Culling ransomware urgent priority for cyber security minister

Ransomware attacks are increasing exponentially, and some are now targeting backup systems

A flood of ransomware, demanding ransom usually in bitcoin to unlock files encrypted by malicious software, will be an early priority for Victorian Liberal MP Dan Tehan in his new role as Australia’s ‘cyber minister’.

Tehan was appointed minister assisting the prime minister for cyber security in a post-election ministerial reshuffle by Malcolm Turnbull.

Tehan, previously chairperson of the Parliamentary Joint Standing Committee on Intelligence and Security, will have to oversee recruitment of several hundred cyber security specialists to various agencies, while also handling veterans’ affairs and defence personnel porfolios.

Ransomware attacks are increasing exponentially. America’s Federal Bureau of Intelligence has reported that forced payments of ransomware by US business and public sector bodies (notably hospitals) soared from a known US$25 million in all of 2015 to at least US$209 million in just the first three months of this year.

Similar increases are being reported for Australia, which is considered a prime target for foreign criminal groups buying ransomware variants from cybercrime software creators, usually through services whose real-world location is obscured via Tor.

The US federal government is already issuing ransomware guidelines, such as July’s ukase from the US Department of Human Services demanding better backups for computer systems, and mandatory disclosure of attacks. Police agencies in Europe, working through Europol and with chipmaker Intel and security vendor Kaspersky, have launched a ‘No More Ransom Project’.

A key priority for Australian federal cyber security policy-makers, and for private enterprise company boards, will be overseeing a drastic overhaul of data backup systems.

Backup systems, still eschewed altogether by at least a quarter of mid-sized to enterprise level businesses in Australia, have in the past been seen mainly as insurance against physical damage (such as the Brisbane floods), hacking damage to databases, or as cover against the inevitable expiry of ageing hard drives.

In the past, they could also be used to reload operating systems and a contemporary snapshot of data if a computer system had to be cleaned back to bare metal after being compromised by malware of various types.

But recent, highly sophisticated versions of ransomware are now specialising in dismantling protective security systems and spreading to backup systems, either elsewhere in the physical installation or even in offsite locations such as material in cloud storage or on virtual servers. Small USB drives left plugged in to a computer and attached external hard drives are also included in the targets.

In the federal sphere, this means Tehan will have to initiate a wholesale reworking of backup systems, both on-site and off-site, including cloud storage for all federal departments, instrumentalities and agencies.

The same applies to the company boards and management of most, if not all, local business and non-profit operations.

The requirements could be summed up as the three Vs: Vaulting, versioning and verification. Vaulting means quarantining backup systems, including mirroring of operation systems as well as working data, from the main operating system, so that malware cannot get through.

Versioning means keeping periodic versions of what is backed up, and having versions not dependent on each other, so that when an uncompromised version is found, it can restore the operating system and all but the most recent data.

Verification means regular checks that backup actually works -- some faulty systems invoked after ransomware attacks have fallen flat on their face when actually deployed.