Being geographically quite isolated from the rest of the world does not mean anything when it comes to avoiding the widespread threat of ransomware. Operations at organizations across Australia and New Zealand have been impacted by several damaging ransomware attacks over the last 18 months.

The cyber attacks on businesses in both countries reflect a wider global trend of increased ransomware attacks in the wake of the Covid-19 pandemic. Opportunistic hackers seek to exploit perceived cybersecurity weaknesses, gain entry to networks, and encrypt valuable data or systems. The hackers then demand large ransoms to decrypt and return valuable information assets. This article takes a look at some of the most high-profile recent ransomware attacks targeting Australia and New Zealand.

Ransomware in Australia and New Zealand: The Statistics

The statistics paint a telling picture of the state of ransomware in Australia and New Zealand. Here are four of the most revealing statistics:

• In New Zealand, independent research found that two-thirds of businesses admit they would pay a ransom to retrieve data after a ransomware attack. One in ten businesses would be willing to pay $50,000 or more.
• The same research also found that two in five businesses in New Zealand have been targeted by a Covid-19 themed phishing attack.
• An industry survey of IT professionals found that more than two-thirds of Australian companies were targeted by ransomware attacks during 2020.
• The same industry survey found one-third of affected Australian organizations paid the ransom that hackers demanded.

These statistics confirm the Australian Cyber Security Centre’s assertion that ransomware incidents will remain a common threat in Australia and globally due to cybercriminals’ success. A look at four recent incidents provides further evidence of that success.

JBS, Australia: June 2021

A ransomware attack on meatpacking group JBS disrupted operations at 47 of its Australian sites in June 2021. The perpetrators, believed to be from Russia, targeted IT systems used for quality assurance.

JBS received assistance in dealing with the attack from the FBI and Australian authorities. The REvil ransomware gang was behind the attack, according to the FBI. JBS published a statement on June 9 confirming payment of $11 million to the hacking group to avoid the public disclosure of sensitive company data.

Waikato DHB, New Zealand: May 2021

Several hospitals in New Zealand’s Waikato district became the victims of a ransomware attack on the Waikato District Health Board in May 2021. While the country remained largely unscathed from the worst impacts of the global pandemic, this attack was another shocking reminder that hacking groups lack any sort of moral compass in their pursuit of money and their choice of victims.

The attack resulted in the postponement of some surgeries and even disrupted emergency cancer therapy. The unidentified group behind the attack demanded ransom payments to return sensitive data on Waikato DHB’s patients, staff, and finances. This incident bore striking resemblance to a ransomware attack on Ireland’s Health Service Executive that occurred during the same month.

Eastern Health, Australia: March 2021

Eastern Health provides healthcare services through four hospitals in Eastern Victoria. The healthcare provider suffered a ransomware attack in March 2021 that disrupted elective surgery procedures and blocked access to critical patient health information.

The intent of this attack was to encrypt everything on the hospital’s network. Malicious intruders often set their sights on healthcare organizations because they believe they can demand higher ransoms due to the sensitive nature of patient data. The CIO of Eastern Health subsequently revealed that the swift decision to shut down the internal network and contain the attack avoided any serious data breaches.

Fisher and Paykel, New Zealand: June 2020

New Zealand appliance manufacturer Fisher & Paykel suffered manufacturing and distribution disruptions in light of a ransomware attack in June 2020. The attack was instigated by a hacking group focusing on companies with large annual revenues.

The Fisher and Paykel incident was another example of the double-extortion technique favored by many ransomware attackers lately. Not content with just encrypting sensitive information, users of the double-extortion technique exfiltrate data from systems and demand ransoms to return it. By actually stealing sensitive data, ransomware groups are insuring against situations where their victims can simply restore encrypted servers or data from backups and avoid paying ransoms.

Takeaway Lessons

Hindsight is a wonderful thing, and there are some notable lessons to learn from these attacks, such as:

• The use of double-extortion ransomware is increasing. While having backups in place for servers and data is advisable, the best form of defense is prevention. Many ransomware attacks begin with successful phishing campaigns—email security solutions that can successfully block phishing emails before they reach employees are invaluable.
• The increased use of double-extortion combined with the hugely damaging impacts of successful attacks calls for all organizations to adopt a security-first culture. Ongoing security awareness should be baked into your organization’s mission. Providing employees with continuous opportunities to learn and improve their cybersecurity knowledge is an investment that can pay big dividends in terms of risk mitigation.
• Healthcare organizations remain prime targets for ransomware gangs. The old medical saying that prevention is better than cure applies to cybersecurity defenses at healthcare organizations.
• The JBS attack and the large ransom payment made to the perpetrators provided a perfect example of why the statistics continue to show ransomware attacks increasing. The lucrative rewards for successfully infiltrating a network combined with the privacy of untraceable cryptocurrency payments act as huge incentives for groups around the world to coordinate and land a huge payday.
• While JBS did make the ransom payment demanded by the attackers, it’s worth noting that government bodies such as the ACSC advise against paying ransoms because there’s no guarantee you’ll get the stolen data back.

Conclusion

Australia and New Zealand will both remain prime targets for ransomware attacks over the coming months and years. Hardening cybersecurity defenses, raising cybersecurity awareness, and implementing appropriate preventative measures can help your company avoid the worst impacts of increasingly sophisticated ransomware attacks.

To learn more about IRONSCALES’ award-winning email security solution, please sign up for a demo today.