Ransomware, a type of malware, is an increasingly popular type of extortionist cyber attack, which encrypts data on infected computers or completely locks you out and holds your data or device hostage, with the attackers offering a decryption or return of access in exchange for a ransom.
According to Avast, the number of ransomware attacks in Australia increased by 10 per cent during the height of the pandemic in March and April 2020, compared to January and February 2020, and ransomware attacks in Australia have still continued targeting Australian industry, with $680,715 reported lost to ACCC Scamwatch this year. That doesn't include companies who haven't disclosed their ransomware payments.
One of the more recent attacks was on the world's largest meat processor, JBS, which was attacked by ransomware in late May this year resulting in 47 of their processing and packing plants to cease operations. The meat processing giant ended up paying a ransom of over $14 million to regain access to their IT systems.
Another major ransomware attack in February 2020, saw wool brokers across Australia and New Zealand severely disrupted when Talman Software's IT system underpinning auctions and exports was encrypted by cybercriminals. This attack resulted in wool sales being halted for eight days and an estimated 70,000 bales being deferred for the sector that has sales of up to $80 million a week. Talman Software refused to pay the ransom, choosing to replace the software.
These ransomware attacks on such important ag businesses and supply chains show how vital it is for authorities to defend markets against cyber threats.
Late last month, Shadow Minister of Cyber Security Tim Watts tabled a new bill in federal parliament called The Ransomware Payments Bill which proposes the creation of a "ransomware payment notification scheme" that covers corporations and all federal government entities, as well as state and territory government agencies.
It will require entities that make ransomware payments to notify the Australian Cyber Security Centre (ACSC) and allow the centralised collection of information by our law enforcement and signals intelligence agencies to combat ransomware attacks. However, this won't necessarily stop all ransomware attacks.
Although you may only ever hear of ransomware attacks on large businesses like JBS, small and medium agriculture businesses should still be very aware of ransomware and the potential vulnerabilities in their business infrastructure.
In the case of a ransomware attack, businesses should definitely not consider paying the ransom or negotiating with the criminals behind the attack as making the payment doesn't ensure you'll get your files back or that you'll get the right decryption key, and your payment will likely fund the development and launch of new ransomware.
Businesses can of course look for decryption tools that some antivirus companies may have for the malware, and in some cases this works, but you shouldn't rely on this. It is better to protect yourself against these attacks systemically.
Here are some ways that businesses can prevent ransomware:
Keep your antivirus software up to date
The best way to prevent ransomware attacks is to stop the malware from accessing your computer or device. The first thing you should do is install an effective, top-quality antivirus program with a strong ransomware protection tool and RDP protection to address the growing risks posed by Remote Desktop use.
Think twice before clicking on links
Phishing scams are still the most popular way of distributing malware. Cyber-hijackers also distribute their ransomware through mobile devices using text messaging and social media messenger apps.
Don't click links you receive from unknown contacts via SMS, email, or messenger applications like Skype or WhatsApp. Even if you think you know the sender, take a closer look at both their address and the link itself before proceeding. If anything looks phishy, steer clear.
Update your operating systems
As annoying as Windows, Apple, and Android system update notices can be, you should never ignore them. Many of these updates involve security patches that are vital to preventing ransomware and other malware from infiltrating your devices. If you're still using an older OS that Microsoft no longer supports, like Windows XP, you are especially vulnerable to attack. Do yourself a massive favour and upgrade to a newer operating system.
Back up all important files
The absolute baseline prevention of company data loss due to a ransomware attack is regularly backing up. Having backups of all your valuable and vital files will help you in terms of damage control. The best way to prevent data loss is to use a combination of offline and online storage methods. Save your files to one or more physical devices (e.g. external hard drives, USB flash sticks, SD cards) and to cloud storage services (e.g. Dropbox, Box, Google Drive).
This way, if you do get hit with a ransomware attack, you're ready to restore all your important files as soon as you remove the ransomware from your device.
Ensure employees act securely
It is also crucial to manage employees' access rights and to implement the Zero Trust principle - a security concept that requires all users, even those inside the organisation's enterprise network, to be authenticated, authorised, and continuously validating security configurations, before being granted or keeping access to applications and data - to reduce the impact of potential security vulnerabilities.
- Jakub Kroustek is a Malware Research Director at Avast