Secure your business

When your data is held captive: Dealing with ransomware

Highlights
  • Carbon Black estimates the ransomware market grew by 2,502 percent in 2016 to 2017, costing businesses US$1 billion dollars.
  • The Telstra Security Report 2018 found that 76 per cent of Australian businesses experienced a ransomware attack in 2017.
  • 47 per cent of Australian victims paid the ransom, but 14 per cent did not get their data back.

How much is your data worth, and would you pay to get it back? What to do about the explosive growth of the global ransomware market.

You arrive at work and turn your computer on, ready to close a huge deal. Instead of the familiar log-in message, you see a countdown timer and a simple message – your data files are encrypted. 

When your data is held captive: Dealing with ransomware

If you don’t pay a certain amount of money by the time the clock runs out, you’ll lose your data forever. You check your email on your smartphone and discover the entire executive team is being held to ransom after someone opened an infected file attachment.

 

 

76 per cent of Australian businesses experienced a ransomware attack in 2017 

Telstra Security Report 2018.

Ransomware is malicious software that encrypts the data on your computers. The only way to recover the data is to break the encryption (typically a difficult and time-consuming course of action); recover from a backup that has not been infected; or to pay a ransom to the hacker that encrypted the data – and even if you pay there are no guarantees you will get your data back.

According to the Telstra Cyber Security Report 2018, 31 per cent of Australian businesses who stated they had a security breach in the last year were experiencing ransomware attacks on at least a monthly basis.  The report also highlighted that 47 per cent of Australian businesses paid the ransom, with 86 per cent of these successfully retrieving their data. This indicates that around 14 per cent don’t get their data back.

Australian companies and private citizens are significant targets. This is because Australia is perceived as a relatively wealthy country with the capacity to pay. Our research suggests ransomware that specifically targets businesses tends to be more sophisticated, with attackers having the ability to release files, typically through central command and control systems, once the amount has been paid.

Like much malicious software, ransomware enters organisations through targeted attacks on individuals. Hackers can use tools such as the social media profiles of executives to carefully craft email messages that either deliver malicious software directly to an individual – usually in the form of a new game to try or some other supposedly non-threatening file attachment – or direct them to a fake website that exploits a specific personal interest.

A maturing market

The growth in ransomware is being greatly assisted by the emerging Ransomware as a Service (RaaS) market, where malware authors create user-friendly versions for distribution.

This sophisticated market is situated on the dark web, with Carbon Black estimating that there are approximately 6,300 marketplaces with more than 45,000 products listed. These range from DIY kits priced as low as US$0.50, up to custom malware. 

Some firms even provide their software for free on a profit-sharing agreement, offering PDF reports and charts tracking the success of their clients’ attacks.  

This suggests ransomware is profitable and becoming mainstream. New strains of ransomware in 2018 will also focus on exfiltration of data prior to the system’s encryption to reap additional commercial rewards for stealing corporate intellectual property.

What can you do about it?

Keeping systems up to date with the latest security patches for operating systems and applications is a good first step. This is particularly important for Java, Adobe Reader, Flash, Silverlight and other applications regularly targeted by exploit kits.

A regularly tested backup regime will also help minimise the damage should a ransomware infection occur. It’s important to note a ransomware payload may infect a machine many weeks or months before it is triggered so that the impact, and therefore the likelihood of a ransom being paid, is increased.

Some variants of ransomware are also targeting backup systems, therefore these should also be encrypted so that data does not fall into the wrong hands.

Given the prevalence of ransomware attacks, it’s imperative to have incident response and business continuity plans in place. These need to include regular disaster recovery drills to ensure that backup data can be used to return the business back to normal operation within acceptable time frames. 

Access the full Telstra Security Report 2018 now and find out how you can defend your organisation from ransomware and other against threats, so you can focus on your business.

Find out more

Related News

Choosing the right network partner
Reach global markets
Reach global markets
Choosing the right network partner

You need a trusted network partner to support your business’ growth. We look at the questions you need to find that partner. An effective digital strategy is a prerequisite for...

Think as one: Bringing your cloud and network together
Optimise your IT
Optimise your IT
Think as one: Bringing your cloud and network together

When your underpinning network and cloud foundation work as one, the promise of innovation can become a reality. Learn how to converge your network and cloud. Together, the ne...

A woman using virtual reality headset
Secure your business
Secure your business
The future of security: Threats, trends and investments

From rising budgets to machine learning, we look at the future trends changing the Australian security landscape. With the security landscape continuing to grow more complex, w...

Better together: Electronic and cyber security convergence
Secure your business
Secure your business
Better together: Electronic and cyber security convergence

Aligning your approach to physical security devices with your cyber security strategy is giving Australian organisations greater visibility over their security estate. Across A...