{{item.title}}
Key takeaways
The world’s biggest ransomware attack, which is thought to have affected around 150 countries¹, has brought critical institutions such as hospitals, governments agencies and private business to a halt. The speed of the attack was unprecedented.
As Australian businesses returned to work after the weekend, they at least had the benefit of advanced warning: having seen the ramifications of the attack in earlier timezones, they may have had the opportunity to take preventative action on their own networks before switching on computers on Monday.
Such measures could actually be quite straightforward: scan staff emails for phishing messages, and update the operating systems. Effectively implement application whitelisting to prevent the malware from running.
Nonetheless, it’s astonishing how many businesses still leave themselves vulnerable by neglecting their basic cyber hygiene.
The impact of a ransomware attack cannot be underestimated. The UK’s national healthcare system, the NHS, for example, found that some health services and hospitals were unable to access patient data because their computers were locked. Some hospitals were forced to cancel all outpatient appointments and divert ambulances².
In the aftermath, the UK’s home secretary Amber Rudd admitted “we can all do better to protect ourselves” – and this is a regret that every business, large or small, should heed. (Small to medium-sized private businesses, as well as government agencies, have also been targeted in this latest incident.)
Ransomware is estimated to cost the Australian economy AU$1 billion a year¹. Research has shown that last year, Australia was the most targeted country in Asia-Pacific for ransomware attacks³. At time of publication it looks like three Australian organisations have so far fallen victim to this attack.
Ransomware is a form of cyber attack that encrypts the files on a computer, making them inaccessible to anyone without the encryption key. A ransom is then demanded in order to unlock the files. If it isn’t paid, chances are that the files on that computer are irretrievably lost.
This weekend’s incident is driven by a worm, a particular virus that replicates itself across a network, meaning it starts on one computer, and can infect every computer it’s connected to. Each computer received a separate ransom demand – in this latest incident, reportedly a minimum US$300 per computer.
Likely, though not confirmed to be the cause of this incident, ransomware generally gains entry to a network through phishing – a simple, classic scam that involves sending an infected email which is activated if one of the links is clicked. If the email is deleted and not acted upon, it doesn’t pose a threat.
Phishing is still the most effective tool for cyber criminals. PwC’s 2017 Global State of Information Security Survey revealed that phishing has emerged as a significant risk to businesses of all sizes and across industries. Over the past year, 38% of organisations both globally and in Australia reported phishing scams, making it the top vector of cyber security incidents.
Ransomware is an increasingly prevalent threat, with a rising number of variations designed to target networks. In spite of this, many organisations still treat it as a crime of the future, or assume that it will happen to someone else.
The likelihood of any organisation becoming a victim is in fact very real, and very immediate. The cost of recovering from an attack is significant.
There are pragmatic steps which organisations can take to reduce the likelihood of incidents, limit their impact if one does occur, and to recover swiftly and effectively.
These span several aspects of IT operations and security and include:
Our priority recommendations for management and IT colleagues to consider (subject to the operational impacts of such changes) are:
It is exceptionally hard for perpetrators of such attacks to be caught and stopped. Therefore, for the foreseeable future, ransomware will continue to be a lucrative proposition for criminals.
We never recommend paying a ransom – unless there are extreme circumstances that warrant payment. It just fuels the ransomware economy, funding development of additional ransomware techniques and campaigns.
The most important course of current action is for government agencies and businesses to take pragmatic steps to reduce the risk of incidents occurring, and limit their impact when they do occur.
The steps outlined above are nothing new: they form the bedrock of basic cyber security. Hopefully, this incident is a wake-up call to all businesses to implement them robustly and without exception. Prevention is far, far more effective than the cure.
PwC has released a report containing more technical details and recommendations about this ransomware. To request a copy, please email threatintelligence@uk.pwc.com.
Get the latest in your inbox weekly. Sign up for the Digital Pulse newsletter.
Sign Up
References
© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.