Boost your defences against a ransomware attack

Ransom malware – or ransomware, as it’s more commonly known – has made headlines globally over the past few years as the number and intensity of attacks increase.

Ransomware is designed to prevent users from accessing their systems or personal files while the sender of the malware demands a payment to reinstate access. The earliest types were developed in the late 1980s, where the perpetrators actually demanded payment via snail mail – these days it’s usually via cryptocurrency.

Ransomware affects computers in several ways, though most common is through malicious spam – malspam – or simply the delivery of the malware through unsolicited emails that the end user unwittingly opens.

They may then contain a combination of PDFs, Word file attachments or links to malicious sites, and those responsible have become increasingly adept at tricking targets into opening them by posing as trusted institutions such as the police, the FBI in the US, a government or a bank.

As ransomware protagonists become increasingly sophisticated, so have their methods for delivery and the size of their targets.

Anatomy of a crime: Emotet

Emotet, for example, is primarily spread through malspam that may arrive through malicious script, macro-enabled document files or malicious links. It has undergone several iterations and has been highly successful in mimicking legitimate and familiar branded emails, especially those from financial and banking institutions with headings such as ‘Your invoice’ and ‘Payment details’.

Originally used as banking malware in 2014, Emotet has proven particularly insidious due to its ability to avoid anti-malware solutions and its use of worm-like capability to spread to other connected devices.

Similarly, Melbourne’s Cabrini Hospital was recently targeted in a cybercrime attack. A gang of hackers broke into the hospital’s medical files, crippled its server and scrambled the data of about 15,000 patients – after which the group demanded a cryptocurrency payment to release the data. The hospital was unable to access the files for weeks after the incident.

Cabrini eventually paid the ransom and was given a password to unlock the server, but remained unable to recover many of the sensitive patient files.

The best defence

The ransomware business model has proven an effective one for criminal syndicates, often with state backing from entities such as Russia and North Korea, but there are a number of things businesses can do to defend themselves.

First and foremost, your organisation should use state-of-the-art antivirus software and firewalls from the most reputable vendors, across all networked computers. This should also involve the best possible backup solutions, especially offsite storage such as the cloud, and universal use of up-to-date software with all relevant patches.

As an extra barrier, simply engendering a culture of caution among your staff when it comes to opening dodgy emails will go a long way to stopping ransomware issues from arising in the first place.

Additionally, having content scanning and filtering solutions on mail servers that actively scan for known threats will provide another layer of defence to any questionable email attachments.


When all else fails

If your security and backup measures are still unsuccessful in preventing data theft, insurance can give your organisation that extra peace of mind, especially considering what the cost of data retrieval might otherwise be.

Insurance policies can vary greatly in their scope and cost, so it’s important to establish they actually cover malware in the first place.

You’ll then need to establish to what extent they cover things such as business interruption and the cost of data recovery, which in a worst-case scenario may actually entail paying the ransom to the perpetrator of the attack.

Insurers are also generally averse to any involvement in paying criminals’ ransoms, regardless of how relatively small the amount may be, and are generally insistent that all reasonable effort must be made to retrieve the data first.

Having up-to-date defences against ransomware and a good insurance policy can help you mitigate what might otherwise be a disastrous loss of data to cybercriminals. Make sure you don’t get caught out.

Important disclaimer – Steadfast Group Limited ABN 98 073 659 677, its subsidiaries and its associates.

The views expressed are those of the author only and do not necessarily reflect those of Steadfast.

This magazine provides information rather than financial product or other advice. The content of this magazine, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date articles are written as specified within them but is subject to change. Steadfast, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. Various third parties, including Know Risk, have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.

Flood, fire and storm: How to keep your business protected

From droughts to floods and everything in between, businesses are facing a range of environmental risks and extreme weather events that can take a fatal bite out of your bottom line. Whether you’re a farmer, a finance executive, run a manufacturing business or own a retail store, here’s what you need to know about insurance for environmental and natural hazard risks.


Agriculture: Looking after our farmers

Farmers are fighting wars on multiple fronts. Recent droughts have put many farmers out of business, then there are other environmental risks such as excess rainfall, high winds, bushfires, pest plagues and wildlife damage that can also destroy crops – and livelihoods – in a flash. And if that wasn’t enough to worry about, farmers must also consider their own compliance with environmental regulations such as the safe storage of contaminants.

Suggested policies: A typical crop insurance policy will cover the risks of chemical over-spray, while sudden and accidental pollution is covered by public liability insurance. Multi-peril crop insurance and named peril crop insurance also provide coverage against a range of environment threats including drought.


Professional services and finance: Taking care of business

Environmental disasters such as extreme weather events can take a significant toll on professional services and finance businesses. Losing power and internet or phone connections can disrupt business operations for significant periods, and natural disasters can physically damage office premises and essential equipment such as onsite servers. Professional services firms that predominately serve local businesses may also experience a drop in income if a natural disaster puts client businesses offline for an extended period.

Suggested policies: A property insurance policy that protects your professional services or finance business against damage caused by fire, flood and other natural disasters is a must. You may also consider insuring expensive equipment such as computer hardware and onsite servers, and a business interruption policy will help protect your income if a natural disaster closes down your operations for an extended period.


Manufacturing: Protecting the production line

In addition to the above natural hazards that could damage property or interrupt operations, many manufacturing businesses must also contend with environmental liability. That means manufacturing businesses are often legally and financially responsible for any environmental damage caused by their operations. This includes proper waste disposal, accidental chemical spills and gradual pollution.

Suggested policies: Environmental impairment liability insurance provides coverage against a range of environmental exposures, including onsite and offsite clean-up costs, legal costs associated with defending violations of environmental regulations and business interruption expenses.


Retail: Securing consumer spending

Retail businesses are also vulnerable to environmental risk factors. Most brick-and-mortar retail stores hold significant inventory on their premises, and natural disasters such as hail, cyclones and floods can not only cause structural damage, but also destroy your saleable goods. Storm damage from extreme weather events may also force you to close your doors while physical store damage is repaired.

Suggested policies: A comprehensive Business Insurance policy including property damage and business interruption is essential to provide cover where your buildings, contents and stock are damaged by extreme weather events such as storm, wind, rain and hail.

Check that your policy includes emergency response cover that pays your reasonable costs to make the premises safe and secure following an extreme weather event. This may include such costs as temporary repairs to make the premises safe or the costs of hiring security guards.

Important disclaimer – Steadfast Group Limited ABN 98 073 659 677, its subsidiaries and its associates.

The views expressed are those of the author only and do not necessarily reflect those of Steadfast.

This magazine provides information rather than financial product or other advice. The content of this magazine, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date articles are written as specified within them but is subject to change. Steadfast, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. Various third parties, including Know Risk, have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.