Regulating Ransomware Payment Reporting: What Do You Need to Know?

by Security Centric, on 22/06/2021 11:18:46 AM

The fact that ransomware is continuing to be a prolific threat probably isn’t news to those of you in the world of cybersecurity – however we know that most organisations are busy focusing on their own businesses, so here’s an update as to what’s going on in the cyber-sphere in Australia as it applies to ransomware.

Ransomware started to be an increased threat during the peak remote working phase of COVID-19, and it evolved from a singular point of “we’ve encrypted your files, pay us all the bitcoin and we’ll decrypt them” (paying doesn’t always get you your files back, either), to “By the way, we also managed to get inside your network and we stole a bunch of your files, credentials, IP, and/or financial data which we’ll release to the highest bidder if you don’t pay”. We wrote a piece on this late last year which you can read here.

The truth is that ransomware is a high-paying gig and it’s not going anywhere. It’s such a good pay-day that there’s even ransomware-as-a-service, whereby ransomware gangs sell their malware for a fee to a malicious actor looking to make some trouble (and money).

You don’t have to be a big player to be in the cross-hairs anymore either. Logically we understand that large organisations are bound to be targeted by cyber attackers looking for a big payday, but the latest Verizon Data Breach Investigation Report indicated that small organisations (less than 1000 employees) suffered almost as many breaches as large enterprises did last year. Ransomware has become a crime of opportunity, and we have a saying here at Security Centric that it’s not a case of “if”, it’s a case of “when”.

So that brings us to the recent news out of Canberra where Labor has introduced a bill to mandate ransomware payment reporting. Currently, no organisation has to report a ransomware attack (unless there has been a notifiable data breach), and often it’s unknown whether an organisation who’s later found to have been affected paid the ransom or not. Recent attacks cited by the bill include meat processor JBS Foods ($14 million), Nine Entertainment, and UnitingCare Queensland.

This bill comes after the chief of the Australian Signals Directorate (ASD) talked about the importance of organisations who have been targeted with ransomware co-operating with government organisations to aid in incident response. In the article, regulations discussed included suggestions as to mandatory prescribed activities such as vulnerability assessments.

So, what does this mean for organisations?

Take it as a big signal that ransomware is something that we need to continue to be concerned about, and that the Australian government is taking it very seriously.

Protection against ransomware isn’t as simple as implementing a new (probably expensive) tool. Generally, ransomware happens due to a lack of cybersecurity maturity across people, process, and technology – meaning that having an expert look over how you’re using your current set-up first will likely result in better use of what you have, rather than needing to use more.

There are a few security-based activities that you can look at rolling out across your organisation if you’re looking for better protection against ransomware, however it’s important to remember that it’s not just about protection against it getting into your systems in the first place, it’s also about what attackers can get to once it’s there, combined with how rapidly you can recover without needing to pay a ransom to get your business back up and running.

Specific services such as the ransomware protection assessment combine technical and process assessments and include some simulated phishing activities, but there are compliance frameworks that can help such as the ASD Essential Eight, Cyber Security Maturity Assessments based upon the NIST framework (specific to the ransomware controls), recovery and response plans, as well as helping train your employees to recognise and report phishing attempts via simulated phishing and security awareness training.

Uplifting your cybersecurity to help your organisation have resilience against ransomware helps it to become a more security-mature one. Many of the points of ingress of this type of threat are also responsible for issues such as credential harvesting and business email compromise and having a robust recovery and response plan is a must for any organisation.

Need to chat about your security needs? Contact us here and one of our friendly team will be happy to help.



Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates