Secure your business

When your data is held captive: Dealing with ransomware

Highlights
  • Carbon Black estimates the ransomware market grew by 2,502 percent in 2016 to 2017, costing businesses US$1 billion dollars.
  • The Telstra Security Report 2018 found that 76 per cent of Australian businesses experienced a ransomware attack in 2017.
  • 47 per cent of Australian victims paid the ransom, but 14 per cent did not get their data back.

How much is your data worth, and would you pay to get it back? What to do about the explosive growth of the global ransomware market.

You arrive at work and turn your computer on, ready to close a huge deal. Instead of the familiar log-in message, you see a countdown timer and a simple message – your data files are encrypted. 

When your data is held captive: Dealing with ransomware

If you don’t pay a certain amount of money by the time the clock runs out, you’ll lose your data forever. You check your email on your smartphone and discover the entire executive team is being held to ransom after someone opened an infected file attachment.

 

 

76 per cent of Australian businesses experienced a ransomware attack in 2017 

Telstra Security Report 2018.

Ransomware is malicious software that encrypts the data on your computers. The only way to recover the data is to break the encryption (typically a difficult and time-consuming course of action); recover from a backup that has not been infected; or to pay a ransom to the hacker that encrypted the data – and even if you pay there are no guarantees you will get your data back.

According to the Telstra Cyber Security Report 2018, 31 per cent of Australian businesses who stated they had a security breach in the last year were experiencing ransomware attacks on at least a monthly basis.  The report also highlighted that 47 per cent of Australian businesses paid the ransom, with 86 per cent of these successfully retrieving their data. This indicates that around 14 per cent don’t get their data back.

Australian companies and private citizens are significant targets. This is because Australia is perceived as a relatively wealthy country with the capacity to pay. Our research suggests ransomware that specifically targets businesses tends to be more sophisticated, with attackers having the ability to release files, typically through central command and control systems, once the amount has been paid.

Like much malicious software, ransomware enters organisations through targeted attacks on individuals. Hackers can use tools such as the social media profiles of executives to carefully craft email messages that either deliver malicious software directly to an individual – usually in the form of a new game to try or some other supposedly non-threatening file attachment – or direct them to a fake website that exploits a specific personal interest.

A maturing market

The growth in ransomware is being greatly assisted by the emerging Ransomware as a Service (RaaS) market, where malware authors create user-friendly versions for distribution.

This sophisticated market is situated on the dark web, with Carbon Black estimating that there are approximately 6,300 marketplaces with more than 45,000 products listed. These range from DIY kits priced as low as US$0.50, up to custom malware. 

Some firms even provide their software for free on a profit-sharing agreement, offering PDF reports and charts tracking the success of their clients’ attacks.  

This suggests ransomware is profitable and becoming mainstream. New strains of ransomware in 2018 will also focus on exfiltration of data prior to the system’s encryption to reap additional commercial rewards for stealing corporate intellectual property.

What can you do about it?

Keeping systems up to date with the latest security patches for operating systems and applications is a good first step. This is particularly important for Java, Adobe Reader, Flash, Silverlight and other applications regularly targeted by exploit kits.

A regularly tested backup regime will also help minimise the damage should a ransomware infection occur. It’s important to note a ransomware payload may infect a machine many weeks or months before it is triggered so that the impact, and therefore the likelihood of a ransom being paid, is increased.

Some variants of ransomware are also targeting backup systems, therefore these should also be encrypted so that data does not fall into the wrong hands.

Given the prevalence of ransomware attacks, it’s imperative to have incident response and business continuity plans in place. These need to include regular disaster recovery drills to ensure that backup data can be used to return the business back to normal operation within acceptable time frames. 

Access the full Telstra Security Report 2018 now and find out how you can defend your organisation from ransomware and other against threats, so you can focus on your business.

Find out more

Related News

Business interrupted: The impacts of a security breach
Secure your business
Secure your business
Business interrupted: The impacts of a security breach

Australian businesses are experiencing business interrupting security breaches like never before, so making sure you have a robust security framework is a key factor in your or...

row of white vans
Create transformative innovation
Create transformative innovation
IoT in focus: Disrupting the transport industry

With sensors being installed across entire fleets and autonomous shuttle bus trials occurring across the country, the Internet of Things (IoT) is driving transport and logistic...

two young professionals working in front of a laptop
Liberate your workforce
Liberate your workforce
Stop, listen and collaborate

The time is right to audit the enterprise collaboration tools your employees actually use and discover what they need, so you can nurture an effective digital workplace with ev...

small fishes swimming around
Reach global markets
Reach global markets
Diverse and digital: All eyes on Indonesia

New technologies and cloud computing are making expansion into Indonesia easier than ever. Find out how to get a slice of this booming economy. Indonesia is one of the most di...