Ransomware: how to stop your business being robbed

Once upon a time, if someone wanted to steal from a business, they’d have to don a balaclava and stage an armed robbery. Now, it’s far easier, says Kate Carruthers, chief data and insights officer at the University of NSW. All they need to do is use ransomware. 

A ransomware attack comes from installing malware on a device, usually by someone clicking an infected link. The business then finds their files are locked up and a ransomware gang is demanding payment to unlock them. 

Ransomware is one of the biggest threats to SMEs that exist. There is one report of cybercrime every 10 minutes, and it costs businesses about $300 million per year, according to the Australian Cyber Security Centre Small Business Survey, released late last year.  

And the impact is a double-whammy, Ms Carruthers says – not only do the cybercriminals demand money from the business to unlock their files, but they often sell the data from the files on the dark web anyway. This can include confidential details on staff, customers, and finances which can be used for untoward purposes like identity theft and also breach trust in the eyes of your customers. A recent report from the Office of the Australian Information Commissioner found there was a 25% increase in data breaches resulting from ransomware attacks in the first half of 2021. 

Big business 

Ms Carruthers explains that ransomware gangs are now “big business”, and some even have helpdesk numbers you can call. Some gangs are backed by state actors – something the Australian government has warned about. Add to that the fact that most small to medium businesses are interacting in the digital space in one way or another and you get an idea of the extent of the threat.

“For a small business, you have to think what would happen if you had all your files locked up, particularly if you do not have proper back-ups,” Ms Carruthers says. 

“Then, there’s the possibility that your staff or customers could have their identity stolen from the data they have sold on, which can impact your business trust and reputation.” 

Sophisticated scams 

The scams themselves are becoming so sophisticated too that Ms Carruthers knows cybersecurity experts that have fallen victim. These emails or text messages can look almost identical to a legitimate email from a bank or a telco – a common one at the moment is one that tells a person they have a parcel waiting for them at the post office. Australia Post has warned of this issue.  

“Everyone’s busy and ordering lots of shopping online, so they click on the link in what looks like a legitimate message,” she says. 

The University of NSW was itself attacked back in 2013, forcing it to shut down 25 servers and putting at risk confidential data about students, staff, and also research. Even Channel 9 was forced off-air in March after what is thought to have been a type of ransomware attack. 

Preventing ransomware attacks 

Ms Carruthers says that where there was once a ‘perimeter’ around a business that could be controlled with a firewall: this is not the case anymore with staff logging into multiple devices from home or accessing work emails on a personal smartphone. 

To counter this impact, she recommends following the Australian Cyber Security Centre’s Essential Eight strategy. She explains some of these most important steps for SMEs when looking to avoid ransomware thieves. 

Multi-factor authentication 

Multi-factor authentication is where you require two or more methods of verification to log in. For example, you enter a password then get a code sent to your device to verify it was you. 

“This is top of the list for me,” Ms Carruthers says. “It means that even if they find out a password then they still can’t get access.” 

Password management 

Many businesses have the same passwords for everything – probably many of us do – but this puts a business at risk. Ms Carruthers says there is also ‘password cracking’ software out there that will repeatedly try to guess a user’s password – and the victim won’t even know it is happening. 

The answer is to use a password manager which can generate complex passwords and store them for you.  

Use a VPN 

A virtual private network, or VPN, is a secure way to provide remote access to a network of computers. VPNs work by encrypting all the data that you send and receive. This means others cannot see what you’re doing online, access your personal information or tell where you’re located. 

Daily backups 

Solid, daily back-ups are a must as it means that if your files are stolen by a ransomware attack, at least you will have a way to recover them if they are stolen. 

Anti-malware  

This should be on all devices, Ms Carruthers says. See here for more information on anti-virus protection. 

Patching 

Patches are security updates that often become available, in response to new threats as they emerge. Keeping up to date and installing new ones is vital for small businesses and something that an IT manager or outsourcing company should be on top of.  

Research conducted in 2019 in the US by Ponemon Institute and software company ServiceNow shows that as many as 60% of victims said they were breached due to a known vulnerability where the patch was not applied. 

Small businesses – do your due diligence 

For SMEs, it’s critical to check that you have appropriate processes in place, especially as many do not have a dedicated IT person or outsource the process to another small business. The Australian Cyber Security Centre Small Business Survey shows nearly half of SMEs spend less than $500 dollars annually on cyber security, suggesting that many take a DIY approach. 

“Do your due diligence when outsourcing your tech support – query the vendor as to whether they can do everything on the Australian Cyber Security Centre’s Essential Eight,” Ms Carruthers says. 

“Make sure you are getting the protection you need,” she concludes.