Recently, ABC News featured an interview with a hacker who claimed responsibility for a cyber-attack that is still fresh in our memories: the hack on Medibank. The hacker, who confirmed to have worked for the highly successful cyber gang "REvil," revealed some intriguing insights into the mindset of cyber criminals and the strategies they use to target businesses.
The interview shows the recklessness and lack of empathy from hackers and serves as a reminder to all business owners that the potential exposure, reputational damage, business interruption and financial costs following a cyber incident are too great to ignore.
Who is REvil?
REvil - short for “Ransomware Evil” were highly prolific in 2020 and 2021, carrying out multiple high-profile attacks, earning themselves over USD200M. Those who have monitored the group for years, say they have made the “double extortion” method famous and loved to create a media frenzy. Double extortion is the act of stealing sensitive data and then encrypting an organisation’s files using a gang’s ransomware application. The gang then carries out the ransom negotiation and if a victim agrees to pay, both the hacker and the gang take a cut.
The art of gaining access
The interview reveals that hackers often use a combination of sophisticated social engineering and technical skills to gain access to a company's systems. This can include tactics such as phishing emails or exploiting vulnerabilities in software. Once inside, the hackers can see which servers contain the most important information or the way the backups are arranged. From here, they can decide whether they can make more money by stealing and reselling confidential information or by encrypting everything with ransomware.
To pay or not to pay
In the case of the Medibank attack, REvil demanded a ransom payment of $270 million in exchange for not releasing sensitive data that had been stolen from the company's servers. It’s a typical example of the ‘double extortion’ method that has helped this group make recent headlines. Unfortunately for the hackers, Medibank did not pay the ransom. Whether companies should pay ransom demands is another topic and one for public debate as the government is considering making cyber ransom payments unlawful.
- Hackers often target specific industries or companies that they perceive to be vulnerable. For example, REvil targeted Medibank because the company was perceived to have weak security measures in place. Highly profitable companies are also an attractive target for cyber criminals, due to their financial strength and their ability to pay the ransom demand.
- It’s paramount for businesses to invest in strong cybersecurity measures, including firewalls, antivirus software, multi-factor authentication and employee training programs and reviewing these on an ongoing basis. Cyber criminals are experts, constantly adapting and developing new techniques to exploit vulnerabilities within company networks and it’s important to always stay one step ahead.
- No matter how many controls you implement, there is no silver bullet when it comes to cyber security. This highlights the importance of having adequate insurance coverage for cyber-attacks, as the financial impact of such incidents can be devastating.
- Reputation and customer trust is also at risk. This is particularly true for industries such as healthcare, where sensitive patient data is stored. It is reassuring to know that cyber insurance does not provide financial protection alone, it also assists with crisis management and reputational repair.
With you all the way
Cyber defence must be a priority for all Australian businesses. To find out how Honan can help you manage these risks and learn more about cyber insurance, reach out directly to discuss your business’s unique needs.
Senior Client Executive – Professional & Executive Risks