Secure your business

When your data is held captive: Dealing with ransomware

Highlights
  • Carbon Black estimates the ransomware market grew by 2,502 percent in 2016 to 2017, costing businesses US$1 billion dollars.
  • The Telstra Security Report 2018 found that 76 per cent of Australian businesses experienced a ransomware attack in 2017.
  • 47 per cent of Australian victims paid the ransom, but 14 per cent did not get their data back.

How much is your data worth, and would you pay to get it back? What to do about the explosive growth of the global ransomware market.

You arrive at work and turn your computer on, ready to close a huge deal. Instead of the familiar log-in message, you see a countdown timer and a simple message – your data files are encrypted. 

When your data is held captive: Dealing with ransomware

If you don’t pay a certain amount of money by the time the clock runs out, you’ll lose your data forever. You check your email on your smartphone and discover the entire executive team is being held to ransom after someone opened an infected file attachment.

 

 

76 per cent of Australian businesses experienced a ransomware attack in 2017 

Telstra Security Report 2018.

Ransomware is malicious software that encrypts the data on your computers. The only way to recover the data is to break the encryption (typically a difficult and time-consuming course of action); recover from a backup that has not been infected; or to pay a ransom to the hacker that encrypted the data – and even if you pay there are no guarantees you will get your data back.

According to the Telstra Cyber Security Report 2018, 31 per cent of Australian businesses who stated they had a security breach in the last year were experiencing ransomware attacks on at least a monthly basis.  The report also highlighted that 47 per cent of Australian businesses paid the ransom, with 86 per cent of these successfully retrieving their data. This indicates that around 14 per cent don’t get their data back.

Australian companies and private citizens are significant targets. This is because Australia is perceived as a relatively wealthy country with the capacity to pay. Our research suggests ransomware that specifically targets businesses tends to be more sophisticated, with attackers having the ability to release files, typically through central command and control systems, once the amount has been paid.

Like much malicious software, ransomware enters organisations through targeted attacks on individuals. Hackers can use tools such as the social media profiles of executives to carefully craft email messages that either deliver malicious software directly to an individual – usually in the form of a new game to try or some other supposedly non-threatening file attachment – or direct them to a fake website that exploits a specific personal interest.

A maturing market

The growth in ransomware is being greatly assisted by the emerging Ransomware as a Service (RaaS) market, where malware authors create user-friendly versions for distribution.

This sophisticated market is situated on the dark web, with Carbon Black estimating that there are approximately 6,300 marketplaces with more than 45,000 products listed. These range from DIY kits priced as low as US$0.50, up to custom malware. 

Some firms even provide their software for free on a profit-sharing agreement, offering PDF reports and charts tracking the success of their clients’ attacks.  

This suggests ransomware is profitable and becoming mainstream. New strains of ransomware in 2018 will also focus on exfiltration of data prior to the system’s encryption to reap additional commercial rewards for stealing corporate intellectual property.

What can you do about it?

Keeping systems up to date with the latest security patches for operating systems and applications is a good first step. This is particularly important for Java, Adobe Reader, Flash, Silverlight and other applications regularly targeted by exploit kits.

A regularly tested backup regime will also help minimise the damage should a ransomware infection occur. It’s important to note a ransomware payload may infect a machine many weeks or months before it is triggered so that the impact, and therefore the likelihood of a ransom being paid, is increased.

Some variants of ransomware are also targeting backup systems, therefore these should also be encrypted so that data does not fall into the wrong hands.

Given the prevalence of ransomware attacks, it’s imperative to have incident response and business continuity plans in place. These need to include regular disaster recovery drills to ensure that backup data can be used to return the business back to normal operation within acceptable time frames. 

Access the full Telstra Security Report 2018 now and find out how you can defend your organisation from ransomware and other against threats, so you can focus on your business.

Find out more

Related News

Boxes on conveyer belt
Create transformative innovation
Create transformative innovation
IoT in focus: Transforming the supply chain

The Internet of Things (IoT) is powering a major digital transformation in supply chain management that's set to touch every part of the chain from floor to store and beyond. ...

Woman on her phone in an office setting
Liberate your workforce
Liberate your workforce
Making the switch to an IP-based telephony service

As traditional ISDN and PTN phone lines are decommissioned with the rollout of the National Broadband Network, Australian businesses need to find the right IP-based telephony s...

People standing around a workspace using a laptop
Optimise your IT
Optimise your IT
Fast, resilient and virtual: Our network for tomorrow

To meet Australia’s increasing demands for data, speed and network resiliency, Telstra is reimagining our network with software, virtualisation and 5G. The last decade has see...

tennis stadium
Reach global markets
Reach global markets
Over-the-top content with WTA and Perform Group

Across the world, sports fans are demanding higher quality video, with less delay and more features than ever before. We explore how the convergence of IP and traditional broad...