Ransomware Payments [Major Update For Australian Businesses]
Cybercrimes are here to stay… but many businesses in Australia and most likely New Zealand are still denying its existence and the threats they pose.
When it comes to Government oversight, not all cyber attacks and the threat intelligence behind them are shared with the public. This may be due to ongoing security investigations or for reasons that may simply be unacceptable for the general public consumption.
However, the Government isn’t the only sector that hides cyber risk and threat intelligence – Businesses in Australia and New Zealand are doing the same.
You might be wondering… what are they hiding? The truth is, many businesses are paying a cyber criminal’s ransom.
The Truth Many Businesses Refuse to Tell Their Customers About Cyber Crime
When you decide to engage with a business. Using their services or purchasing their products, you don’t simply give them your money and the transaction is over.
You actually may entrust them with your:
- Personal information (Name, Email, Phone, Address),
- Credit card details, and
- Access to systems and software unintentionally via email communication
Think about health services for a moment. Not only do you share your personal information – credentials, you also share with them your health information – vaccination status, history etc. Although this information may be strictly confidential and sensitive in nature and assuming the provider is using best-practice cyber security techniques – it still doesn’t mean you’re safe.
Your personal data together with others’, is gold to marketers, competitors, and most importantly cybercriminals.
So what if a business you engage with gets hacked?
Simple: a data breach ‘hack’ endangers not only the business but its customers as well – this means you.
Unfortunately, recent reports suggest that many businesses impacted by cybercrime across Australia for example are hiding the truth from their customers.
For years, organisations across Australia have been discreetly paying hackers millions of dollars in ransom.
For what? None other than stolen or encrypted data.
Data that contains their customers’ information, usernames, and their operational systems/network.
The True Cost of Ransomware and Cyber Threats
Experts in Australia indicated the rest of the world is now facing a tsunami of cybercrime.
This year, the Australian Cyber Security Centre reported there’s been a 60 per cent increase in ransomware attacks towards Australian organisations in 2020.
Based on the report, it’s been noted that at least one-third of Australian organisations/enterprises hit by ransomware paid the ransom.
Michael Sentonas, Chief Technology Officer of Crowdstrike said that during the first half of 2021, attacks have become more aggressive when it comes to frequency and the amount of ransom payment being demanded by hackers.
However, Sentonas also shared the one thing that puzzles many tech officers like him:
Australian businesses and organisations appear to remain complacent and relaxed about the issue that costs companies such as LinkedIn, Singtel, Microsoft, Facebook, and even government agencies billions of dollars.
In the survey conducted by Crowdstrike, many Australian organisations are still hesitant to believe they are not a possible target for cybercriminals.
“There’s a little bit of that mentality in Australia,” according to Mr. Sentonas.
Top Dollar Paid to Ransomware Alone
CSCRC (Cyber Security Cooperative Research Centre) reported that ‘cyber crime’ costs the global economy US$1 trillion. The whopping numbers, however, don’t seem to bother many Australian organisations.
This should not be the case, especially if companies in Australia belong to the list of ransomware attack victims:
Adding to this, many businesses in Australia believe that simply having an antivirus program installed is enough to save them from falling into the hands of cybercriminals.
The impacts of the cyber attacks mentioned above were deemed ‘in the realm of catastrophic’ for the said enterprises. This is what ASD Director Rachel Noble told the Senate committee in June of 2021.
However, the impacts of these attacks are just the tip of the iceberg. As per ASD Director Noble, a study estimates that a single severe cyber attack against Australian organisations could cost at least $30 billion, costing at least 160,000 or even more in jobs.
The fear for businesses is having their customers and clients discover the fact that they have been victimised – essentially exposing their client database, and remaining vulnerable to potential future cyber attacks, even after they have paid top dollars to the hackers.
Brand reputation, customer loyalty, ruined cash flow, impacted profitability are all at stake when a business is exposed to ransomware or any form of cyber attack.
Unfortunately, it’s possible that the stolen credentials that may have triggered the attack, allowing a simple login or a ‘trusted email’ method, are still floating around the dark web.
These credentials will typically be up for sale, many times over for other cybercriminals to purchase and use for other attacks.
Why is all this important?
Businesses May No Longer Be Able to Pay Ransomware, Discreetly.
The Federal Government has just recently announced that businesses in Australia will now be required to report any cyber incidents including ransomware to federal authorities. This is in line with the new specific offences for criminals operating online.
The demand for disclosing the attacks to authorities is due to the new cyber offences that are targeting small and large businesses.
People involved in cyber extortion are included in the new criminal offences. Cyber extortion uses ransomware to steal private information while charging the victims sky-high amounts for ransom payments to regain access to the network or data.
Cybercriminals buy and sell malware, harming the lives of the public by targeting small and large business and critical infrastructure like:
- Hospital networks
- Ambulance records
- Power networks
The penalties to be imposed on these cyber crimes are still in drafting and consultations, as the government tries to upgrade the nation’s criminal legislation towards growing online threats.
Home Affairs Minister Karen Andrews mentioned that the new offences would ensure Australian authorities were armed with the best tools and technology to take down cybercriminals and that the penalties would be serious.
Ms Andrews also campaigned that the public must now be better educated about the ramifications and consequences brought by ransomware which serves as a warning to businesses that are opting to pay ransoms quietly – in fear of public embarrassment and damage to their business reputation.
We don’t condone the payment of any ransom at all, because it does just make you more liable to a further attack.Home Affairs Minister, Karen Andrews
“Let’s be clear, it doesn’t mean that you’re going to get back the information that’s been stolen either,” she added.
Ms Andrews also says that the ideal situation is for people to put their hands up and say, ‘No, actually, I have been the victim of a ransomware attack’ and ultimately get the support that they need to deal with the implications and outcomes regarding the attack.
Ms Andrews added that the authorities hope that such penalties would be used as a last resort.
Although the legislative updates are not in play yet – it’s highly likely that the Government will pass these ASAP as they continue the fight against ransomware and cyber attacks.
While the law is still under draft and consultations, businesses in Australia, and even New Zealand – must start to realise and better prepare themselves and their businesses for exposure on the dark web.
Afterall a severe cyber/ransomware attacks are no longer maybe… they’re a certainty.
This is why businesses, small and large, are investing in Cyber Intelligence solutions, like CRINTEL to act as a double-check for their cybersecurity teams.
CRINTEL helps SMEs deal with the dangers of the Dark Web
CRINTEL – Cyber Risk Intelligence is a Private Intelligence Agency (PIA) that specialises in Cyber Threat and Risk Intelligence originating from the Dark Web.
We work as a co-managed solution to support and provide your internal team and external IT cybersecurity advisors with 24/7 live monitoring of the dark web.
Our Threat Intelligence Units (TIUs) monitor your business domain, email addresses and key suppliers – looking for exposed credentials that we can find about your business and suppliers – that are up for sale on the dark web.
Our enterprise-level cyber intelligence systems, used by Fortune 500 companies, are supported by human operatives and collect live dynamic data that is scanned or sourced from live dark web forums leveraging multiple sources in real-time 24/7, 365 days per year.
Are your business credentials up for sale on the dark web?
Get started with Crintel FREE today! Request a complimentary Cyber Intelligence Report here.
NOTE: As this article is sourced from one or more third parties we cannot guarantee the information is correct and suggest if you are relying on this information, for whatever reason, then you should first do your own research. Click here to learn more about how CRINTEL can help your business.