Hot fact #1: an excellent anagram of RANSOMWARE is WARM SENORA. Hot fact #2: amongst Australian businesses affected by ransomware, 45 per cent have chosen to pay up to criminals to get their files back.
Ransomware is that particularly nasty form of malware that encrypts all the files on your machine, and then displays a message demanding payment (usually in bitcoin) in order to unlock them. To add insult to injury, the ransom notes are often filled with grammatical errors and garishly designed.
It’s also a major problem. According to the “Second Annual State of Ransomware Report” from security software developer Malwarebytes, 31% of Australian SMEs have suffered from a ransomware attack in the last year. That’s a lot of locked-up files and questionable security practices.
While paying up cash to access your own files is annoying, it’s not actually the biggest issue. “The main problem is that it stops business,” said Jim Cook, ANZ regional director for Malwarebytes, at a launch event for the Australian report. “The downtime is the real concern here.”
That last time can be significant: for 24% of the businesses surveyed, they were out of action for more than 24 hours. Hassle over downtime is particularly pronounced for the unlucky 1% who suffered repeated attacks during the year, most probably because they failed to actually remove the ransomware after paying the ransom.
The sums being demanded aren’t huge. Amongst the businesses that suffered a ransomware attack, 45% were hit for under $500, and another 36% with demands between $500 and $1000. Given the “spray and pray” nature of ransomware attacks, that makes sense: asking for $50,000 would reduce the odds of someone paying up. That might help explain why 45% of businesses gave in to ransomware demands. To be clear: don’t do that, it only encourages the ransomware developers.
So how can companies stay safe? One big challenge with ransomware is working out how it entered the organisation. 31% of those surveyed had no idea, 22% blamed it on clicking a link in an email, and 18% on an email attachment.
It’s also not helpful to simply assume that people should be “smart enough” to be able to identify a phishing email. “Some of these messages are so well-designed, anyone would click on it,” Cook noted. “You don’t have to be stupid.”
Part of the solution is to implement a multi-pronged security solution, that can detect malware-like behaviour and block well-known attacks. But it’s also vital to have a robust backup solution in place, so if there is an issue you can restore and carry on. Otherwise, there’s a real risk of losing files. Amongst businesses who were infected with ransomware but didn’t pay up, 40% lost data as a result.
Angus Kidman is editor-in-chief for comparison site finder.com.au , a former editor for Lifehacker Australia and a dedicated anagram enthusiast. Follow him on Twitter @gusworldau.
Comments
4 responses to “How Ransomware Turns Some Aussie Businesses Into Massive Cowards”
Backups. Store your files where you should (backed up network location, not on your desktop). Two easy steps.
Also if the hackers email address is taken down, you’ll never get the key.
I think the “internal” practices and processes are very well known and understood to IT staff nowadays. Backup everything, often, and keep it offline. Have good security/scanning at multiple layers, the desktop, the firewall, the email scanner. Train your users how to spot and avoid dodgy emails and websites.
Now, it would be nice if these companies that are impersonated, banks, utilities, telcos, online services; would actually take some time to implement basic security measures and educate their customers of it, so they’re not so easy to impersonate. I received an email from EastLink the other day, was the dodgiest looking email I’ve seen in a long time, I was convinced it was a scam. But, I was curious, this was sent to my personal email address, with an attachment, normally Outlook.com is pretty good at killing off emails with malicious attachments, so, it seemed strange this one made it through. I sent the attachment through to VirusTotal and it came back negative. Okay, so I opened it with the internal preview in outlook.com, in my browser, and what do you know, it was legit. They sent me my real statement as an attachment to an email that had no personal details in it, from a different domain to the one they run their website on, with no details as to what exactly the attachment was, and using graphics that were not scaled and aligned correctly. When legitimate emails like this exist, how are we supposed to educate people on avoiding illegitimate emails? These companies need to take some responsibility, they need to implement stranger 2 way authentication protocols so someone who receives communications from then, can verify they are legitimate (has anyone ever received a phone call out of the blue from your telco, only to be asked for personally identifiable information as soon as the call starts, with them providing any kind of verification they are who they say they are?).
Like holding your tongue with your fingers while singing the national anthem?
No, like what banks do (or at least my bank), they ask “I can see you went to 7-11 last week, can you remember approximately how much you spent there”, as a general every day challenge/request that’s quite good, it verifies to both parties they are speaking with who they expect. Sure if you’re being targeted for identity theft, it doesn’t help much, but there’s no way some robo-calling call centre in India will have that kind of information available to them.