Recently, it was reported that a Victorian hospital fell victim to a cybercrime syndicate that held 15,000 medical files to ransom. This attack, a probable result of a phishing scam, inadvertently opened by a staff member, resulted in criminals hacking into the hospital’s server to plant ransomware that scrambled and encrypted data, locking access to files from medical staff.

Ransomware can happen in different forms. For hospitals, holding their data at ransom not only creates reputational damage but could have a serious impact on their patients. Another method of ransomware is to attack a company's IT infrastructure by disabling employee access to laptops or servers. The company is then held to ransom and the payment method is typically demanded in bitcoin or other forms of cryptocurrency. The use of cryptocurrency is prevalent in the cyber fraud community because of its ability to be transferred anonymously.

In 2017, two companies had their Amazon Web Services accounts compromised by hackers using the victims’ bandwidth and computing power to mine bitcoins, an energy intensive, but potentially lucrative exercise.[1]

Data ransom and bitcoin mining may seem simple and straightforward when compared to more sophisticated hacks such as one which occurred in 2017. The attack, called WannaCry, infected up to 200,000 computers, locking up users’ data in 150 countries, and demanded a ransom to release them. WannaCry was so damaging because the cyber criminals managed to exploit the vulnerabilities of older of Windows software when newer, more secure versions were available.

In Australia, conservative estimates show that cybercrime costs the economy in excess of AUD 1B each year. More than 500,000 small Australian businesses fell victim to cybercrime in 2017 and it is estimated that the majority paid an average of AUD 4,677 in ransom to unencrypt their data. Often small business fall victim as in some cases, maintaining the latest version of IT software is not their highest priority.

Source: Smart Company, From millions to malware: Cyber attacks in Australia by the numbers, July 2018

The cybercrime landscape is ever evolving, and it is therefore imperative for our industry to continually develop and advance a robust security framework. As an industry, we must uphold the highest standards when it comes to cyber security and maintaining the latest in secure software versions. This is non-negotiable when dealing with someone’s most important and emotionally significant investment – their home.

At PEXA, we are determined to ensure that the cyber security practices we have in place continue to protect our members and their customers. Our IT systems are annually audited by external professionals and we continually explore new ways to bolster the security posture of our network. This is achieved by investing, maintaining and constantly improving security controls as well as running a Security Operations Centre to monitor, detect, and respond to cyber-attacks.

What your firm can do

To ensure your practice is protected from similar events, it is important to be aware of how these criminals operate. Hackers like this look for the weakness in a security framework and will exploit vulnerabilities in older versions of software, as they did in the WannaCry ransomware attack. As a preventative measure, we recommend staying up to date with patching.

Patching reduces the risk of hackers exploiting vulnerabilities that have already been remediated by software companies. It updates, fixes, or improves the program or data and mends security vulnerabilities and other bugs.

Firewalls are another layer of protection that can act as a barrier between your computer and the Internet helping safeguard your computer and information. By having a firewall, you reduce the risk of an attacker compromising your computer. There are a number of anti-virus providers that you could employ that meet the requirements in PEXA’s Subscriber Security Policy e.g. Symantec, McAfee, TrendMicro, etc. The Policy also provides guidance on all the security controls that PEXA Subscribers should be leveraging to maximise their security posture.

You’ll notice that in the Victorian Hospital’s ransomware attack, an unwitting staff member fell victim to a phishing e-mail. Training your staff to recognise potential cyber-fraud is the first step to preventing this from happening to you.

Additionally, your business must plan early for this eventuality, however unlikely. Making this decision will assist you in avoiding ‘heat of the moment’ reactions that could have detrimental effects on your business.

Taking the necessary steps to ensure your data is backed-up will alleviate the need to and risks involved in paying a ransom. There are two main options for backing-up your organisation’s data:

1. perform your own back-ups to a storage device (USB or external hard drive); or
2. back up to an online (cloud) service.

Business’ that decide to pay a ransom need to be aware of the risks, including the likelihood that even if the ransom is paid, they may not receive their information back and leave themselves open to further attacks. We recommend you speak with your legal advisor beforehand to ensure you are making the correct decision for your firm.

There is a lot of information available to help your firm plan for this scenario. Visit staysmartonline.gov.au for more information on ransomware and PEXA’s online Community forum to learn about measures PEXA takes to bolster security.

[1] Bitcoin miners pool together different computers to solve complex algorithms, success of which generates a set number of valuable new bitcoins.