Ransomware rising: How hackers are targeting government agencies

A recent ransomware attack that crippled the operations of Toll Group for more than three weeks earlier this year highlighted the devastating impact ransomware can have on an organisation and how in today’s digital age it’s almost impossible to operate without access to data, writes Jamie Humphrey.

Jamie Humphrey

Toll’s case was later resolved, but it meant packages could not be delivered. Businesses across Australia – including Telstra, Optus, and Woolworths – felt the impacts and many are still reeling from the effects. More unusual activity was reportedly experienced by the logistics giant this week.

While the impact of a ransomware attack against a private organisation can have damaging and wide-ranging consequences, an even more worrying trend is the rise of ransomware attacks against government agencies and local councils.

In a ransomware attack, hackers typically seek to trick an employee into opening an email which contains the malware. Once opened, the ransomware encrypts as much of the organisation’s data as it can, rendering it impossible to access without a decryption key.

The attackers effectively hold an organisation’s data hostage, and demand a ransom be paid – typically in bitcoin or another cryptocurrency – to receive the decryption key and regain access to data.

Toll lost the ability to deliver packages, but when a public body loses access to its data, vital public services screech to a halt.

One thing to remember is that hackers are smart. They know the more critical the data they can encrypt, the more likely the victim is to pay up in order to continue operating as normal as quickly as possible.

A recent swathe of ransomware attacks against government organisations shows how this desire to cause as much disruption as possible has put public sector agencies squarely in the crosshairs.

Government agencies targeted

In September last year, Victorian hospitals across Gippsland, Geelong, Warrnambool, and a host of regional towns were hit by a ransomware attack  which meant data from several systems were encrypted and inaccessible. While the attack did not breach the most critical healthcare systems, it did mean hospitals had to revert to manual processes and cancel services where doctors were unable to access patient histories, charts and diagnostic imagery.

In Adelaide, just before Christmas last year, the City of Onkaparinga Council fell victim to the infamous “Ryuk” ransomware. As a result of the attack, residents were unable to access many online council services and remediation required “significant resources” to return operations to normal.

These attacks are part of a global trend of government agencies being targeted by international hacker groups. The Ryuk ransomware, which disabled many of Onkaparinga’s systems, infected government agencies around the world, netting the attackers an estimated US$3.7 million.

Two of the hardest hit were the City of New Orleans, which declared a state of emergency after multiple critical services were taken offline, and the City of Riviera Beach in Florida which reportedly paid US$600,000 to hackers to regain access to its data.

While the ransom paid by Riviera Beach is eye-watering – representing a significant portion of any council’s budget – experts recommend victims never pay the ransom. Paying not only motivates attackers to continue running ransomware campaigns, but there’s also no guarantee the decryption key will ever be delivered.

Unfortunately, it’s impossible to be completely protected against a ransomware attack – all it takes is one staff member to open one wrong email for the malware to take hold.

Sound data management policies

The best strategy against these attacks – and one recommended by the Australian Cyber Security Centre and Australian Signals Directorate – is to maintain frequent back-ups so operations can be restored from a point in time just prior to the infection.

With a comprehensive back-up strategy, the clock can be turned back, and data easily restored. The more frequently snapshots are taken of critical data, the quicker services can return to normal.

In June 2016, for example, Queensland-based Langs Building Supplies was infected by the CryptoLocker ransomware after an employee fell victim to a phishing email. Within minutes, thousands of the company’s files were encrypted.

Because Langs had a well-defined data management policy and immutable back-up solution, they restored operations in less than an hour without having to pay the ransom.

As hackers increasingly turn their attention to the public sector, particularly under-resourced and widely dispersed local councils, the speed with which operations can return to normal in the event of a ransomware attack is absolutely critical.

Three weeks is a long time to wait for a parcel to be delivered, but it’s an even longer time to wait for public services.

*Jamie Humphrey is Country Manager and GM A/NZ at Rubrik

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required