The very real threat of ransomware attacks

Wednesday, 5 May 2021

The rise in ransomware attacks plaguing organisations worldwide shows that no organisation is immune. 

The concerning rise in sophisticated ransomware attacks is heightening the need for all organisations to tighten technological defences and seek expert advice on optimising internal cyber security.

Ransomware – malicious software designed to block access to and/or steal information from a computer system unless a ransom is paid – is becoming increasingly popular for cyber criminals. In a worldwide trend, many ransomware attacks also now involve extortion, and recent events show Australia is far from immune.

Last week, ransomware was used to disable the digital and technology systems of no less than four major Queensland hospitals and dozens of aged care homes. The attack on UnitingCare Queensland was all the more shocking for targeting the sick and elderly. The healthcare provider operates Wesley and St Andrew's Hospitals in Brisbane, St Stephen's Hospital in Hervey Bay, Buderim Private Hospital on the Sunshine Coast as well as multiple facilities for the elderly and disabled. Phones, email systems and more were crippled across these organisations on the Anzac weekend. At time of publication, the situation was still being resolved with the help of technical and forensic experts from the Australian Centre for Cyber Security (ACSC) ¹

UnitingCare Queensland joins a growing list of major companies with defences unable to prevent devastating cyberattacks coming to fruition. In the last 12 months, these have included Eastern Health, Nine Entertainment and the Lion Beverage Company. 

Ransomware’s rise is being driven by the simple fact it wields the most damaging impact. It can cripple an organisation immediately, place sensitive and confidential information at risk of public exposure, and, in the case of healthcare, delay urgent and life-saving treatments. Critical factors such as these make ransomware chillingly effective in its goal of eliciting huge sums of money from victims. Even when systems are freed from ransomware, it can take weeks and months to restore regular operations. 

Worryingly, ransomware gangs are now not only encrypting and restricting access to data but resorting to extortion by threatening to steal and either expose or sell confidential information on the dark web. This has seen ransom demands spiral into multi-millions of dollars as occurred to none other than Apple in the past few weeks.² Apple came unstuck due to ransomware infiltrating one of its third-party providers in what is now a common tactic. In the attack, ransomware gang Revil stole data about unreleased products and schematics from Apple supplier Quanta Computer. Revil threatened to sell the data to the highest bidder if an eye-watering $50 million ransom was not forthcoming, and to prove they were serious, released a teaser of confidential information about Apple’s new MacBook Pros. The tactic was initially seen in ransomware software called Maze and has quickly become adopted by others. 
 
It was reported in November 2020 that over 60 per cent of Australian organisations had suffered a ransomware attack in the previous 12 months — 10 per cent higher than the global average. With the ransom paid costing an average of AU$1.25 million for each breach.³ 

Fallout from these attacks in Australia is echoed in the respected Coveware Quarterly Ransomware Report out of the United States. The latest of these reports found ransoms on the rise, jumping 43 per cent from the end of last year to an average of around $US220,000 in the first quarter of 2021. Almost 50 per cent of ransomware cases also included the threat to release exfiltrated data along with encrypted data.⁴ 

Ransomware, while devastating, is certainly avoidable. Most importantly, organisations need to install multiple layers of defence and not simply rely on a single technology solution. 

Another layer of defence must be staff education. The human element is still the biggest threat, especially now it has been exacerbated by the rise of remote working and the need for secure external connections to internal business resources. Training workers regularly in such areas as recognising potential phishing emails and using VPNs safely is imperative. Training should also be specific to the company and industry. Do not ignore the potential damage that can be caused by a disgruntled employee either.

IT specialists trained specifically in cyber security need to be part of an organisations risk mitigation strategy to cyber threats, either on a company’s internal team or engaged as independent consultants. Defence techniques, such as user security levels and two-factor authentication, can easily limit the ability of an attacker to escalate beyond an initially compromised machine. Geo-blocking certain IP ranges is also simple and effective. Incident response plans should be developed for responding to potential threats. These need to also be tested prior to an incident to ensure no time is wasted in mitigating potential disruption.

Cyber security clearly needs to be top of the agenda. The stakes nowadays are too high. Not only do ransomware attacks threaten corporate reputation and company financial stability, but regulators are increasingly cracking down on cyber security compliance. In light of the seriousness of recent breaches, cybersecurity must be a number one priority in every organisation.