Ransomware has been a hot topic already in 2020 and towards the end of 2019. We’ve seen several organisations across different industries which have faced ransomware attacks.
The recurring theme is the dependency that those businesses have on their IT systems. In this article, we’ll analyse a few of the recent breaches to try and understand the scale of the effects disruption can have on everyday operations.
Ransomware attack against Talman Software – Feb 2020
The Talman software solutions have been around in one form or another since the 1970’s and are one of the key software providers for the Australian wool industry. In February 2020, it was reported that they had been the victim of a large scale Windows ransomware attack.
“More than 75% of the wool industry in Australia and New Zealand uses Talman software solutions. These wool-management solutions span public and private auctions, private sales, delivery, dumping and local or overseas processing.” – Talman Software website
The disruption has led to wool auctions being rescheduled across Australia. For an industry that has been hit hard by Bushfires, global trade deals and reduced exports due to Coronavirus fears, this ransomware attack severely impacts an integral part of the local Wool industry.
Dr. Pramod Pandey, the CEO of Talman, said their back-up systems were being put into a new IT infrastructure, independent of the infrastructure which was subject to the attack.
“We have all the back-up systems, so there is no crisis,” - Chief executive officer, Talman Group, Dr. Pramod Pandey
Time will tell how long it will take their platform to recover from this attack. At the very least, their claim of having good backups is a very important strategy to ensure your business stays resilient in any possible breach scenarios.
Australian Logistics giant Toll Group hit with MailTo – Jan 2020
As of the 28th of February, it has been a month since the Toll Group was hit with the popular variant of Ransomware MailTo. At the time of writing, Toll is still recovering, with many of their critical systems and booking systems already back up and running.
Allegedly the hackers demanded $8.5 million in ransom to unlock 5GB’s worth of customer data. Toll has chosen not to pay the hackers, which is generally the advice the authorities recommend. On that note, there is no guarantee that the hackers would have returned the data even if the ransom was paid.
In total, it’s believed MailTo affected up to 1,000 servers within Toll’s environment and around 500 corporate applications, including critical systems such as Active Directory.
The disruption to supply chains has been widespread and felt across Australia. There is a lot to suggest that nation-state attackers are now targeting logistics companies of foreign nations to create discord and uncertainty. Companies such as Telstra, Officeworks, Footlocker, Unilever, Adidas, Nike, Optus all use Toll as one of their delivery partners.
The loss of revenue and customer disruption has affected many Australian retailers and online businesses who rely on Toll’s delivery services. Many businesses are turning to Toll’s competitors for better service.
This all comes to head at a time when the Coronavirus is causing freight prices to soar globally. The delays have caused a major fallout and loss of reputation among many of Toll’s customers. Due to intense competition over recent years, Australians have become very accustomed to same day / next day delivery.
Regional Victorian Hospital’s hit by Emotet– Oct 2018
Towards the end of last year, a number of Victorian hospitals were hit by a variant of ransomware Emotet. I wrote an article back in October last year if you’d like to learn more about that attack.
At that time, various hospitals and health facilities across regional Victoria were targeted by hackers, which included the Gippsland Health Alliance and the South West Alliance of Rural Health. These groups operate a number of facilities in Warrnambool, Colac, Geelong, Warragul, Sale, and Bairnsdale, among other smaller towns.
The disruption led to patient booking systems going down, staff being unable to access patient records, and several disrupted surgeries and medical procedures. While the Talman Software & Toll ransomware attacks affected the business bottom line, this attack had the potential to lead to actual loss of life.
In all three of these ransomware attacks, the underlying lesson is how dependent these organisations are on their underlying IT systems. Whilst these organisations have all suffered a reputational loss to a degree, the real victims were the farmers, consumers and patients.
Your business in 2020
We’ve talked about three high profile ransomware attacks which have hit Australian organisations. The unsettling thing is how under-reported ransomware attacks still are, given the large number of ransomware attacks targeting SME’s across Australia, and not just large organisations.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) regularly makes recommendations and advisories regarding recent cyber attacks. I would definitely recommend having a read of their latest advisories and tips and taking measures to ensure you have the best defence possible.
Here’s what you can do to improve your cybersecurity posture:
- Minimise visits to unknown websites and avoid being enticed by clickbait.
- Look for the padlock symbol and 'https' in the browser address bar when surfing the net.
- Install and regularly update antivirus and anti-ransomware software.
- Install a firewall to stop traffic from untrustworthy sources getting onto your device.
- Keep your operating system and software up to date with the latest versions; this should be done automatically where possible.
- Backup your computers and phones regularly, and choose automatic back-ups where possible. Keep your back-ups separate from your computer; put them on separate devices or use an external cloud service.
- Disable macros in Microsoft Office.
- Have an incident response plan ready to dramatically reduce the damage inflicted. This will help ensure a quick recovery and safeguard you against future incidents.
- Adopt multiple layers of defence against malware. It’s important to understand that no single mitigation will protect you. You can, however, develop multiple strategies that will improve your resilience and detect malware without disrupting the day-to-day running of your organisation.