Ransomware: the emerging trend in cyber threats
In the latest example of how brazen cyber thieves have become, the perpetrators behind a ransomware attack on Japanese camera maker Canon dumped some of the encrypted data online when the company refused to meet its demands.
In Australia, an insurer agreed to a $350,000 bitcoin payment to free a client’s system from a new strain of ransomware after its forensic experts said it could take several months to unlock the encryption.
Cyber threats are not new but the dangers they pose have increased sharply since the pandemic erupted, forcing businesses to operate remotely. It’s taken on a more sinister nature as shadowy hackers are no longer content to just rely on email phishing, disguising as legitimate companies to trick victims into handing over passwords, logins or financial information.
What hackers now want is access to the troves of valuable data stored by companies, encrypt it and use it as a leverage to demand huge ransom payments as a condition for restoring access.
New figures from the Office of the Australian Information Commissioner showed the number of ransomware attacks rose to 33 in the first-half of this year from 13 in the preceding period, confirming the worst fears of IT security experts.
They say the data-encryption malware is now the biggest cyber threat facing Australian businesses. Clyde and Co, a law firm with a dedicated cyber incident response division, says Australia is just one of many countries seeing a new wave of ransomware incidents.
“The risk landscape has evolved to sophisticated and well-planned attacks, with organisations being profiled and hand-picked as targets,” the firm’s Partner John Moran said.
“Our team is seeing a shift away from the more ‘routine’ incidents where criminals seek a handful of bitcoins in return for the decryption of their IT systems.”
While big companies are often targeted, SMEs are not immune to the threat. Some have already fallen victim to ransomware attacks. The insurer who made the $350,000 bitcoin payment says its client is a club in Queensland whose IT system had flaws that were exploited by the ransomware attacker.
Data is the new oil in today’s digital economy. And that’s where smaller businesses come in. It’s only a matter of time before cyber hackers focus more on SMEs, knowing they don’t have the resources to easily secure their IT systems.
So what can SMEs do about it? They’ve been told the importance of investing in a cyber insurance policy. But not all cyber covers offer the same protection or suit the specific needs of what an SME is after.
This article originally appeared on Adroit Insurance & Risk Blog and has been published here with permission.