Register For Our Mailing List

Register to receive our free weekly newsletter including editorials.

Home / 428

Ransomware threatens home, office and national security

Tobias Vernon of the UK owns two small galleries that sell 20th-century ceramics and artworks. Thanks to marketing efforts, the business has almost 50,000 Instagram followers.

In May 2021, an email appeared from Instagram congratulating the business for getting a ‘blue tick’, which bestows on the account ‘authentic presence’. Vernon clicked the link in the email and logged in. Not long after, a message soon appeared:

“We have seized control of your Instagram account …We require US$1,000 to grant you your account back.”

Even the hackers want to be 'trustworthy'!

Vernon eventually paid US$750 in bitcoin to Russians, who released the account. But get this. Three days later, Vernon got an Instagram message from a bakery in Australia that had been hacked by the same group. The baker had been told to contact Vernon for a Tripadvisor-style testimonial that the hackers were trustworthy, so to speak, in that they would release the kidnapped device when paid.

Such traumas are proliferating because the malware-based crime known as ransomware is reaching menacing proportions. Criminally installed encryption that is reversed only by ransom is rising "almost exponentially” in the words of FBI Director Christopher Wray because the virtual private networks that enable working from home have made business systems more vulnerable.

US cyber-security firm Mimecast found that 61% of the 1,225 global IT firms it surveyed suffered ransomware attacks in 2020, a 20-point jump from 2019. The Australian Cyber Security Centre, a government agency, said ransomware attacks in Australia rose 15% last financial year to 500 incidents. Global security group, Institute for Security and Technology, estimates 2,400 ransomware victims in the US paid nearly US$350 million in ransom in 2020, a 311% jump in payments from 2019.

Ransomware “is an urgent national security risk” because “attacks on the energy grid, on a nuclear plant, waste-treatment facilities … could have devastating consequences,” the Institute cautioned. As such warnings signal, ransomware has evolved from a cottage industry into something resembling a “criminal franchising arrangement”, according to the Australian Cyber Security Centre.

Nothing is safe from virtual kidnappers

Among notable attacks this year, in March, US insurer CNA Financial reportedly paid a then-record US$40 million ransom. In May, ransomware disrupted Colonial Pipeline, which carries 45% of US east coast fuel supplies, for 11 days until a US$$4.3 million ransom was paid for a malfunctioning decrypter key. In July, a ransomware attack on the US-based software company Kaseya was notable for gifting up to 1,500 global victims to the criminals and that the ransom demand was a record US$70 million. The biggest ransomware attack in terms of victims is still the ‘WannaCry’ one in 2017, when up to 300,000 computers were infected though the criminals received limited payment.

Ransomware is flourishing because the risk-reward calculation favours the attackers. What choice do companies have but to pay a government-protected group that might destroy their mission-critical computer system?

Paying the ransom, however, often fails as a solution. The Mimecast survey found that 52% of ransomware victims paid the ransom but only 66% of those recovered their data – the others were double-crossed.

The hope is that the risk part of the calculation might increase to the detriment of the scammers because western governments are enhancing and coordinating efforts to stop ransom attacks. Officials too are warning internet users to be better prepared for these attacks.

Eradicating the threat seems far off. Computer systems are impossible to secure and it’s expensive to try. Phishing emails and other scams too easily trick people into installing malware. Enough employees are willing to sell passwords on the ‘dark web’. Perhaps, though, the greatest asset ransomware criminals have is that cryptocurrencies are hard to trace. Many advise that a government crackdown on cryptos is the best way to reduce the menace.

The US’s unprecedented move in September to blacklist a Russian-owned crypto exchange shows Washington might agree. Something needs to tackle this mobster shakeout for using the web before the damage reaches national-security proportions.

Even if defensive efforts increase, ransomware appears unbeatable when five billion people are connected to the internet. As ransomware is online, the public seems to be unable to come to terms with the magnitude of the threat, which hampers the fightback. It’s true that ransomware would exist even if cryptos didn’t but it might barely register as a danger because how would the criminal be paid?

Some victims refuse to pay and the criminals back down. The ‘WannaCry’ attack emanating from North Korea generated little ransom for the attackers but according to the world’s anti-laundering body caused an estimated US$8 billion in damages to hospitals, banks and businesses across the world.

Attack the problem at the payment end

Such calculations show that the ransomware threat needs to be taken much more seriously. The non-virtual world provides the clue to defeating the menace. Kidnapping is a rare crime nowadays because the police caught kidnappers when they spent the cash. The solution to ransomware might be to regulate cryptocurrencies, possibly – as is the intention of China’s ban on crypto activities – to the point where they are unviable.

