Ransomware Is the Most Significant Cyber Threat to Australians

Ransomware Is the Most Significant Cyber Threat to Australians
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Kacper Pempel/Illustration/Reuters
Rebecca Zhu
Updated:

Assistance Defence Minister Andrew Hastie has launched a new cybersecurity campaign to focus on ransomware after it became one of the most significant cyber threats that Australians and Australian businesses face in the past year.

Ransomware is where cybercriminals use malicious software to deny access to files and devices, then demand the victim to pay a ransom in return for access.

“The Australian Signals Directorate has used, and will continue to use, its broad range of offensive cyber capabilities to disrupt and bring cybercriminal syndicates targeting Australia to their knees,” Hastie said. “Offensive cyber is just one of the tools in Australia’s toolkit.”

Hastie encourages all individuals and businesses affected by ransomware attacks to report their incidents to the Australian Cyber Security Centre (ACSC), which uses the information to learn, warn, and protect others from attacks.

“The ACSC provides vital advice and assistance to defend Australian businesses and individuals against ransomware and brings together the Australian Signals Directorate’s intelligence, offensive cyber and cybersecurity capabilities to defend Australia’s interests from malicious cyber actors.

“The ACSC takes the information it learns from cyberattacks against Australian businesses and uses it to warn and protect further Australian organisations from being targeted,” Hastie said.

Assistant Defence Minister Andrew Hastie addresses media as Defence Minister Peter Dutton looks on in front of the Subiaco War Memorial in Perth, Australia on April 19, 2021. (AAP Image/Richard Wainwright)
Assistant Defence Minister Andrew Hastie addresses media as Defence Minister Peter Dutton looks on in front of the Subiaco War Memorial in Perth, Australia on April 19, 2021. AAP Image/Richard Wainwright

Last financial year, the ACSC found that a cybercrime had been reported every ten minutes approximately. The most common cybercrime reported was fraud.

“While the numbers show that fraud is the most common category, the ACSC assesses ransomware as the highest threat,” ACSC said in its report (pdf). “This assessment is based on the fact that ransomware requires minimal technical expertise, is low cost, and can result in significant impact to an organisation, potentially crippling core business functions.”
ACSC recommends that you do not pay the ransom if you are a victim of such an attack because there is “no guarantee” that paying up would fix the problems.
The warnings from Hastie and the ACSC comes weeks after meatworks giant JBS suffered a major cyberattack that left workers out of pocket and shut down operations globally.
In the case of the attack against JBS, the CEO Andre Nogueira announced on June 9 that they had paid the equivalent of $11 million in ransom to the criminals.

“This was a very difficult decision to make for our company and for me personally,” he said. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

Nogueira said the FBI had called the group behind the attack “one of the most specialized and sophisticated cybercriminal groups in the world.”

It is speculated that a Russian-based hacking group is behind the incident.

Hastie recommends that businesses, no matter how large or small, need to implement protective measures to make it more difficult for cybercriminals to harm them.

“Prevention is better than cure, and with cybersecurity, the best offence is often a strong defence,” Hastie said.