Ransomware remains the most common cyber threat according to a recent global survey of more than 1,400 MSP decision makers that manage IT systems for small-to-medium-sized businesses (SMBs). It is also one of the most damaging types of cyber attacks, which can have severe and long-lasting impacts to Australian organisations and their operations.
We’ve put together some helpful information so you can better understand this cybercrime and how you can protect your business from ransomware attacks.
What is Ransomware?
According to the Australian Cyber Security Centre (ACSC), ransomware is a type of malicious software that makes your computer or its files unusable unless you pay a fee, often in the form of untraceable cryptocurrencies such as Bitcoin. It requires minimal technical expertise, is low cost and can result in significant financial harm. Recovering from ransomware is almost impossible without comprehensive backups, which is why taking steps to protect yourself is so important.
Almost always, ransomware relies on a victim clicking on a malicious link or attachment sent via email. It is also possible for cybercriminals to manipulate security holes and inject malware into a network without human interaction, but this is rare.
How Ransomware Works
Simple ransomware may lock a system in a way in which a technically knowledgeable person can reverse, however, more advanced malware uses a technique called ‘cryptoviral extortion’, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.
Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.
Growth of Ransomware
Ransomware scams have grown exponentially in recently years. According to an annual report on global cyber security, there were a total of 304 million ransomware attacks worldwide in 2020. This was a 62 percent increase from a year prior, and the second highest figure since 2014 with the highest on record being 638 million attacks in 2016.
Unlike traditional data breaches that result in stolen information, ransomware is used to ‘lock’ crucial systems, which means most organisations will pay the ransom to have their system/s restored.
In 2020, Gillian Franklin, the founder of Australian cosmetics business The Heat Group, logged on to her business to discover all online documents and files were missing and were replaced by a ransom note demanding payment of the equivalent of $40,000 in Bitcoin.
Within one week the Heat Group was back online but Ms Franklin estimates the cyber attack cost the business $2 million.
In October 2019, a ransomware attack on the Victorian Government by ‘sophisticated cyber criminals’ forced some of the state’s major regional hospitals to go offline.
How to Avoid Ransomware Attacks
Your business could be a victim of a ransomware attack at any time. Here are some ways to protect yourself:
1. Be Aware and Alert
Educate your employees so they are aware of what a phishing attack may look like. Obvious signs are poor grammar, incorrect spelling, and threatening language such as an account suspension message. More sophisticated attacks use techniques such as sending an unpaid invoice, which an unsuspecting person may be more likely to open.
2. Update Devices and Systems
Although ransomware rarely spreads as a result of system vulnerabilities, outdated systems are always vulnerable to attack. Update your devices and enable automatic updates. You should also back up your data, implement 2-step authentication, and conduct security patches.
3. Implement Offline Backups
Consider storing a backup offline that can’t be impacted by a ransomware attack. A backup is a digital copy of your most important information (e.g. photos, financial information or health records) that is saved to an external storage device or to the cloud. The best recovery method for a ransomware attack is a regular offline backup made to an external storage device and a backup in the cloud. Backing up and checking that backups restore your files offers peace of mind. You can set up automatic backups in your system or application settings.
4. Implement Access Controls
Controlling who can access what on your devices is an important step to minimise the risk of unauthorised access. It will also limit the amount of data that ransomware attacks can encrypt, steal, and delete.
To do this, give users access and control only to what they need by restricting administrator privileges. Don’t share your login details for your accounts.
5. Turn on ransomware protection
Some operating systems offer ransomware protection. Make sure you enable this function to protect your devices. The ACSC has developed a useful guide to help you turn on device ransomware protection.
Seek Expert Advice
Alarmingly, according to the research firm Security InDepth, Australian Businesses are completely unprepared for cyber hacks. Another survey report found that one in four Australian businesses do not have an incident response plan to deal with cyber attacks when they happen.
Contact Surety IT today to discuss the development of your business cyber security strategy. We’ll work with you to understand what information you have, where it is and who has access to it, and help you plan a cyber security strategy that is easy to understand, scalable, flexible and educational. We can also help you implement ransomware protection in your business, and respond effectively to a ransomware attack.