Federal government's new plan to safeguard Australian Businesses against Ransomware
The Australian Cyber Security Centre is witnessing a 15% increase in Ransomware reporting from 2019 to 2021. “Ransomware gangs have attacked businesses, individuals and critical infrastructure right across the country,” said Home Affairs Minister Karen Andrews.
The silent ransom paid by the victim organisation works as an encouragement for the actors, thereby creating a vicious circle. The new plan makes reporting ransomware attacks mandatory for businesses with a turnover of $10 million or more per year.
The government also urges businesses to deter from paying the ransom as there is no guarantee that the infected data would be restored. This statement is an initiative to break the chain and hit cybercriminals as hard as possible.
Obstructed supply will lead to dwindling demands. When there is no ransom money being paid, the attackers will stop for the lack of incentives.
Apart from this, the Australian government will also introduce a suite of new offences for cyber extortion aimed at criminals that target critical infrastructure. Also, criminalise dealing in stolen data and the buying or selling of malware.
“Australia is not immune and there is clear recognition from government and industry that we need to do more to protect our nation against sophisticated cyber threats, particularly against our critical infrastructure,” committee chair Senator James Paterson said. This is the main reason why the Australian government is taking action to disrupt, pursue and prosecute cybercriminals.
What is Ransomware?
Ransomware is malware software that infects a system or files and blocks access to the file or the computer unless a ransom is paid. The amount of ransom is dictated by the value of data for the victim. The ransom has run into billions of dollars for some organisations.
Usually, an alert notification appears on the screen to announce the attack. Australia sees a surge in ransomware attacks on critical infrastructure as well as on small and medium businesses.
How does Ransomware work?
Ransomware injection can happen through numerous sources. However, emails and external drives are the most common. The infected device, which is connected to an organisation’s network, acts as a launching pad for the malicious software to spread.
Ransomware deploys asymmetric encryption that spreads across an organisation’s network and targets its database and file servers. Files are encrypted using a pair of keys to which only the perpetrators have access. Meaning, only they can decrypt the files. Sophisticated and potent variants of Ransomware are seen today that can spread quickly through the network and paralyse a business.
What are the methods used for deploying Ransomware?
There are two common types of Ransomware – locker ransomware and crypto-ransomware. The locker type affects basic computer functions, while the crypto attack encrypts individual files. Within these main categories, there are numerous distinctions such as Locky, WannaCry and Bad Rabbit.
Similar to the variants, the infection methodologies are also numerous. However, the most common ones are
- Phishing emails: Emails that look legitimate but contain malicious attachments.
- Drive-by downloading: When a user unknowingly visits an infected website, the malware is automatically downloaded and installed without the user’s knowledge.
- Social media: A modern way of gaining access is through social media platforms. Most users have work-based applications installed on their mobiles, so by infecting the device, ransomware finds its way to official accounts.
How to prevent Ransomware attacks in 2021?
Ransomware continues to be a threat to businesses in all sectors. The global pandemic and the new working norms breached security parameters that were set inside of the organisation. Hackers had a gala time as they went on a rampage globally.
So, it is high time organisations gear up and put up a defence against malware. Prevention is the best choice. To achieve this, a watchful eye and the right security software are crucial. Some basic measures can help prevent, or in the least, help you recover unscathed.
Steps to prevent ransomware attacks
- Get the best security software: We cannot stress this enough, without a strong cybersecurity solution, one cannot prevent a ransomware attack. We recommend Trend Micro for its ability to detect and defend.
- Secure your emails: Emails are the most common source of a ransomware attack. Be alert and identify illegitimate emails. Never open emails from unknown sources. Secure it using an email defender software.
- Do not click on links in the email: It is safer to visit any site mentioned in the email directly. If you have to click on a link in an email, make sure your browser uses web reputation services to check the link, or you can use free services such as Trend Micro Site Safety Center.
- Use OS that has updates available: Defunct operating systems do not get the protection of security updates. Such systems are vulnerable to attacks. So, make sure you use OS that enjoys updates from the parent company.
- Update your applications & software: Similar to OS, keep your applications and software also up to update.
- Backup important data: Ransomware locks your access to data, that said, if you have the latest version of your files backed up then it helps in maintaining the operations without disruption as well as gives leverage while negotiating your data back from cybercriminals.
- Download from legitimate sites or sources: As websites are also a source for launching Ransomware, it is advisable to refrain from visiting suspicious websites. Sometimes users are prompted to download material, but there are cases where malicious software is installed just upon visiting the website.
- Harden your endpoints: Secure all your endpoints. Make sure you give a tough fight. Also, ensure you have a security team monitoring your endpoints day and night.
- Develop plans and policies: It is important to have well-defined policies to defend your systems. There should also be a well-defined plan to get back into action in the event of an occurrence. Follow and communicate about the zero-trust policy across your organisation.
- Train the team: This is crucial. Most ransomware attacks are the result of an accidental security breach by employees. It is imperative to train them from day one and keep accessing their level of awareness and understanding about the security policy of the organisation.
How can Trend Micro protect me from Ransomware?
Trend Micro Security blocks these threats from possible points of infection. It prevents access to dangerous websites, including harmful links from social networks, spam and email messages. It also warns the user about running recently downloaded files.
To learn more about Trend Micro Co-Managed XDR and other security solutions