Ransomware may have emerged in the Greed is Good era of the late 1980s, but this computer-data-locking malware is still stinging small businesses in Australia and increasingly using cryptocurrencies to do it.
More than 100,000 ransomware complaints are reported each year to the Australian Competition & Consumer Commission (ACCC), says deputy chair Dr Michael Schaper.
“These scams never die out, but do have a period of time where they will flare up and become very well used and frequently found, then drop away in the background,” he says.
In 2015, the ACCC received 4500 ransomware and malware complaints – up from 2500 the previous year. However, businesses overall reported a total loss of $390,000 last year, down from the $970,000 figure for 2014.
Schaper says: “Small businesses are getting savvier, so losses are getting smaller – on average about $500 – but it’s small businesses who ring the ACCC to complain as bigger firms have in-house systems and tend to keep [the complaints] to themselves.”
Scammers demand a ransom to unlock access to data on the victim’s computer, but don’t always come good. Last year’s figures show scammers demanding funds via wire transfer and increasingly through cryptocurriences such as bitcoin, which are “much harder to police, track down and much less retrieved”, he says.
Recognise the many guises
Most ransomware is crafted to look like a legitimate email from a large business such as Telstra, major banks or government agencies. Returning to email inboxes this year is the fake Australia Post email asking people to “click on a link” to organise a pick up for a failed delivery.
Avoid downloading zipped files or those with an “exe” extension, says Schaper, even if the sender looks familiar.
Make sure the people who work in your business know about it as well – all you need is one person to be checking the inbox and open that email.
Keep staff on the lookout
“Make sure the people who work in your business know about it as well – all you need is one person to be checking the inbox and open that email,” warns Schaper.
“You need to be alert to why would the tax office not have an email address that ends in ‘.gov.au’ or why is Telstra using a gmail account?”
Tell staff if something doesn’t look right with the email address, ask the business owner before opening it.
Not just about money
Once downloaded, ransomware can have a “devastating effect across a small business”, says Schaper, “destroying the whole business model for a small business – client knowledge, accounts, business system, supplier details and customer details. Everything you’ve got online.”
Secure your systems
The ACCC advises ensuring your computer has a firewall as well as current software to tackle viruses and spyware. Back up your business data regularly and using an offline machine, even external hard drive.
Pop-up blockers can help stop ransomware, which is often delivered after following links in pop-up alerts.
Education is the main defence, says Schaper: “Scammers are fast and they’re overseas so don’t wait for law enforcers to come over and identify them; they crawl back somewhere else.”
Professional services and the retail sector are most vulnerable because they tend to be more visible to the general public.
Report the suspects
Contact the ACCC’s SCAMwatch on 1300 795 995 or via the web.
Former Sunday Age staff journalist, Margaret Paton (formerly Jakovac) has written widely for corporations/government departments and more than 100 online/hard copy mastheads in regional NSW, Sydney, Melbourne and Europe.