15 November 2022

Ransomware attacks show cybercrime is here to stay

Recent cyberattacks on New Zealand organisations have provided fresh wake-up calls for businesses about the dangers posed by cyberattacks, according to cyber security experts. In September, cyber attackers stole data of around 450,000 Pinnacle Health patients and published private details on the dark web. The Waikato DHB suffered a similar attack last year, when patient and staff records were hacked and also appeared online.

Across the Tasman, September’s huge cyberattack on telecommunications company Optus put about 10 million customers’ data at risk. In the largest ransomware attack in Australia’s history, cyber attackers stole customer names, phone numbers, physical addresses, passport numbers and other highly sensitive personal details. Hackers initially demanded an AU$1million ransom in cryptocurrency. In the second major hack in less than a month, a cybercriminal stole customers’ medical information from Australia’s biggest health insurer, Medibank. They have reportedly threatened to publish medical records of high-profile individuals unless they are paid.

The growing trend in cybercrime means no business can consider itself immune from an attack and extortion demand in exchange for their data. As ransomware attackers continue to refine and intensify their attacks, the threat to business operations has spread to supply chains, customers and email contacts.

What a ransomware attack means for businesses

Ransomware attacks are typically financially motivated and can happen to any size or type of business. These attacks can prove to be very expensive, regardless of whether a business chooses to pay a ransom. Costs may include business interruption, investigation and notification, third-party liability claims and rebuilding efforts.

Other business impacts involve reporting requirements, duties of company directors, regulatory risks and class actions, legislative impacts, insurance considerations, customer trust and reputational damage.

In light of the increasing wave of cyberattacks, companies need to protect themselves, their customers and their bottom lines from data breaches.

How a ransomware attack happens

Attackers target systems that have open avenues for attack. This could be through a user clicking on a link or an attachment contained within an email or an attacker could exploit a weakness in a network or software.  Attackers often try to block access to systems and files that are critical to running a business.

The first sign of a ransomware attack may be a text file pop-up or a background appearing on your screen telling you that you need to pay a ransom before you can access your desktop, apps or files.

Ransomware communications from the hacker may be via voice messages, emails or directly to your computer system. They may direct you to a dark web chat room to receive instructions for payment. The data is usually restored on payment of the ransom in a cryptocurrency such as Bitcoin, which is difficult for authorities to trace.

Ransomware attackers range from highly sophisticated and sometimes state-backed cybercrime organisations through to technically unskilled criminals who have bought a cheap ransomware kit on the dark web. Threats may be to destroy, sell or publish the data if the payment deadline is not met. 

Attacks are increasingly prolific and damaging

According to global cyber security researcher, Cybersecurity Ventures Global, ransomware damage costs are predicted to exceed US$265 billion by 2031, with a new attack on a business, consumer or device every two seconds. The dollar value is based on 30 percent year-on-year growth in damage costs over the next 10 years.

As the disruption and cost to business intensifies, companies and governments are looking for additional ways they can fortify themselves against hacks. New Zealand recently participated in the second annual summit of the International Counter Ransomware Initiative, a global initiative in which 36 countries have committed to build collective resilience to ransomware.

The value of access to specialised resources

As well as covering the financial losses that result from cyber incidents, cyber insurance policies provide your business with the capabilities you need to respond to data breaches and threats.

Crucially, cyber insurance provides expertise and support during a ransomware event, with access to skilled negotiators who may be able to reduce the ransom amount demanded. They may also know of the threat actor and whether they are subject to regulatory sanctions. 

You also benefit from specialist assistance to help restore your network and minimise exposure to loss or liability. This expertise includes data recovery, forensic engineering, crisis management, public relations and legal advisers.

How Crombie Lockwood can help

• In light of the increasing wave of cyberattacks, both in New Zealand and overseas, companies need to take the appropriate steps to protect themselves, their customers and their bottom line from data breaches. 
• Businesses should strongly consider having cyber insurance that covers the major demands of a ransomware attack, as responding to such an attack, even without paying a ransom, can have a significant financial impact. Cyber insurance also covers a company for other cyber events, such as malware, distributed denial-of-service (DDoS) attacks, data loss and privacy breaches.
• As cyber insurance experts, we work with you to understand and manage your exposure to potential cyber risks and arrange the appropriate cyber cover. It is also important to regularly review business risks with your broker to ensure ongoing protection from increasingly active, sophisticated and successful cyber criminals.