In the Office of the Australian Information Commissioner’s Notifiable Data Breaches Report January – June 2020, the number of data breach notifications attributed to ransomware attacks increased by more than 150% compared with the previous six months — increasing from 13 to 33. We are aware of a number of our Victorian school clients which have been subject of ransomware attacks in recent months.
The increase in ransomware attacks is due to a perfect storm created by COVID-19 of depressed economic circumstances, criminal groups being able to piggy-back off COVID-19 themes for phishing or whaling attacks and disruption or delay in usual processes for IT security due to workforce changes, crisis management needs and working from home arrangements.
Furthermore, remote working significantly increases success rate of ransomware attacks, due to weaker controls on home IT systems and a higher likelihood of users clicking on ransomware lure emails when outside an office environment and its training and policy focus.
What is ransomware?
Ransomware is a form of malware that encrypts a target’s files. There are a number of ways that ransomware can access a computer:
- Via phishing spam, where attachments comes in an email, appearing as a file that the email recipient could trust. Once downloaded and opened, they can take over a victim’s computer.
- A more aggressive form of ransomware is where security holes are exploited to infect computers, without tricking the user of the computer first.
Once the computer has been taken over, the attacker will encrypt some or all of the user’s files. The attacker then demands a ransom from the target to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get a decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
Another variation of ransomware occurs in which the attacker threatens to publicise sensitive data on the target’s hard drive unless a ransom is paid.
What steps can you take to prevent a ransomware attack?
In order to prevent a ransomware attack occurring to your organisation, we recommend taking key steps including:
- Train and educate staff on how to identify and avoid potential ransomware attacks. Many cyber-attacks originate with a targeted email that encourages a user to click on a malicious link, so, education of staff is one of the most important defences an organisation has;
- Continuously back up your data to prevent losing data, so that you are able to recover it in the event of corruption or disk hardware malfunction;
- Ensuring your systems have the latest ‘patches’ (a small piece of software that a company issues whenever a security flaw is uncovered). Cyber criminals will look for the latest uncovered exploits in the patches made available and then target systems that are not yet patched;
- Delete or archive old data that you no longer use.
It is critical that if your organisation collects and stores personal information, including the information of clients, customers, business partners, employees and contractors, you fully understand how and where this information is stored on your network. Organisations should also consider network segmentation, additional access controls and encryption to reduce the risk of personal or commercial information being exposed by a ransomware attack.
Australian Information Commissioner and Privacy Commissioner Angelene Falk states that the growing trend of ransomware attacks “has significant implications for how organisations respond to suspected data breaches — particularly when systems may be inaccessible due to these attacks”. This statement by Ms Falk highlights the importance of having an up-to-date Data Breach Response Plan which members of your organisation are aware of and know how to enact quickly.
How we can help
Is your Data Breach Response Plan up-to-date? If not, Moores is able to assist you with preparing or amending this crucial document. We also offer in-house privacy training for staff. For more information, please do not hesitate to contact us.