Don't pay the ransom, mate. Don't even fix a price, say Australia's cyber security bods
Better yet - do the basics and your systems won't get encrypted in the first place
Most online attacks could be easily avoided by following basic cyber security advice, Australia’s national cyber security bureau has said – even as it warned that the impact and severity of things like ransomware attacks are getting worse and worse.
“Cybercriminals follow the money,” said the Australian Cyber Security Centre (ACSC) in its annual report for 2019-20, published earlier this week.
“Over the past 12 months the ACSC has observed real-world impacts of ransomware incidents, which have typically originated from a user executing a file received as part of a spearphishing campaign,” said the agency, adding that after the initial breach attackers typically try to exploit remote desktop-type apps to hunt for anything worth stealing – or deleting.
Australia's Lion brewery hit by second cyber attack as nation staggers under suspected Chinese digital assault
READ MOREACSC was busiest in April 2020, when it had 318 “cyber security incidents” reported to it.
Out of 2,266 incidents that the agency responded to over the 12-month period, 803 were targeted against Australia’s federal or state level governments – though the ACSC put this down to the public sector’s willingness to report incidents to it, as distinct from the private sector.
Most attacks can easily be mitigated, said ACSC, through “measures such as not responding to unsolicited emails and text messages, implementing multi-factor authentication and never providing another party with remote access to your computer.”
Those attacks include June’s cyber-assaults against the Lion brewery, which were remarkably closely timed as China stepped up diplomatic pressure on Australia over international cooperation.
“Many of these [attacks] could have been avoided or substantially mitigated by good cyber security practices,” sighed the ACSC in the report (PDF, 18 pages), which covered the months July 2019-June 2020.
The infoseccers strongly advised against paying the criminals:
Paying a ransom does not guarantee decryption of data. Open source reporting indicates several instances where an entity paid the ransom but the keys to decrypt the data were not provided. The ACSC has also seen cases where the ransom was paid, the decryption keys were provided, but the adversary came back a few months later and deployed ransomware again. The likelihood that an Australian organisations will be retargeted increases with every successful ransom payment. ...
It is generally much easier and safer to restore data from a backup than attempting to decrypt ransomware affected data.
While it won’t surprise regular Register readers to hear that ransomware is “one of the most significant threats” to online businesses in Aus (and beyond), the ACSC is already looking ahead at towards how 5G and increased digital connectivity across their nation will expose more and more people and businesses to the risks of being online.
5G networks and Internet of Things devices “require new thinking about how best to adopt them securely,” opined ACSC. Britain has published design standards for IoT devices, while on 5G the US has addressed potential vendor security problems by shutting out those they deem to be problematic vendors. ®