Ransomware – it’s like robbing banks

Have you noticed that nobody seems to rob banks anymore? That is because the criminal gangs have realised that it is easier to stay at home in their pyjamas and do ransomware raids and steal money that way.

1970s bank robbers
From: Stick ’em up: how crims made the ’80s a special kind of hell for banks

While this remains a profitable exercise it will continue. And it will get worse!

Increasingly their tactics are more malign: they exfiltrate your data, then lock it, then ransom it. Then you think it is done, but it’s not. Then they also sell your data on the dark web.

“Ransomware attacks in UK have doubled in a year, says GCHQ boss”

Jeremy Fleming says ransomware is proliferating as it is ‘largely uncontested’ and highly profitable

The Guardian

Expect to see more headlines like this. Ransomware is big business, and it is not going anywhere. But also, it will start to morph. And it will not morph in a good direction. Expect to see an increase in damaging attacks on infrastructure, hospitals, etc.

Because, while ransomware is effective way for criminals to earn some coin, it is also an effective way for both state and non-state actors to test your systems for access and to assess your strengths and weaknesses.

Protect yourself against ransomware attacks

Here are my recommendations to protect yourself against malware and ransomware:

  • Apply operating system and application patches early
  • Turn on multi-factor authentication for every app that you can
  • Use a password manager to enable individual strong passwords for each separate app you use
  • Do regular backups
  • Implement access controls
  • Turn on ransomware and anti-malware protection

Or go to the ACSC site and follow their recommendations: Protect yourself against ransomware attacks. And do not forget to do the Essential Eight!

Author: Kate Carruthers

Kate Carruthers is Chief Data & Insights Officer for UNSW Sydney, and is also an Adjunct Senior Lecturer in the School of Computer Science & Engineering. She is certified in information security and is currently undertaking postgraduate studies terrorism and security. Kate has extensive experience in senior roles in ICT, marketing, data and digital; and is a member of the NSW Government’s Data Analytics Centre Advisory Board. Kate is currently working at the intersection of data analytics, AI, ML, privacy, cyber security, and data protection.