Article First Published: January 24, 2022
Article Updated: October 15, 2024 (Article content, statistics and links all updated)
There’s no denying it—ransomware attacks have been around for some time, and there seems to be no end in sight.
According to the Australian Cyber Security Centre’s ASD Cyber Threat Report 2022-2023, over 94,000 cybercrime reports were received in the 2023 financial year, with more than 10% of those incidents responded to being related to ransomware attacks, an increase of 7% from the previous year.
They also maintain that ransomware attacks are still one of the most destructive cybercrime threats faced by Australian Businesses along with Business Email Compromise and Denial of Service Attacks, due to the high financial impact and other disruptive impacts it has on those affected.
As a Managed Detection and Response (MDR) provider, we’ve taken stock of the ubiquitous ransomware attacks targeting Australian businesses of all sizes, and what this means for our own preemptive efforts. Cyber Audit Team (CAT) explored the most recent attacks in Australia to provide practical and affordable mechanisms to mitigate the risks to your business.
What are Ransomware Attacks?
Ransomware is a form of malware that encrypts a company’s system, files or data. Victims of ransomware are provided with payment instructions, which may (or may not) deliver a decryption key after payment. Ransoms can range from a few hundred dollars to millions, paid in untraceable cryptocurrencies.There are numerous threat vectors for ransomware to infect your business, with Ransomware-as-a-Service (RaaS) kits readily available to low-skilled threat actors (criminals) on the dark web. The most common attack vectors today are through phishing emails, software downloads, compromised websites, and Remote Desktop Protocol (RDP) – a way of remotely logging into Windows computers.
While traditional ransomware attacks have seen a decline globally due to many victims not paying ransoms to retrieve their encrypted systems/data, choosing instead to restore their systems from their back-ups. Many threat actors subsequently pivoted towards a simple and stealthier method of generating cryptocurrency — by surreptitiously gaining control of computers commonly referred to as “cryptojacking”.
Why Ransomware is a major CyberThreat
Globally ransomware is among the most prevalent type of malicious software, and attacks can cost affected organisations millions of dollars.Sophisticated threat actors have invested time and money into honing their tactics, techniques and procedures (TTPs), actively targeting businesses of all sizes, across all industries, generating millions and even billions of dollars globally. Once inside your network, threat actors traverse laterally and undetected, escalating their privileges to domain administrators, manually disabling poorly protected security tools, encrypting your back-ups and waiting for the opportune moment to launch their attack to completely shut your business down.
Concerningly, many businesses still demonstrate a naive false sense of security because of assurances from their IT that they can restore from back-ups. However, today’s sophisticated threat actors are acutely aware of your basic IT recovery methods and your back-ups are the first thing they target.
Recent Attacks on Australian Businesses
Without Managed Detection and Response services, businesses simply will not know when they are under attack. A recent IBM and Ponemon study found that for businesses without Managed Security Services, 277 days was the average length of time before a data breach was discovered and contained — and a lot can happen in that time.
Contrary to popular belief, threat actors do not only target big business — they are indiscriminate on size and industry. It just so happens that larger businesses get the most publicity.
In the first 6 months of 2024 alone the Office of the Australian Information Commissioner (OAIC) found that out of all reported Cyber Incidents, almost 300,000 individuals were affected by ransomware attacks.
In the first six months of 2020 alone, we’ve seen a wide range of Australian and New Zealand organisations fall victim to various ransomware infections.
Here are a few highly publicised cases:
Toll
Logistics company Toll was hit by a new strain of ransomware in 2020 that forced the company to immediately disable and isolate their IT systems to stop the virus from spreading further than the 1,000 servers already impacted.
Lion
In 2020, one of Australia’s largest beverage brands, Lion, was repeatedly targeted by threat actors, resulting in a devastating ransomware attack, which crippled its manufacturing, production and logistics, disabling their IT systems. Hackers reportedly demanded a ransom of $1.25 million.
Medibank
In December 2022, Australian health insurance giant, Medibank, suffered a significant data breach that compromised the personal details of 9.7 million customers. The attack was believed to be orchestrated by the notorious REvil ransomware group based in Russia.
McDowall Affleck
On 24th July 2024 Australian engineering firm McDowall Affleck fell victim to a RansomHub Ransomware attack. This group claimed they had downloaded a total of 470 gigabytes of data and included company intellectual property, personal information of employees and client information.
How to Mitigate the Risk of Ransomware Attacks
The good news is that with the right attitude, approach, and investment, nearly every single attack is preventable.
As this is a Governance, Risk and Compliance (GRC) issue, the first place to start should be an internal risk review. All businesses should consider conducting an independent review of their own information security and cybersecurity risk. This is not an IT audit or assessment, but an overview of their entire organisation to identify risks, gaps or areas of non-compliance and exposure.
There are also a number of key tactics you can use day-in and day-out to mitigate your risk of a ransomware attack in your business:
- Develop a Data Breach Incident Response Plan
- Regularly train your employees to be vigilant for all types of attacks (including social engineering) and test their knowledge and susceptibility
- Regularly back-up your data, ensure a copy is held offline, and test the recovery process
- Review your company’s Business Continuity Plan (BCP) and your Disaster Recovery Plan (DRP)
- Ensure your company enforces regular software updates
- Employ next-generation anti-malware software and processes
- Implement access controls, giving users access and control only to what they need to do their jobs effectively.
- Disable Macros: Microsoft Office applications can run macros to automate tasks, but they can also deliver ransomware. Use them with caution.
- Invest in and enforce a corporate password manager
- Enforce Multi-Factor Authentication (MFA/2FA) across every platform and system
- Assess your remote workforce risk (home environment etc.)
- Engage an independent Managed Detection and Response (MDR) service provider to assist your company in identifying your risks by providing proactive visibility to limit the scope of an attack.
What is evident is that ransomware isn’t going away anytime soon. If your company doesn’t currently invest in real-time Managed Detection and Response services, then your brand and reputation are potentially more exposed than you may realise.
Get in touch with our specialists today to discuss your specific requirements.
