Held to ransom

By Peter Bailey, Aura Information Security
21 May 2021
read time
8 min to watch

Picture this: just as the country starts to rebuild post-lockdown, a new adversity starts shattering businesses one after another.

Imagine it. A medical centre turns away patients with no ability to access its practice records. A freight company loses access to thousands of critical documents, creating havoc with customer deliveries. A council department is brought to its knees, resorting to pen and paper to keep operating. A retail chain sends its staff home, unable to process and sell stock.

If Kiwi businesses don’t act now, this could quickly become a reality.

Sophisticated cyber criminals have perfected the art of ransomware attacks, leaving behind a vast wake of victims, from local government and big enterprise to non-profits and hospitals. Just look at the havoc in the United States; the US coastguard, the city of New Orleans, and even big names like Travelex, are not immune.

A lucrative business

The prolific ransomware campaigns ravaging businesses can be put down to a couple of key factors.

Firstly, ransomware has become more efficient. Today any crooked person can leverage ‘ransomware as a service’ packages, essentially purchasing a ransomware kit that allows even novices to launch highly effective ransomware attacks without much difficulty or technical knowledge. These quick and dirty attacks are particularly prevalent against small and medium businesses who may pay smaller ransoms to recover data.

Secondly, hacker behaviour has evolved. Sophisticated cyber criminals aren’t in this business for the quick wins – they are making calculated plays to inflict critical damage and extract maximum reward. These criminals will spend months exploring networks and systems, withdrawing your precious data to hold ransom for extortionate fees.

Regardless of the size of the target, any ransomware attack is frightening and costly to remedy.

The true global impact of these types of attacks have been notoriously difficult to determine. In part because many victims suffer in silence, quietly paying off attackers and not reporting the crime.

You might think New Zealand isn’t a target for most hackers, but consider this: organised gangs of cyber criminals, largely operating overseas, are competing against each other to find and exploit profitable victims.

US businesses, now aware of the vicious new attacks, are becoming attuned to the threats and are taking their cyber security defences more seriously. Much more seriously than we do in New Zealand.  Not only that, the US ‘market’ has become more saturated, with more than 98% of the world’s ransomware attacks hitting US businesses.

Suddenly, it’s easy to understand why some hackers would turn their attention to new horizons like New Zealand. Even if a mere 1% of the ransomware attacks reported globally in the first the three quarters of 2019 were redirected towards our country, we could expect to see a whopping 1.5million attacks alone. Just imagine what that would do to our economy.

No small incident

The pain of a ransomware attack is devastating and lingering. Travelex, who were targeted with a Sodinokibi ransomware attack in January which forced its systems offline, suffered a revenue drop of 36% for the three months after. This, coupled with the pandemic’s impact on global travel, has led to debt holders taking control of the company as part of a debt restructuring to help the currency service provider survive.

Closer to home, just as bars and restaurants reopened post-lockdown, Lion Brewery deliveries were halted across the country as the brewer’s operations were frozen by a disastrously timed ransomware attack. Despite eventually regaining system access, Lion’s most recent public statement on the attack warned that future repercussions are a very real possibility and data held on their systems may be disclosed in the future.

New Zealand is no longer safe

It’s my belief, and that of many experts in the field, that the most recent attacks seen in New Zealand are just the tip of the iceberg. With the pandemic seeing more business operating online and our complacent attitude to cyber security, New Zealand is a prime spot for cyber criminals to set up shop.

Unfortunately, Kiwis often feel they’re immune to international cyber-attacks. Our size, geographical distance and ‘she’ll be right’ attitude make us think we’re out of harm’s way. However, everyone who has a presence online is at risk, and if your business holds customer data, you are just as much a target as anyone else.

Phishing and ransomware attacks across New Zealand and Australia are being levelled at businesses of all sizes. Even the Government isn’t immune, with Australian Prime Minister Scott Morrison warning of an elaborate cyber-attack threatening public infrastructure.  

As a rule, most kiwis are trusting and not suspicious enough of unexpected emails they receive. In 2018, New Zealand was labelled the most vulnerable country in the world for fraudulent attacks, not a statistic we should be proud of.

What’s the implication for your business?

A ransomware attack can cause serious disruption to your business, effectively taking your whole business offline. If you have not backed up your files and systems, this could result in the permanent loss of your data.

Increasingly, sophisticated hackers are exploring networks before launching their attack, identifying which data is most valuable to their target and stealing it. The attackers then threaten to publicly release the sensitive data, unless the ransom is paid. This puts commercial sensitive or personal customer information at risk, which under the new Privacy Act 2020 could make your business liable for a fine, not to mention causing severe damage to your reputation. 

Recommendations for boards

It is important to remember that a ransomware attack is the second stage of a prior attack to gain access to your system – preventing ransomware should primarily focus on preventing the initial exploit, which is often weak or default credentials, unpatched systems or phishing attacks.

Larger organisations might carry out a gap analysis and set up a security road map accordingly to progressively increase security. A gap analysis will identify what to fix, how quickly to fix it and to what level it requires fixing.

For smaller business which may not have the resources to undertake a gap analysis, consider doing some simple security hygiene to create layers of protection. This includes

  • Educate yourself and your staff, particularly around fraud and phishing email attacks
  • Keep software updated as old software is an easy entry point for hackers
  • Use strong passwords that follow best practice and use multi-factor authentication where possible
  • Keep data backed-up outside your existing network and regularly test to make sure data is still accessible in the event of a ransomware attack.
  • Also, see CERTNZ website for templates and resources to assist SMEs.

While basic cyber security hygiene is a must for mitigating the risk of a ransomware attack, we also recommend preparing a robust response plan should the worst happen.

  • Have a clear crisis plan in place agreed by the board and management
  • Practice that plan to ensure it works. This could be a simple paper-based practice run or a detailed role playing scenario with executive team.
  • Ensure you have a communication's plan in place. This will include communications to staff, customers and  external stakeholders, and possibly media.
  • If staff or customer information has potentially been comprised, you may also need to notify the Privacy Commissioner.

A ransomware storm is coming. It’s our job to batten down the hatches, be prepared, and not give these criminals opportunity to infiltrate.


Author: Peter Bailey, GM Aura Information Security

Aura logo

Related content