Jamie Humphrey, Managing Director A/NZ at cloud data management company Rubrik, warns Intelligent CIO about the dangers of ransomware.
As production line processes are increasingly automated and data-driven, Australian manufacturers have become a favorite target of ransomware attackers as these processes can only work with stable and consistent access to data.
As data is the lifeblood of many manufacturers, this makes the industry very attractive to ransomware groups.
A number of Australian manufacturers have fallen victim this year alone. BlueScope’s Australian manufacturing operations were impacted due to a ransomware attack, as were those of beverage giant Lions who warned of beer shortages while they fought to return operations to normal. Further, the logistics processes of Toll Group ground to a halt in the wake of two consecutive ransomware attacks earlier this year.
In a ransomware attack, hackers aim to trick an employee into opening a malicious email that executes a piece of malware which encrypts as much of a business’ data as it can. The attackers then demand the business pays a ransom, typically in bitcoin or another cryptocurrency, in order to retrieve their files.
These types of attacks are extremely popular because they require little specialized knowledge (complete, ready-to-go Ransomware- as-a-Service kits are easily available on the Deep and Dark Web), they have debilitating consequences for the victim, and – as the recent breaches highlight – they’re often successful.
In fact, according to a new report, ransomware attacks are estimated to have cost Australian businesses up to $240 million in 2019 alone.
Rather than face losing weeks of production, many might simply bite the bullet and pay the ransom to have their data restored.
Paying attackers to restore data, however, is a huge gamble. In fact, the Federal Government’s Australian Signals Directorate explicitly recommends against it.
Although there is no ‘silver bullet’ to protect against falling victim to ransomware, there are strategies to ensure the disruption to business in the event of an attack is minimized. Foremost among them is restoring operations from back-up data.
Maintaining frequent back-ups is recommended by both the Australian Cybersecurity Center and the Australian Signals Directorate as a way to guard against ransomware attacks. The more often critical data is backed up, the easier it is to restore operations from a point in time just prior to the infection.
In other words, with a comprehensive back-up strategy, businesses can simply turn back the clock and continue production as if the attack never occurred. The more frequently data snapshots are taken, the quicker services can return to normal.
In 2017 and 18 we saw WannaCry and NotPetya sweep the globe. Last year ransomware attacks took hospitals across Victoria offline. This year, multiple Australian businesses have been crippled and 2020 became the year we accepted ransomware was the new normal. Every company must accept this new status quo and establish a ransomware remediation framework to be better prepared ahead of a breach.