Ransomware explained: What is it and why are Australian businesses a target?

Cyber Security

Ransomware explained: What is it and why are Australian businesses a target?

Australian businesses have become a massive target for ransomware cyber attacks. In a recent report, Crowdstrike found that over 67% of Australian organisations have suffered a ransomware attack, which is 10% higher than the global average.

And attacks are increasing - in size, severity, and sheer brazenness.

In April this year, a cyber attack on UnitingCare's Queensland hospitals caused chaos across the healthcare network. According to UnitingCare, the attack blocked access to their "digital and technology systems," with local reports suggesting that email and operations booking systems had become infected. Hospital staff also reported Wi-Fi networks coming down, impeding staff from critical communications and assistance, access to patient records, and difficulty in discharging patients. Some were even concerned the attack would impact their pay.

This recent ransomware attack is not the first of this kind to hit Australia’s healthcare sector, nor will it be the last. Businesses and organisations must become ultra-vigilant to protect data assets and customer privacy, and it’s clear Australian organisations are still not up to speed on the risks. So, let’s deep dive into ransomware: what it is, who is it targeting, and what are its effects?

What is ransomware?

Ransomware attacks generally involve a hacker getting malware into a computer’s system that allows them to lock and encrypt data until the victim pays a ransom to get access back. Ransomware seizes on vulnerabilities within a system, network, software, or even human users themselves, to plant malware and infect a device.

According to Deep Instinct’s Threat Report, one hacking trend that has emerged is that of double extortion ransomware tactics. In this new trend, when companies refuse to pay the ransom, cybercriminals will next threaten to publish the stolen data.  

How does ransomware enter a network?

There are many techniques that a cyber criminal can use to get this malware into a company’s network, including:

  • Phishing emails
  • Email attachments
  • Malicious links on social media
  • Malvertising, or clicking a legitimate ad that has malicious code in it
  • Installing infected programs or applications
  • Visiting an unsafe or fake website or opening/closing a malicious pop-up
  • Traffic Distribution System (TDS): clicking a link on a legitimate website that redirects to a malicious website
  • An employee inserting a USB directly into their computer

Once malware is installed within a company’s system, cyber criminals don’t necessarily act on it immediately. John Fison, Head of Superloop’s cyber security service, CyberEdge, states that:

“Hackers will often sniff around a company’s system for months assessing the best way to monetise their access. They will observe identifying information and will even look for files in insurance policies that specify how much the company is insured for in case of a cyber security breach. The hackers will often then ask for a ransom in that same amount, which increases the likelihood of the victim paying up when they know they’re insured.”

Fison also warns that when a ransom is paid, hackers only return the victim’s access to their data about half of the time.

According to one study, the average cost for a business to remediate a ransomware attack is much higher for those who pay the ransom versus those who don’t. This is partly due to the fact that the business who pays the ransom still needs to make system-wide changes to prevent subsequent attacks.

Who is being targeted?

No industry or business is safe from a ransomware attack. However, the Australian Cyber Security Centre (ACSC) found that in the 2019-20 financial year, health, state governments, and the education sector were the hardest affected industries of ransomware attacks.

In fact, a VMware Carbon Black report revealed that in 2020, healthcare organisations saw a massive 9,851% increase in attempted cyber attacks.

The higher prevalence of ransomware attacks directed at the health and government sector may be due to the lack of appropriate defence protocols in many Australian organisations. In a recent three-year study, Macquarie University found that 16% of Australian government websites did not have the most basic security protocol installed, and over one-third of those belonged to the Department of Health.

What are the effects of a ransomware attack?

New South Wales public transport was disrupted after a 2020 ransomware attack.

According to a recent US study, almost three-quarters of the companies who were impacted by a ransomware attack went two or more days with no access to their files. More than 30% went five or more days without access.

In one high-profile ransomware attack in 2020, major disruption to the New South Wales public transport system occurred as a result of a cyber attack on the NSW State Transit Authority. The disruption impacted bus scheduling for several days and caused problems with computer and phone systems for up to nine days across all of the company’s bus depots.

For some sectors, like healthcare, these kinds of disruptions and delays could be life threatening. As the UnitingCare disruption plays out, the potential for serious harm is clear.

In other sectors, what was already a challenging year for Australian businesses, 2020 saw several major ransomware attacks that seriously impacted operations.

Australian logistics company, Henning Harders, took down their cargo tracking systems when they discovered unusual activity in their network; Australian law firm, Law in Order, halted business operations when their system fell victim to a ransomware attack; and NSW-based retailer, IN SPORT took their entire head office system offline when they became another victim of ransomware.    

On top of the financial, time, and data losses that affect businesses following a ransomware attack, organisations must also manage the long-term effects on the company’s reputation and trustworthiness.

Reputation loss can cause share prices to drop, as was the case when Nine Entertainment’s systems were attacked earlier this year, triggering a 2.4% drop in share price.

While the impact of reputation loss can be difficult to measure, global surveys indicate that up to 70% of customers would stop doing business with a company who had experienced a data breach.  

Ultimately, no one is safe from ransomware attacks. As Australia has become a major target for hackers, cyber security cannot be left to chance.

What to read next:

Cyber security in a post COVID world
Securing the organisation: People first, technology second
Best security practices for companies using cloud service providers