What you need to know about the biggest ransomware attack on record
If we needed a reminder about the importance of Cyber Security, this weekend provided it
This last weekend (4th July weekend in the USA) saw what has been reported as the single biggest global ransomware attack on record, hit every continent, including Australia. The FBI had earlier reported that whilst it was investigating the attack, the scale “may make it so that we are unable to respond to each victim individually”. Companies all across the world reported cyber incidents as a result of the attack.
This type of attack is designed to encrypt computer systems with Ransomware, thus locking systems down until a ransom is paid to unlock them. This is a very common attack strategy and relies on compromising a companies network. What is troubling about this recent attack is that the criminals were able to infiltrate IT monitoring and management software provided by Kaseya. This software is widely used by IT companies around the world to monitor many thousands of companies and hundreds of thousands of servers, workstations and networks, including here in Australia. This enabled the criminals to infect many systems by using a trusted source and bypassing typical defences.
Sophisticated ransomware organisations like REvil (the ones responsible for this attack) usually examine a victim’s financial records (and insurance policies if they can find them) from files they steal before activating the ransomware. This is how they are able to determine how much you can afford to pay in ransom. Because of the scale of the attack, analysts report that most demands were for a generic USD$45,000 with USD$500,000 and USD$5M for larger targets.
So why does this matter to the average Australian Hire Company?
This is a non-targeted attack that could have hit anyone. It not only directly affected around 1,000 companies, it disabled the monitoring and control tools of hundreds of thousands of companies as those businesses shut down controls to limit exposure to the attack. The attack leveraged trusted IT software that is mostly used to manage small and medium sized computer environments. Many companies in Australia have their networks, servers and workstations managed with Kaseya, including a number of Hire companies. Fortunately for Australia, this hit during daylight hours and the local IT industry was able to respond very quickly by shutting down systems and limiting risk. This is certainly a reminder that a managed environment, although much safer than unmanaged, still requires an active risk management strategy and an updated disaster response / business continuity plan.
What can/should I do about it?
All hire businesses are encouraged to discuss these 5 things internally:
1. Talk to your IT provider about what they are doing in response to the recent attack and whether you are impacted
2. Ensure all computer systems are patched in a timely manner to avoid the risk of known exploits
3. Review your position on cyber insurance and whether you would have been covered in this instance
4. Review and test your disaster recovery plans
5. Perform regular cyber risk assessments and make them part of your broader business risk assessment discussions
As a business leader with over 30 years of IT experience across software design, network, server and cloud transformation, telemetry, automation and IT security, Jason has seen, and contributed to, the rise and rise of technology within business. Add 25 years of hire industry collaboration and we have someone of great value to our Association. In recent years, Jason has focused heavily on the increasing risk of our dependence on computer systems and how cyber crime is adapting much faster than we are. Hotline IT provides IT systems and Cyber Security advice for hundreds of customers and is a member of the Australian Cyber Security Centre’s MSP3 program.
On July 28, Jason will be hosting an HRIA webinar titled: People-centric cybersecurity for hire and access companies. Click here to register.