The Australian Cyber Security Centre (ACSE) has revealed that ransomware attacks remain the “most destructive” cybercrime to Australian organisations.
In its annual cyber threat report, the centre says that top-tier ransomware groups are continuing to target Australian ‘big game’ entities - organisations that are high profile, high value or provide critical services.
In the latest string of ransomware attacks, Medibank is the most recent victim, where the hackers are holding very sensitive personal and, in some cases, medical records for up to 9.7 million people at ransom.
The Australian Federal (AFP) named Russia as the home of the Medibank hackers, confirming the involvement of the notorious REvil ransomware group.
Ransomware remained the most destructive cybercrime over the 2021-22 financial year. For advice on how to protect yourself from ransomware attacks visit https://t.co/Q8UrOPG343Read the ACSC’s Annual Cyber Security Threat Report at https://t.co/EdjS6OiDwt pic.twitter.com/lGX91MKSHM
— Australian Cyber Security Centre (@CyberGovAU) November 8, 2022
Double extortion
The destructive nature of a ransomware attack comes from its ‘dual impact’ on the victim organisation.
Firstly, the business is disrupted by the encryption of data and secondly, the reputational damage the organisation has to suffer if the stolen data is released or sold on.
The combination of data encryption and threats to publicly release sensitive information as a method of pressuring ransomware victims into paying is widely known as ‘double extortion.
Threats
As far as cybercrime statistics are concerned, ransomware attacks hold a very small percentage of the total cybercrime reported in Australia.
However, the damage it can create especially to large organisations and critical infrastructures has raised some serious concerns.
The ACSC has observed the emergence of new and possibly rebranded ransomware-as-a-service (RaaS) operations over FY22.
Ransomware syndicates also continued to professionalise by using third parties to negotiate with victims, assist them in receiving their ransom payments and arbitrating disputes between actors.
Ransomware trends
In FY22, the ACSE received ransomware 447 cybercrime reports with the education and training sector reporting the most ransomware incidents.
The threat to the education and training sector is significant as its business model favours open collaborative environments.
Remote learning during the coronavirus pandemic also introduced large numbers of personal devices and new software into this sector.
The ACSC also responded to 135 cyber security incidents related to ransomware, an increase of more than 75% compared to FY20.
Top 5 reporting sectors for ransomware-related cyber security incidents.
Read more on Proactive Investors AU
