Ransomware Attacks On The Increase

Businesses continue to be hit by ransomeware attacks which are now one of the top causes of data breaches in Australia today. The growing number of organisations experiencing attacks is increasing according to a recent report from the Australian Cyber Security Centre.

It’s not just small and medium businesses being targeted, some of the biggest companies in the country have also been targeted including Toll Group, Bluescope Steel and Service NSW to name a few.

Cyber attacks are on the rise according to the Australian Cyber Security Centre.

Figure 1: Ransomeware-related cyber security incidents reported to the ACSI 2019-20 FY

Cyber Security Attacks Chart

Although there has been a lot printed in the news about state-sponsored actors, the research suggests that most attacks are by your average cyber criminals. These individuals and organisations accounted for three in five data breaches that were notified to the OAIC during the first six months of 2020.


Since the CoVid-19 outbreak in March the number of Corona Virus campaigns has skyrocketed, with an average of 2 Australians losing money or credentials in the first half of 2020.

Although there has been a lot printed in the news about state-sponsored actors, the research suggests that most attacks are by your average cyber criminals. These individuals and organisations accounted for three in five data breaches that were notified to the OAIC during the first six months of 2020.

Ransomware attacks are now regularly stealing data from a network, rather than just encrypting it on the company network. This trend has significant implications for how organisations respond to suspected data breaches – particularly when systems may be inaccessible due to these attacks.

Here is a list of some of the worst malware identified:



REvil is a file blocking virus that encrypts victim’s files after infecting the system and sends a request message. The message explains that the victim is required to pay the requested ransom in bitcoin. If the victim fails to pay the ransom in time, the demand is doubled. 


Tycoon denies access to the administrator after it infects the system, following an attack on the file servers and domain controller. It takes advantage of weak or compromised passwords and is a common attack vector that exploits servers for malware.


Maze encrypts files on an infected computer’s file system and associated network file shares. Once the victim has been compromised, but prior to the encryption event, the actors exfiltrate data. After the encryption event, the actors demand a victim specific ransom amount paid in Bitcoin (BTC) in order to obtain the decryption key. An international Maze campaign targeted the healthcare sector, while its deployment in the US has been more varied.

MAilTo (aka Netwalker)

NetWalker harvests data then threatens to post or release the data if the target does not comply with their demands. Over the last few months, NetWalker seems to have transitioned to a RaaS (Ransomware as a Service) delivery model, selling its code to other cyber criminals.


EKANS ransomware is a malware variant  that infects industrial control systems to disrupt factory operations until a ransom is paid. EKANS has so far infected factories related to the automobile and electronics sector, most notably Honda.



Cyber criminals don’t always go after high value targets, their goals is to disrupt your business in a manner that makes it worth you paying to remove the ransomeware. Businesses of all sizes are vulnerable to these attacks and it can be fatal for some smaller businesses that don’t have adequate protection.


The top five sectors to report ransomware incidents to the ACSC during the 2019-20 financial year are outlined in Figure 2

Figure 2: Top five sectors affected by ransomeware reported to the ACSC 2019-20 FY

Cyber Security Blog Chart Figure 2

what's driving the growth in cyber crime?

  1. Working From Home (CoVid)

When governments decided to lock down the country to slow the spread of the corona virus many businesses had to act quickly to setup working from home arrangements. This meant increasing infrastructure and adding new services, which in turn created a larger attack surface for Cyber Criminals to exploit.


  1. Inadequate security protection and polices

Companies that did not have adequate security policies and protection software were hit the hardest causing many to re-evaluate their operating environment. Some of the basic aspects of a good approach to security include:


  • A basic security policy and approach
  • endpoint protection software
  • penetration testing
  • strong password protocols
  • employee education


Most of these items are not expensive to implement, but are worth their weight in gold if your organisation is targeted.


  1. Data protection and security 

Many companies had no structured approach to data and information management or protection leaving them vulnerable to attack. Companies need to have a clear understanding of where their data is stored and should put in place measures to make it difficult for attacks to gain access. Some simple measures including network segmentation, access controls and encryption can make it much more difficult for Cyber Criminals to gain access to business critical or personal information.


  1. Human Factors

One of the main ways that Cyber Criminals gain access to systems is through accessing valid staff credentials and using these to exploit the network. Phishing attacks are one of the most common ways to gain access, by getting a user to provide their network credentials. There are many software packages available that can help, but one of the best ways to prevent these attacks is through educating your staff on what to look for.

what do I do if I am attacked?

The Australian Cyber Security Centre (ACSC) councils businesses against paying the ransom if an attack occurs. Paying the ransom many actually increase a company’s vulnerability to future attacks and there is no guarantee that by paying the ransom you will be able to undo any damaged caused by the attack.

Under the Notifiable Data Breaches (NDB) scheme, organisations must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm to an individual whose personal information is involved and the organisation has been unable to remediate the breach.


The increase in Cyber Crime is forecast to grow over the coming years. The best way to protect your organisation from these type of threats is to make sure you have appropriate policies and security practises and where possible implement security software offers protection for your most valuable data. We live in interesting times and we all need to remain vigilant.



Castle Technology Solutions Logo

Tech Talk