Australian businesses will continue making ransomware payments while it makes business sense, but the government’s move to force disclosure of the payments will eventually help arrest the current growth in attacks, according to global cyber firm Arctic Wolf.
“Unfortunately, there are circumstances especially in the mid-market or the SMB [market], where the viewpoint of those organisations is how much time and energy and resource am I going to have to put in, versus paying the ransom,” Arctic Wolf chief executive Nick Schneider says.
“And sometimes the math just equates to paying the ransom and moving on.”
The Home Affairs department has been asked to design a mandatory no fault, no liability ransomware obligation for businesses to report ransomware incidents and payments by 2025.
As one of the first initiatives of the new national cybersecurity strategy, the obligation is intended as an early warning system to help get businesses the support they need. It requires business to report all ransomware incidents, ransom demands and payments, with these indicators potentially shared anonymously with industry.
Mr Schneider said the scheme would bring much needed awareness to the threat of ransomware.
“Bringing awareness to the problem and allowing people to not feel like they’re at fault for it, I think is a good step in the right direction,” he told InnovationAus.com.
“Certainly, hiding what is happening so that other people can’t learn from it is not going to help those on the right side of the problem.”
According to the Australian Signals Directorate, ransomware attacks currently cost the Australian economy $2.95 billion each year, a figure that is continuing to increase and likely a conservative estimate given the underreporting of ransomware.
It is now considered one of the most disruptive cyber threats, and the new national strategy has set a goal to disrupt the ransomware business model, including the growth of ‘ransomware-as-a-service’.
Arctic Wolf has also seen a growth in ransomware attacks, often against unprepared victims.
The US company was valued at US$4.3 billion in a 2021 funding round.
It has operated in Australia for the last year, targeting small- and mid-sized enterprises, typically with up to 2000 employees. It’s a market that typically has budget and personnel dedicated to cybersecurity, but both are stretched thin, Mr Schneider said.
“By and large, though the small and mid-market struggles with cybersecurity as a core competency of their business… Folks certainly have budget for cybersecurity. They likely have a person or two on staff that has some cybersecurity experience, although most of the time in that market they’re doing multiple roles.”
Arctic Wolf’s data from threat analysis and its incident response service shows a resurgence in bad actors last year after a downturn in 2022 when the Russia Ukraine war took many of them “out of the market”.
Many of these cyber criminals are back, with ransomware attacks surging 46 per cent in the first half of 2023, according to the company.
“We saw a pretty dramatic resurgence of activity,” Mr Schneider said. “Back to kind of 2021 levels, and now moving into 2024 it’s not slowing down.”
The bad actors have followed the money, setting up sophisticated operations and targeting entire companies rather than individuals, according to the Arctic Wolf chief.
“In some places, these [cyber attackers] are companies. They have an HR department, they have their own IT department. Sometimes the employees don’t even really know what they’re working on,” he said.
“But this isn’t just one guy in a basement. These are sophisticated organisations.”
