There’s no denying it — 2020 is the year of the ransomware attack and it’s back with a vengeance. Despite the first ransomware attack taking place over 30 years ago, the ‘new normal’ created by the COVID-19 pandemic — work becoming remote and shifting solely online — has resulted in a sharp rise in targeted ransomware attacks across the world.
As a Managed Detection and Response (MDR) provider, we’ve taken stock of the ubiquitous ransomware attacks targeting Australian businesses of all sizes, and what this means for our own preemptive efforts. Cyber Audit Team (CAT) explored the most recent attacks in Australia, to provide practical and affordable mechanisms to mitigate the risks to your business.
What is a Ransomware Attack?
Ransomware is a form of malware that encrypts a company’s system, files or data. Victims of ransomware are provided with payment instructions, which may (or may not) deliver a decryption key after payment. Ransoms can range from a few hundred dollars to millions, paid in untraceable cryptocurrencies.
There are numerous threat vectors for ransomware to infect your business, with Ransomware-as-a-Service (RaaS) kits readily available to low-skilled threat actors (criminals) on the dark web. The most common attack vectors today are through phishing emails, software downloads, compromised websites, and Remote Desktop Protocol (RDP) – a way of remotely logging into Windows computers.
By 2018, traditional ransomware had declined drastically. This was mainly due to many victims not paying ransoms to retrieve their encrypted systems/data, choosing instead to restore their systems from their back-ups. Many threat actors subsequently pivoted towards a simple and stealthier method of generating cryptocurrency — by surreptitiously gaining control of computers commonly referred to as “cryptojacking”.
The Rise of Targeted Ransomware
During the last two years, targeted ransomware has surged with devastating success. Sophisticated threat actors have invested time and money into honing their tactics, techniques and procedures (TTPs), actively targeting businesses of all sizes, across all industries, generating millions and even billions of dollars globally.
Once inside your network, threat actors traverse laterally and undetected, escalating their privileges to domain administrators, manually disabling poorly protected security tools, encrypting your back-ups and waiting for the opportune moment to launch their attack to completely shut your business down.
Concerningly, many businesses still demonstrate a naive false sense of security because of assurances from their IT that they can restore from back-ups. However, today’s sophisticated threat actors are acutely aware of your basic IT recovery methods and your back-ups are the first thing they target.
Recent Attacks on Australian Businesses
Without Managed Detection and Response services, businesses simply will not know when they are under attack. A recent IBM and Ponemon study found that for businesses without Managed Security Services, 281 days was the average length of time before a data breach was discovered and contained — and a lot can happen in that time.
Contrary to popular belief, threat actors do not only target big business — they are indiscriminate on size and industry. It just so happens that larger businesses get the most publicity.
In the first six months of 2020 alone, we’ve seen a wide range of Australian and New Zealand organisations fall victim to various ransomware infections.
Logistics company Toll was recently hit by a new strain of ransomware that forced the company to immediately disable and isolate their IT systems to stop the virus from spreading further than the 1,000 servers already impacted.
Lion — one of Australia’s largest beverage brands — was repeatedly targeted by threat actors, resulting in a devastating ransomware attack, which crippled its manufacturing, production and logistics, disabling their IT systems. Hackers demanded a ransom of reportedly $1.25 million.
Steel giant Bluescope fell victim to a ransomware attack, caused by one or more of their employees opening contaminated email attachments. Despite infecting the United States arm of the business, production in Australia was impacted, forcing teams and production offline.
Money management firm My Budget experienced a ransomware attack that left 13,000 customers in financial limbo and brought down nationwide systems for a week, damaging the company’s brand and reputation.
Fisher & Paykel
New Zealand appliance manufacturer Fisher & Paykel was hit by a ransomware attack that forced it to shut down the manufacturing and distribution of its products.
How to Mitigate Your Risk
The good news is that with the right attitude, approach, and investment, nearly every single attack is preventable.
As this is a Governance, Risk and Compliance (GRC) issue, the first place to start should be an internal risk review. All businesses should consider conducting an independent review of their own information security and cybersecurity risk. This is not an IT audit or assessment, but an overview of their entire organisation to identify risks, gaps or areas of non-compliance and exposure.
There are also a number of key tactics you can use day-in and day-out to mitigate your risk of a ransomware attack in your business:
- Develop a Data Breach Incident Response Plan
- Regularly train your employees to be vigilant for all types of attacks (including social engineering) and test their knowledge and susceptibility
- Regularly back-up your data, ensure a copy is held offline, and test the recovery process
- Review your company’s Business Continuity Plan (BCP) and your Disaster Recovery Plan (DRP)
- Ensure your company enforces regular software updates
- Employ next-generation anti-malware software and processes
- Invest in and enforce a corporate password manager
- Enforce Multi-Factor Authentication (MFA/2FA) across every platform and system
- Assess your remote workforce risk (home environment etc.)
- Engage an independent Managed Detection and Response (MDR) service provider to assist your company in identifying your risks by providing proactive visibility to limit the scope of an attack
What is evident is that ransomware isn’t going away anytime soon. If your company doesn’t currently invest in real-time Managed Detection and Response services, then your brand and reputation are potentially more exposed than you may realise.
Get in touch with our specialists today to discuss your specific requirements.