Malware is the most predominant cybercrime threat in Australia, according to the Australian Cyber Security Centre (ACSC). And ransomware – a virulent type of malware – is a rising threat to businesses in Australia and abroad. But what is it? And how does it affect your business?
What is ransomware?
Ransomware is a type of malicious software (otherwise known as ‘malware’) that restricts people from accessing their computer or smartphone, or individual files stored on them. Attackers extort money from their targets by holding their device or data to ransom, often threatening to release or erase it to force payment.
Security vendor Symantec has seen an explosion in this type of malware across the globe, according to the latest Internet Security Threat Report 2016 (ISTR), and Australia is one of the most heavily affected regions. Symantec blocks an average of 250,000 potential ransomware-loading attachments every year in Australia alone, representing a 141 percent increase in attacks over the last year.
How can ransomware affect your business?
The services industry is the sector most affected by ransomware, accounting for 38 per cent of reported infections in the last year. Businesses in this sector, such as recruitment agencies, handle high volumes of data and typically integrate with various internet services and applications that expose them to infections.
Recruitment agencies are particularly vulnerable to attacks. Downloading files like applications, CVs, portfolios and contracts is an essential and everyday function for a recruiter, but antivirus software may not always pick up on files that contain ransomware.
And what’s more, data (and the ability to access it) is the most important asset a recruitment agency has. You know that without it, you can’t process candidates or fill positions – and ransomware attackers know this too.
Calculating the cost of ransomware
As the threat of ransomware grows, so does the cost. In Australia:
- Cybercrime has cost $1.2 billion in the past year;
- An average 24,000 attacks occur each day, costing between $420-$700 per incident; and
- 13.7 hours are lost per attack.
But a ransomware attack implications beyond the cost of the ransom itself. Businesses that experience a ransomware attack face:
- Cost of replacing compromised devices
- Loss of proprietary data
- System downtime, which affects ability to operate
- Reputational damage
- Potential legal penalties arising from poor security or handling of data
Is your agency prepared for ransomware?
Most businesses have an IT policy and a disaster recovery plan, but surprisingly few are adequately prepared to handle a ransomware attack. This is in part because they don’t understand the risks, and because ransomware threats evolve at a pace that antivirus software struggles to keep up with.
As a recruitment professional, ask yourself:
- What would you do if you received a ransom demand? Would you turn to your Head of IT, the legal department, law enforcement, or someone else?
- How would your agency cope if it lost access to its data? Would you still be able to contact candidates and clients?
- What would you do if an attacker threatened to release your database? What would happen if personal information about your candidates and clients was released?
Having an executable plan for a ransomware attack is the key to minimising its impact on your business. Putting a cyber insurance policy in place helps too, as it gives you access to your insurer’s cyber threat response plan.
How to deal with a ransomware infection
If you experience a ransomware infection, you should follow these steps:
- Isolate the infected computer. Disconnecting infected laptops, computers and smartphones help prevent the ransomware attacking other network drives.
- Contact your insurer. Alert their breach response team as soon as possible so they can arrange for data services, IT forensics, legal and other experts to begin their investigations.
- Don’t pay the ransom. There’s no guarantee that an attacker will decrypt your files or restore access to your advice, and the ransom may be used to fund attacks against others. Explore your options first.
- Explore your options. You can restore any damaged files from a backup and minimise the amount of time your system is down. As a rule, you should be backing up at least once a day. You can also attempt to decrypt your files, accept the loss of data and wipe your infected drives, or pay the ransom.
Your insurer’s cyber threat response team can help you through the whole process by connecting you with experts in IT forensics, legal, data services and public relations consultants. All of these functions can be critical to minimising your loss. However, be aware that it can be difficult to arrange these services at short notice and it’s an unexpected cost to your business. Prevention is always better than the cure.