Ransomware is a form of malware that electronically shreds data (by encrypting it) and the cyber criminals behind it demand a ransom from their victim in order to return the data. Unfortunately for everyone except the criminals behind it – the impact of ransomware is increasing.

In previous years, the cyber criminals behind ransomware might block access to your data if you didn’t pay up. Though with a recent enough backup you could avoid paying the ransom. In recent months however, ransoms have risen dramatically and some cyber criminals will release your private data publicly if you refuse to pay the ransom in the timeframe demanded.

The majority of ransomware victims are small-medium businesses with it recently suggested that 1 in 5 small businesses have already been hit. So why are so many organisations getting hit with ransomware? In many cases it comes down to apathy, there’s a feeling that “it won’t happen to us” within a lot of organisations who refuse to invest in cyber security. It reminds of the early days of PCs and Macs, most people didn’t back up their data. But slowly that changed as everyone had an incident where they something important, and from that point on, they started taking backups seriously.

When I first started raising concerns about Ransomware publicly in mainstream media around 2012, most organisations that were hit would receive a ransom demand of perhaps a few hundred dollars. In recent months those paying ransoms have seen average pay outs exceed NZ$180,000. This is around 10 times what it was at the beginning of 2019.

Add to that examples, such as ExecuPharm – who had their confidential and private data leaked to the internet (everything from emails, to drivers license numbers and credit card details) following a ransomware attack and the impact of getting hit be cyber criminals is getting nastier by the day. This has also happened to New Zealand businesses such as Fisher & Paykel Appliances.

What should a Small Business in New Zealand do?

If you’re not sure how secure your organisation is then now might be exactly the time to get a Cyber Security audit so you can minimise the risks. In the immediate term, have your IT team review:

  • Security surrounding any remote access to your network
  • How up-to-date your software is
  • Your password security (is anybody using the same password on more than one system?) and use of multifactor authentication (much the same as what your bank demands)

If you’re not sure of your security state, then consider investing in Cyber Security audit – a basic cyber security audit can run as low as $1500 for a small business in New Zealand.