[ad_1]
Ransomware It remains one of the most common forms of cyberattack – and is particularly threatening because it is so effective.
Globally, ransomware losses are expected to cost more than $265 billion by 2031These attacks can affect even the largest organizations. In July, a hacker group destroyed more than 230 government agencies and services in Indonesia By infecting critical systems in national data centers.
Why organizations are willing to pay ransoms
In theory, the threat of ransomware is more of a costly irritant than a disaster; if you pay the ransom, the problem goes away.
The cost of paying a ransom is often small compared to the cost of restoring or rebuilding a system. For example, the group behind the Indonesian data center attack only demanded a relatively small $12 million from the central government.
Research by McGrathNicol Advisory found that 73% of Australian organizations had experienced a ransomware attack in the past five years. Choose to pay the ransom.
Last year, global ransomware payments exceeded $1 billion for the first time. According to Chainalysis. “Big game hunting” is on the rise, where groups attack large organizations and demand ransoms of more than $1 million. Affected organizations are often reluctant to pay the ransom.
However, paying the ransom should not become the default decision. For example, the Indonesian government decided to refuse to pay the ransom. Meanwhile, Australia may soon make paying the ransom illegal – meaning that around three quarters of organizations will need to plan to respond to the threat in other ways.
Why Australia might legislate against ransomware payments
Currently, the Australian government strongly advises against paying for ransomware attacks – but few people are heeding that advice.
“Paying a ransomware fee does not guarantee that sensitive data can be recovered, nor does it prevent it from being sold or leaked online,” the government noted. Department of Foreign Affairs and Trade website“You could also become a target for another attack. It also makes Australia a more attractive target for criminal groups.
“Paying a ransomware payment or facilitating the payment of a ransomware payment to a person or entity subject to Australia’s autonomous sanctions laws may be a breach of Australian sanctions laws and may result in criminal penalties.”
In 2022, the government Proposed this idea It went a step further and banned ransomware payments altogether. This caused concern in the business community about the absolute nature of such laws, and at the end of 2023 the government quietly abandoned the plan in favor of Mandatory reporting requirements.
The decision was made in part to raise awareness of ransomware attacks and cybercrime across the country. The government noted that the underreporting of ransomware incidents “limits our nation’s understanding of their true impact on the economy,” adding that a “mandatory, no-fault, no-liability” obligation to disclose these incidents would increase that awareness.
The government said: “Designs are being developed whereby anonymous reporting on ransomware and cyber extortion trends could be shared with industry and the wider community to help us take steps to strengthen the nation’s resilience to cyber crime.”
However, while not outright illegal at this point, organisations must be aware that paying a ransom could constitute a sanctions offence, as the Department of Foreign Affairs and Trade website points out. It could also constitute a money laundering offence under the Australian Criminal Code 1995 if there is “a reasonable chance that the money could be used as an instrumentality of crime” and the organisation was “reckless” or “ignorant of the fact that the money or property was the proceeds of an indictable crime”.
Lawyers can mount a legal defense against such charges. But the point is that as scrutiny and the desire to crack down on ransomware payments grows, organizations should look for alternative ways to handle ransomware payments.
How Australians should respond to ransomware attacks
Despite a number of high-profile data breaches and successful ransomware attacks in Australia in recent years, awareness remains low and organisations are still feeling the pressure to pay the ransom.
As a priority, organizations should ensure their IT and security teams are prepared. This includes keeping systems up to date; regularly updating operating systems, software, and applications; and ensuring all endpoint devices are properly maintained and compliant with policy.
At the same time, organizations should develop backup strategies, including isolated versions, to reduce Backup leaked Suffered a successful ransomware attack.
Then, once the initial attack is resolved, enlist the help of a third party to conduct a thorough audit of the environment to determine if there are ongoing issues and where the vulnerabilities lie.
Australian companies’ standard approach to dealing with ransomware won’t work forever While best practices for dealing with ransomware are well known, few companies appear to be rushing to take action to better prepare their environments – leaving them at increasing risk.
[ad_2]
Source link
