Counteracting Ransomware

30/04/2024

Ransomware attacks present an escalating threat to global security, one which threatens a broad range of organisations ranging from government agencies to small businesses. Driven by an increasingly interconnected IoT landscape and the use of outdated or legacy systems, ransomware poses a growing threat to Australia’s critical infrastructure – including the healthcare, financial services, transportation, IT, and energy sectors.

What is ransomware?

Ransomware is a common type of malware deployed by malicious actors in data breaches. It involves a malicious actor infiltrating the victims’ systems and encrypting data held on their systems, preventing its owners from accessing their data and paralysing business operations.

The malicious actor then issues a ransom, demanding that the victim pay in exchange for the promise of providing a decryption key, which then enables the victim to decrypt and regain access to their data. The means by which threat actors delivery ransomware varies:

  • Messages with malicious links and email attachments;
  • Phishing;
  • Remote desktop protocol brute forcing;
  • Malicious websites and drive-by downloads; and
  • System and software vulnerabilities.

Such ransoms are typically requested by the malicious actor in the form of cryptocurrency, allowing the malicious actor to remain anonymous. The malicious actor may attach a time limit to the ransom payment to create a sense of urgency. If the malicious actor’s ransomware attack also involved the exfiltration of data, they may attach a promise not to leak the victim’s data in exchange for payment.

Essentially, ransomware is someone taking your data hostage.

Impacts of ransomware

The threat of ransomware has gained increasing traction over the past decade, especially following the notorious 2017 WannaCry ransomware attacks which impacted 230,000 computers across 150 countries, costing an estimated $4 billion in damages.

According to the most recent Notifiable Data Breaches Report by the Office of the Australian Information Commissioner (OAIC) (July – December 2023), ransomware was the cause of 27% of cyber security incidents that resulted in a data breach. However, there remains poor visibility of ransomware in Australia, which is costing the Australian economy up to $3 billion every year.

Government Strategy

There have been repeated, though unsuccessful, attempts to introduce ransomware-specific legislation. The first was the Ransomware Payments Bill 20211, a private member’s bill introduced by then-shadow Minister for Cyber Tim Watts MP which unsuccessfully proposed to legislate a reporting scheme for ransomware payments. This was followed by the introduction of the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 in February 20222, and repeated reintroduction of the item as a private member’s bill in September 20223; both of which failed to pass.

On 13 October 2021, the Minister for Home Affairs released Australia’s Ransomware Action Plan (RAP)4. This noted the increasingly prevalent global threat of ransomware, committed to delivering additional legislative reforms to build the government’s situational awareness of the ransomware threat while further criminalising ransomware, and ensuring law enforcement can track, seize or freeze proceeds of crime from ransomware. Among its core proposals was the introduction of a specific mandatory ransomware incident reporting scheme.

On 22 November 2023, the Australian Government unveiled their 2023-2030 Australian Cyber Security Strategy (Cyber Security Strategy)5. The Cyber Security Strategy details how the Government plans to work with industry to reinforce Australia’s ‘cyber shields’ and make Australia a world leader in cyber security by 2030. Part of the Cyber Security Strategy is tackling the problem of ransomware. The government plans to work with industry to break the ransomware business model by:

  1. Enhancing visibility of the ransomware threat and possibly implementing a no-fault, no-liability ransomware reporting obligation for businesses.
  2. Providing clear guidance on how to respond to ransomware and strongly discouraging businesses from paying ransoms to cyber criminals – this is because there is no guarantee malicious actors will provide businesses with access to their information again or prevent the information from being leaked online.
  3. Driving global counter-ransomware operations through work with the International Counter Ransomware Taskforce.

Safeguarding against ransomware

To preclude any legal risks and liabilities, businesses and individuals are encouraged to implement the following ransomware protection measures:

  • Have an Incident Response Plan (IRP) – outlining organisational response to ransomware and cyber incidents;
  • Improve visibility – improving awareness of systems and data held by your organisation through routine audits and scoping your organisation’s cyber attack surface;
  • Implement backups – Engage in regular system and data backups;
  • Use multi-factor authentication – this helps deter potential threat actors;
  • Adjust access controls – apply least privilege in limiting access to resources for staff based on minimum needed for business operations; and
  • Education and training – Introducing phishing and social engineering training, and driving a cyber security conscious culture across the organisation.
  1. ParlInfo – Ransomware Payments Bill 2021 (aph.gov.au) ↩︎
  2. Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 – Parliament of Australia (aph.gov.au) ↩︎
  3. Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 – Parliament of Australia (aph.gov.au) ↩︎
  4. Ransomware Action Plan (homeaffairs.gov.au) ↩︎
  5. 2023-2030 Australian Cyber Security Strategy (homeaffairs.gov.au) ↩︎

Parental Leave for Casual Employees

For casual employees the unpredictability of their employment can be a major source of stress as often casual employees miss out on many of the entitlements that full-time and part-time employees enjoy. For many, this concern is further exacerbated when they learn that they are about to become a parent. It should therefore be of …
Read more

Purchasing an Off-the-Plan Property

The interest in “off-the-plan” properties is ever increasing and is becoming more popular for buyers. An off-the-plan purchase is one where the Buyer enters into a contract to purchase a property that has not yet been constructed. Due to the prolonged settlement period for an off-the-plan purchase it is imperative for buyers and sellers to …
Read more