'Tsunami' of ransomware attacks coming, businesses warned

Friday, 26 June 2020

New Zealand can expect more ransomware attacks, in which criminals hack into an organisation's database and threaten to release sensitive information unless the organisation pays the hackers a ransom, cyber expert warns.

More Kiwi organisations will have their data hacked and be ordered to pay a ransom for it, as 'dark web' criminals set their sights on New Zealand, a cybersecurity expert warns.

A string of ransomware attacks on businesses in New Zealand were 'only the start of a tsunami of attacks on the horizon threatening local businesses' general manager of cybersecurity consultancy, Aura Infosec, Peter Bailey, said.

Trans-Tasman brewer, Lion, last week became the latest of several high-profile businesses known to have fallen victim to ransomware attacks in recent months, with hackers threatening to 'auction' Lion's confidential documents, unless the company paid a ransom of NZ$1.25m.

Bailey said the attackers were targeting New Zealand, after costing organisations in America and Europe millions of dollars over the last year.

New Zealand organisations are set to experience a 'tsunami' of ransomware attacks, cybersecurity expert warns.

* Hacked Uber account charges Tauranga woman for rides in Poland

* Hackers steal influencer and mother's Facebook to promote hardcore porn

'In the US, they're spending a lot more money on insurance, on systems, they're training their staff well, so it's getting harder for the attackers to make money.'

Ransomware attackers infiltrated organisations by sending them emails with software embedded, that enabled hackers to encrypt files so the files couldn't be accessed again, Bailey said.

The attacks were becoming more sophisticated, with hackers infiltrating businesses to find out their weak spots, before locking files and making demands.

Ransomware criminals were well-organised, with large groups of people making multiple, small attacks, Bailey said.

'On parts of the dark web you can buy ransomware as a service.'

Criminals paid larger criminal organisations to use the method they had developed, to run their own phishing campaign, he said.

Some New Zealand businesses, targeted several years ago when the ransoms were smaller, had paid the ransom because it was easier to get their business back online that way.

'Our line is don't pay, because it's a criminal activity and you're encouraging it,' Bailey said.

'They'll probably come back for a second bite of the cherry if they can, if they know you pay. And also you can't guarantee you'll be able to unlock your files.'

Bailey was unsure if making it illegal to pay the ransoms would stop the attacks.

Some insurance companies offered to pay ransoms as part of a business' insurance cover, and hackers tended to find different avenues to get money.

With more employees working from home since lockdown, businesses were more vulnerable to ransomware attacks, Bailey said.

Some home networks were not secure or had default passwords.

Employees might be jumping from work to personal emails, re-using passwords on personal and work sites, and sending files via the internet that would usually be on a shared server.

Businesses should make sure they had some form of back up to their files, he advised.

Organisations should have policies that ensured secure transfer of information, and ensure they had good software patching regimes, strong passwords, two-factor authentication, and a cloud provider they could trust.

It was hard to know the number of organisations that had fallen victim to ransomware attackers in New Zealand, because it was not a requirement for companies here to declare that, Bailey said.

Changes to privacy legislation were due to come in to force at the end of this year, requiring companies to disclose if they had been breached, and to let affected people know, he said.

* Businesses can find more information about how to protect themselves against and report ransomware attacks at https://www.cert.govt.nz/individuals/explore/ransomware/?topic=ransomware