IT and technology structures mean it's hard to predict the next big step. While savvy entrepreneu...

cityscape
Optimise your IT
Optimise your IT
Telstra Programmable Network: As smart as your business

Isn't it time your network scaled with your business? Like so many infomercials, the Telstra Programmable Network began with a simple concept: “There has to be a better way!” I...

Woman with laptop in front of a cityscape
Reach global markets
Reach global markets
Choosing a network partner for your strategy in Asia

To compete in Asia, you need network strength delivered by a partner with expertise in the region. Here's how to choose the right network partner to support your regional ambi...

Oil rig at night
Create transformative innovation
Create transformative innovation
Four ways IoT can monitor and enhance our environment

From the remote wilderness to smart cities, IoT is enabling environmental monitoring that helps protect and enhance the environment - water conditions, air emissions and noise ...