Ganked: Ransomware is here to stay

In the digital age, cybersecurity threats have become a pressing issue for individuals and organisations alike.

One such threat that has seen a significant rise in Australia is ransomware. This article aims to shed a little light on what ransomware is, how it affects organisations, the most common issues it presents, and real-life examples of companies that have been impacted.

As you can see in the graphic below, Ransomware damage is growing 2x year-on-year.

So What is Ransomware?

Ransomware is a type of malicious software that encrypts a victim’s data, rendering it inaccessible. (Think BitLocker, but you don't have the password)

The attackers then demand a ransom, usually in the form of cryptocurrency, for the decryption key.

Over the years, ransomware attacks have evolved from simple encryption lockouts that only threaten productivity via disruption, to where the perpetrators not only encrypt the data but also threaten to leak it online, causing reputational damage and regulatory fines, enough to send a shiver up the spine of any C-Suite employee.

Typical Attacks:

• Phishing: Targeted emails with malicious links grant unauthorised access.
• Software vulnerabilities & Weak Passwords: Exploiting unpatched systems gives access to sensitive data.
• Unsecured networks: Vulnerabilities allow unauthorised access, these can even affect your cloud hosted backups going back several years.
• USB drive attacks: Malicious drives insert ransomware, encrypting files.
• Remote access tools (RATs): Enable remote ransomware installation.
• Drive-by downloads: Malicious sites download ransomware without consent.
• Insider threats: Insiders may install ransomware through social engineering.

How it spreads through Organisations

Ransomware can infiltrate an organisation’s systems through various means, such as phishing emails, unpatched software, or compromised credentials.

Once inside, the ransomware can spread across the network, locking up valuable data and bringing operations to a halt.

The consequences can be severe, including significant downtime, loss of data, reputation damage, and substantial financial costs.

Common Issues and Real-Life Examples

The most common issues leading to ransomware infections include lack of cybersecurity awareness among employees, inadequate backup procedures, and outdated security infrastructure.

In Australia, numerous high-profile companies have fallen victim to ransomware attacks.

• 2023, Scammers used AI-powered deepfake Zoom Meeting to impersonate a multinational company's CFO & Board and trick an employee into transferring $25 million to a fraudulent account.
• 2021, Toll Holdings suffered two separate ransomware attacks that disrupted its operations nationwide costing them millions in lost contracts, sales and reputational damage.
• 2019, Anglicare Sydney experienced a ransomware attack resulting in the transmission of 17GB of data to a remote location, and took almost 3 years to retrieve it.
• 2021 UnitingCare Queensland were attacked, causing significant digital and technology systems outages and affecting staff pay, email, and telephone outages for weeks.

How can you protect your organisation?

• Implement a multi-layered security approach (MFA, Mobile Device Management)
• Regularly update and patch software and operating systems (Cloud-based endpoint management tools like Intune or Freshworks)
• Use strong and unique passwords (a 6 character, number letter & symbol password can be hacked instantly, but a 10 character would take 2 weeks)
• Employ email filters to block spam and phishing emails
• Implement network segmentation to limit the spread of malware
• Regularly back up data and store it offline or in the cloud
• Train and educate employees on ransomware threats
• Consider investing in advanced security solutions such as endpoint detection and response (EDR) and threat hunting services to proactively identify and neutralise potential threats.

Anyway, stay safe out there folks!