Sidestepping the sucker punch: why organisations need to be on the alert for targeted ransomware attacks in 2019

It’s an intimidating prospect – being up against an opponent who knows how to hit you right where it’s going to hurt the most. Add in the element of surprise and you’re looking at a real sucker punch, one that can leave you defenceless and gasping for breath.

Welcome to the favoured modus operandi of the savvy cyber-criminal in 2019.

Targeted ransomware attacks are just as they sound. They’re cyber-assaults which are the antithesis of the random phishing attempts familiar to almost every Australian business and individual who’s ever possessed an email address and received an urgent missive adjuring them to rectify an unpaid account or avail themselves of a winning opportunity.

What price your data?

Ransomware is a variety of malware – rogue software which can be deployed by hackers to hijack a computer system or network until its owner ponies up a sizeable fee, or ransom, payable with crypto-currency bitcoin.

Typically, perpetrators study their prospective victims’ networks to gauge the value they’re likely to attribute to their systems and data and, hence, the sums they may be willing to part with, in order to see their access restored.

Ransom amounts are set accordingly and may vary from a few hundred dollars to tens of thousands, if an organisation is in the position where even a brief period of shutdown would have significant financial consequences. In Australia’s rapidly digitising economy, the number of businesses that fit this description is large and growing.

Systems can be infiltrated by malicious emails or web sites, or via infected applications on peer-to-peer networks.

2017 saw two high profile attacks hit the headlines: WannaCry, which wrought havoc within the UK’s National Health Service, and Petya/Not Petya which hijacked systems in scores of organisations around the world and brought industry to its knees in the Ukraine, where the majority of attacks were recorded.

Other ‘strains’ of ransomware which have surfaced more recently include SamSam, Dharma, BitPaymer and Ryuk. They’re all rogue programs with the potential to cripple systems and cause major disruption or shutdown in organisations which lack strong cyber-security counter measures or don’t maintain comprehensive off-line back-ups.

Training their sights on your business – and bank account

CERT Australia, which now forms part of the Australian Cyber Security Centre, warns that size, or lack thereof, is no protection against being targeted by cyber-criminals.

In today’s increasingly digitised business environment, Australian companies and organisations, both large and small, possess data and systems that are critical to their operations and profitability. By virtue of that fact, they’re at risk of falling victim to what’s become the fastest growing form of malware threat.

In fact, 60 per cent of all targeted cyber-attacks are on small and medium sized businesses, according to the Australian government’s Stay Smart Online initiative.

If successful, the effects can be multi-fold: business disruption, loss of data, income and productivity, and damage to equipment and reputation.

Stay Smart Online puts the average cost of a cyber-crime attack to a business at $276,323; a sum that’s far from pocket change and one which few SMEs could readily spare.

CERT notes vulnerability is typically the result of one of three things: employees whose unsafe online behaviour lays the organisation open to cyber-attack; failure to perform regular system and network back-ups; and failure to install software updates and security patches in a timely manner, following their release by vendors.

Raising the defences electronically

Latest release network monitoring and detection technology is an essential defence against targeted ransomware attacks.

Tools and programs which incorporate machine learning should be implemented in order to quickly identify unusual activity, such as widespread file encryption, and flag it for further investigation by a security incident and event management team.

Speed is a hallmark of ransomware attacks. Software which generates an immediate response to suspicious activity represents companies’ best hope of arresting an attack before systems are significantly compromised.

Automation technology can make it possible to keep malware in check, by halting its viral spread across company networks. Minimising the chaos it’s able to create reduces the likelihood a victim will be ‘forced’ to cough up the ransom money in order to restore or maintain operations.

The power of prevention

When it comes to causing widespread disruption and extorting funds, targeted malware attacks are where it’s at in 2019, for cyber-crooks keen to make a quick quid, or several from the carelessness and vulnerability of companies.

The old adage that prevention is better than cure holds true in most situations and never more so than in the cyber-security setting. Australian businesses that are not alarmed but, rather, alert and armed against targeted ransomware attacks, stand the best chance of successfully defending their operations and protecting their bottom line.