Latest case involves Brisbane-based firm that paid $14,000 in bitcoin ransom


Ransomware attacks in Asia Pacific doubled between 2013 and 2014, with Australia topping the hit list for cyber criminals demanding a bitcoin payout.

Cyber security firm Symantec says ransomware attacks in the region are on the rise, with the top five countries targeted being Australia, Japan, India, New Zealand and China.

Ransomware is a type of malware that restricts access to the computer system that it infects and demands a ransom in order for the restriction to be removed.

The latest high profile case targeted an Australian multinational based in Brisbane, which paid a AU$14,000 ransom to cyber hackers in bitcoin.

The company, which police refused to identify, paid the hackers an initial ransom after its computer system was hacked and sensitive data stolen earlier this year.

When the company refused a further larger ransom demand and contacted police, hackers then “profiled a senior member of the organisation, identified their family and threatened to discredit members of his family through online attacks particularly targeting a child”, police said.

The case prompted acting assistant commissioner Brian Hay to warn that businesses should never give in to extortion demands but also be wary of posting personal information on social media that could be exploited as leverage by cyber criminals.

Bitcoin market

Paul Black, Asia Pacific/Japan leader of the Symantec Incident Response team within the cyber security services business unit, says bitcoin has played a huge part in the ransomware market, where the currency is almost exclusively used.

“Bitcoin has always been the preferred [currency] because of its anonymous nature,” Black says.

But despite the falling value of Bitcoin, experts do not expect a decrease in malware attacks. Rather, the volume of Bitcoins per ransom may increase, says consultancy Deloitte.

“Ransomware is going through an entrepreneurial phase, with infected users with decrypted files reportedly now able to negotiate with some of the criminals to reduce the price,” Deloitte national lead partner cyber risk services Tommy Viljoen says.

Black adds: “Ransomware is not a particularly sophisticated type of attack. But it’s something which tugs on the heartstrings of users when you find out all of your family photos or your entire music collection is encrypted and the only way to get them back is to pay up.”

He says the majority of ransomware attacks are spear phishing campaigns in the form of an email from what appears to be a well known organisation such as a utility company, government body or postal service.

“The emails can look very authentic but if you look closely they might contain spelling errors or different addresses,” he says. “It’s really an awareness issue and making sure you have the right security software.”

What to do if your business is attacked

Viljoen says the key reasons that some organisations pay a ransom is the potential downside of not paying up and the time spent on resolving the issue.

But he urges any company or individual hit by a ransomware attack to refrain from paying the ransom and contact the police.

“As long as organisations continue to pay for decryption after an attack the volume of attacks will increase,” he says.

“Ransomware is a very effective means for cybercriminals to monetise their activities. It allows the hackers to source funds in a very short period of time in a way that hurts organisations the most through, for instance, stopping access to core internal systems, stopping customers gaining access to key applications and basically stopping business from functioning normally,” he says.

Having up-to-date security systems in place will also help.

“Operating systems and applications should be updated regularly updated and patched to reduce the risk of malicious software taking advantage of the vulnerabilities,” he says, adding that users should also be educated to only open links or documents from trusted sources.

“Internet links should be copied and pasted into a browser rather than clicked on within the email, and inspected for a suspicious destination.”

But if the latest ransomware case in Brisbane is anything to go by, education and security systems can only go so far. All experts agree that the only way to stem the flow of attacks is to report the crime and refuse to pay.