Such actions might mean the world loses the (disputed) benefits of cryptocurrencies. But that’s part of the cost-benefit analysis governments need to undertake to defeat the scammers that hound legitimate users of the internet, be they UK gallery owners or bakers in Australia.

 

Michael Collins is an Investment Specialist at Magellan Asset Management, a sponsor of Firstlinks. This article is for general information purposes only, not investment advice. For the full version of this article and to view sources, go to: https://www.magellangroup.com.au/insights/.

For more articles and papers from Magellan, please click here.

 

RELATED ARTICLES

Fight cybercrime by investing in cybersecurity

Cybercrime response may slow internet

banner

Most viewed in recent weeks

House prices surge but falls are common and coming

We tend to forget that house prices often fall. Direct lending controls are more effective than rate rises because macroprudential limits affect the volume of money for housing leaving business rates untouched.

Survey responses on pension eligibility for wealthy homeowners

The survey drew a fantastic 2,000 responses with over 1,000 comments and polar opposite views on what is good policy. Do most people believe the home should be in the age pension asset test, and what do they say?

100 Aussies: five charts on who earns, pays and owns

Any policy decision needs to recognise who is affected by a change. It pays to check the data on who pays taxes, who owns assets and who earns the income to ensure an equitable and efficient outcome.

Three good comments from the pension asset test article

With articles on the pensions assets test read about 40,000 times, 3,500 survey responses and thousands of comments, there was a lot of great reader participation. A few comments added extra insights.

The sorry saga of housing affordability and ownership

It is hard to think of any area of widespread public concern where the same policies have been pursued for so long, in the face of such incontrovertible evidence that they have failed to achieve their objectives.

Two strong themes and companies that will benefit

There are reasons to believe inflation will stay under control, and although we may see a slowing in the global economy, two companies should benefit from the themes of 'Stable Compounders' and 'Structural Winners'.

Latest Updates

Strategy

$1 billion and counting: how consultants maximise fees

Despite cutbacks in public service staff, we are spending over a billion dollars a year with five consulting firms. There is little public scrutiny on the value for money. How do consultants decide what to charge?

Investment strategies

Two strong themes and companies that will benefit

There are reasons to believe inflation will stay under control, and although we may see a slowing in the global economy, two companies should benefit from the themes of 'Stable Compounders' and 'Structural Winners'.

Financial planning

Reducing the $5,300 upfront cost of financial advice

Many financial advisers have left the industry because it costs more to produce advice than is charged as an up-front fee. Advisers are valued by those who use them while the unadvised don’t see the need to pay.

Strategy

Many people misunderstand what life expectancy means

Life expectancy numbers are often interpreted as the likely maximum age of a person but that is incorrect. Here are three reasons why the odds are in favor of people outliving life expectancy estimates.

Investment strategies

Slowing global trade not the threat investors fear

Investors ask whether global supply chains were stretched too far and too complex, and following COVID, is globalisation dead? New research suggests the impact on investment returns will not be as great as feared.

Investment strategies

Wealth doesn’t equal wisdom for 'sophisticated' investors

'Sophisticated' investors can be offered securities without the usual disclosure requirements given to everyday investors, but far more people now qualify than was ever intended. Many are far from sophisticated.

Investment strategies

Is the golden era for active fund managers ending?

Most active fund managers are the beneficiaries of a confluence of favourable events. As future strong returns look challenging, passive is rising and new investors do their own thing, a golden age may be closing.

Sponsors

Alliances

© 2021 Morningstar, Inc. All rights reserved.

Disclaimer
The data, research and opinions provided here are for information purposes; are not an offer to buy or sell a security; and are not warranted to be correct, complete or accurate. Morningstar, its affiliates, and third-party content providers are not responsible for any investment decisions, damages or losses resulting from, or related to, the data and analyses or their use. Any general advice or ‘regulated financial advice’ under New Zealand law has been prepared by Morningstar Australasia Pty Ltd (ABN: 95 090 665 544, AFSL: 240892) and/or Morningstar Research Ltd, subsidiaries of Morningstar, Inc, without reference to your objectives, financial situation or needs. For more information refer to our Financial Services Guide (AU) and Financial Advice Provider Disclosure Statement (NZ). You should consider the advice in light of these matters and if applicable, the relevant Product Disclosure Statement before making any decision to invest. Past performance does not necessarily indicate a financial product’s future performance. To obtain advice tailored to your situation, contact a professional financial adviser. Articles are current as at date of publication.
This website contains information and opinions provided by third parties. Inclusion of this information does not necessarily represent Morningstar’s positions, strategies or opinions and should not be considered an endorsement by Morningstar.

Website Development by Master Publisher.