Australian small businesses are a popular target for ransomware attacks.

An extensive study by cybersecurity company NordLocker has revealed Australia to be the 9th nation most affected by ransomware. So what is ransomware and how can you protect yourself against it?

What is Ransomware?

Ransomware is a type of malicious software. The virus takes over a device and blocks access from its owner. Ransomware gangs literally hold the data ransom. They threaten to publish personal data, destroy it or permanently block access to it, and demand money be paid in order for the victim to regain access to their files. Ransomware attacks can be incredibly detrimental to businesses, damaging reputation, halting operations and/or destroying a company financially. Some ransomware will lock the system without causing damage to files. More advanced malware uses cryptoviral extortion, and in some cases, encrypted files are permanently deleted or damaged periodically until payment is made. Mass deletion may occur when a device is restarted. 

NordLocker CTO, Tomas Smalakys says, “Ransomware forces a company’s operations to a halt by taking possession of its most crucial and sensitive files and demanding a ransom from the company to get the data back… In the past few years, cases have grown exponentially, while cybersecurity awareness has failed to catch up”.

The NordLocker Study

NordLocker researchers analysed databases of ransomware incidents around the world that impacted more than 5,000 companies. The aim was to discover which companies are most likely to be targets of ransomware. Factors such as geography, industry types, revenue and number of employees were considered, as well as the activity patterns of various ransomware groups (see the full report).

How Ransomware affects Aussie businesses

It was found that small businesses are the most susceptible to ransomware attacks, comprising over two-thirds of all incidents. Certain industries are hit harder than others. In Australia, Business Services is the most affected industry, forming 12.5% of all attacks. 9.7% of attacks are in the Transportation and Logistics industry. Construction, Consumer Services and Healthcare each make up 6.9% of affected industries, and 4.2% are in Public Sector institutions.

Who is behind the Ransomware cyber attacks?

Perpetrators of ransomware attacks are referred to as “ransomware gangs”. NordLocker’s study revealed LockBit and Conti as being Australia’s most active ransomware gangs in Australia. LockBit was found to be responsible for 16.5%, and Conti for 11.4%, of Australian attacks.

Ransomware gangs take into consideration a number of factors when choosing their victims. They consider: 

• The likelihood of a company paying the ransom. Factors such as a company’s impact on supply chain and the nature of its data help gangs determine how desperate a company will be to maintain its confidentiality and get its operations restored; 

• The types of cyber defences that are in place, and how easy it will be to attack;

• The financial status of the company; and

• The size of the company.

Small businesses beware!

In Australia, 69.5% of ransomware attacks are on small businesses. Small business is an easy target for two key reasons. Firstly, smaller companies usually have narrow profit margins, meaning that they cannot endure a prolonged operational freeze to the same extent as a larger company. Therefore, they are more likely to pay their attacker. Secondly, small businesses are more likely to prioritise business growth over cybersecurity. This leaves them vulnerable to attacks.