Ransom malware – or ransomware, as it’s more commonly known – has made headlines globally over the past few years as the number and intensity of attacks increase.
Ransomware is designed to prevent users from accessing their systems or personal files while the sender of the malware demands a payment to reinstate access. The earliest types were developed in the late 1980s, where the perpetrators actually demanded payment via snail mail – these days it’s usually via cryptocurrency.
Ransomware affects computers in several ways, though most common is through malicious spam – malspam – or simply the delivery of the malware through unsolicited emails that the end user unwittingly opens.
They may then contain a combination of PDFs, Word file attachments or links to malicious sites, and those responsible have become increasingly adept at tricking targets into opening them by posing as trusted institutions such as the police, the FBI in the US, a government or a bank.
As ransomware protagonists become increasingly sophisticated, so have their methods for delivery and the size of their targets.
Anatomy of a crime: Emotet
Emotet, for example, is primarily spread through malspam that may arrive through malicious script, macro-enabled document files or malicious links. It has undergone several iterations and has been highly successful in mimicking legitimate and familiar branded emails, especially those from financial and banking institutions with headings such as ‘Your invoice’ and ‘Payment details’.
Originally used as banking malware in 2014, Emotet has proven particularly insidious due to its ability to avoid anti-malware solutions and its use of worm-like capability to spread to other connected devices.
Similarly, Melbourne’s Cabrini Hospital was recently targeted in a cybercrime attack. A gang of hackers broke into the hospital’s medical files, crippled its server and scrambled the data of about 15,000 patients – after which the group demanded a cryptocurrency payment to release the data. The hospital was unable to access the files for weeks after the incident.
Cabrini eventually paid the ransom and was given a password to unlock the server, but remained unable to recover many of the sensitive patient files.
The best defence
The ransomware business model has proven an effective one for criminal syndicates, often with state backing from entities such as Russia and North Korea, but there are a number of things businesses can do to defend themselves.
First and foremost, your organisation should use state-of-the-art antivirus software and firewalls from the most reputable vendors, across all networked computers. This should also involve the best possible backup solutions, especially offsite storage such as the cloud, and universal use of up-to-date software with all relevant patches.
As an extra barrier, simply engendering a culture of caution among your staff when it comes to opening dodgy emails will go a long way to stopping ransomware issues from arising in the first place.
Additionally, having content scanning and filtering solutions on mail servers that actively scan for known threats will provide another layer of defence to any questionable email attachments.
When all else fails
If your security and backup measures are still unsuccessful in preventing data theft, insurance can give your organisation that extra peace of mind, especially considering what the cost of data retrieval might otherwise be.
Insurance policies can vary greatly in their scope and cost, so it’s important to establish they actually cover malware in the first place.
You’ll then need to establish to what extent they cover things such as business interruption and the cost of data recovery, which in a worst-case scenario may actually entail paying the ransom to the perpetrator of the attack.
Insurers are also generally averse to any involvement in paying criminals’ ransoms, regardless of how relatively small the amount may be, and are generally insistent that all reasonable effort must be made to retrieve the data first.
Having up-to-date defences against ransomware and a good insurance policy can help you mitigate what might otherwise be a disastrous loss of data to cybercriminals. Make sure you don’t get caught out.
Important disclaimer – Steadfast Group Limited ABN 98 073 659 677, its subsidiaries and its associates.
The views expressed are those of the author only and do not necessarily reflect those of Steadfast.
This magazine provides information rather than financial product or other advice. The content of this magazine, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date articles are written as specified within them but is subject to change. Steadfast, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. Various third parties, including Know Risk, have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Steadfast Group Limited.