Hackers who had targeted hospitals in New Zealand’s Waikato district last May have released what appears to be private patient information to media outlets, as health systems struggled to come back online more than a week after the attack. After the ransomware incident, all organisations are taking considerations on having a proactive plan in place to protect themselves and their companies from any cyber-attacks or ransomware incidents that might happen again in the future.
In New Zealand, more than half of businesses have been successfully targeted by ransomware, with 20% estimating that their company has been targeted by 16 or more ransomware attacks a quarter.
With the risk of attack so high, organisations looking to continue accelerating their growth need to have a proactive plan in place to protect themselves. Cybersecurity measures are necessary, but ransomware attacks frequently bypass them or exploit security vulnerabilities. If this happens, the only alternative is to pay the ransom unless the company has a secure backup system.
Most organisations back up their data for disaster recovery and business continuity purposes. However, data restoration from these legacy systems, on the other hand, can be slow and inconvenient, with no guarantees. If the backup data is likewise corrupted, the company may have no choice but to pay the ransom and assume that the attacker decrypts the data without causing any additional damage.
Besides that, software experts from a cybersecurity business in New Zealand claim to have discovered a new strain of Windows ransomware known as ‘Epsilon Red,’ which targeting unpatched Microsoft Exchange servers to encrypt machines.
The Epsilon Red ransomware is delivered as the final executable payload in a deliberately coordinated operation, according to the researchers. to their findings, every other element of the attack is dependent on PowerShell scripts which involves:
- A script that executes a command on the infected computer to remove Volume Shadow Copies, making it more difficult for the target to retrieve part or all of the files encrypted by the attackers.
- A script that uninstalls any security or backup software that may be installed on the infected PC. It looks for certain programmes, as well as anything in the title bar that says “Backup” or “Cloud,” and then tries to terminate and delete it. The attackers also try to disable or kill processes that, if they were running, might prevent encryption of valuable data on the hard drive.
According to an article from OpenGov Asia, CERT NZ- the Computer Emergency Response Team are developing a much richer understanding of the types of threats and issues that are affecting New Zealanders, and New Zealand businesses. Phishing and credential harvesting (where an attacker collects personal data) were the most reported form of attacks and were up 76% in 2019. Behind those were scams and fraud reports, which are up by 11%.
In total, NZ$ 16.9m was lost to attackers – the most in a single year since CERT was launched. The country’s one-stop shop for cybersecurity said they were not surprised that more attacks and more financial loss were being reported, as New Zealand’s an exceptionally attractive country, with a very trusting set of communities.
To avoid this situation from happening, businesses should opt for a backup data storage system that protects data from malicious attacks by locking it down. By creating an immutable snapshot of backup data and associated metadata catalogues, this type of solution can prevent the data snapshot from being deleted, encrypted, or modified.
The data snapshot is off-limits even if an attacker gains admin right. This is a secure method of protecting data from hackers. The next stage is to swiftly and successfully restore the data. The backup architecture is required for this feature. It must bring in all of the data from the organization’s several silos without slowing down. The faster the data can be restored, the sooner the organisation can get back to business acceleration.
When an organisation can recover quickly from a ransomware attack, customers and partners gain confidence in the business, letting the organisation accelerate its growth safely and reliably.