tharun15 - Fotolia
Petya ransomware hits Aussie businesses
The latest ransomware attack has reached Australia’s shores, prompting calls to dump on-premise IT infrastructure for the cloud
The Petya ransomware attack has caused problems for a law firm and a chocolate factory in Australia, and the federal government is urging businesses to install security patches.
The malware, which has been making its rounds this week, encrypts files and forces victims to pay a ransom in bitcoin to get the encryption key to restore their systems.
The Australian Broadcasting Commission (ABC) reported that global law firm DLA Piper had told Australian staff of a “major cyber incident”.
Employees were told not to try to log on to computers or even turn them on, the ABC reported.
“The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware,” a DLA spokesperson told the ABC, adding that steps were being taken to “remedy the issue as quickly as possible”.
The Cadbury chocolate factory in Hobart, Tasmania was also targeted by a ransomware attack, with production halted on the morning of 27 June, according to the ABC.
Dan Tehan, the minister assisting the prime minister on cyber security, said in a statement that the Petya attack was a “wake-up call” for Australian businesses to regularly back up their data and install the latest security patches.
“All businesses should immediately update their Windows operating system with the latest security patches and there are instructions on the Australian Cyber Security Centre website to do this,” he said.
“It appears to be the same vulnerability as WannaCry. If your business has been infected, you should isolate the affected computer from your network to prevent the software spreading and use backup data to restore information.”
Tehan said Australia is monitoring the situation and is in contact with the Five Eyes, an intelligence alliance comprising Australia, Canada, New Zealand, the UK and the US.
Read more about cyber security in Australia
- Australia may never be able to create an IT industry like that in the US, but it can lead in cyber security.
- The Australian government is aware it has a cyber security challenge, but might not understand the size of the issue, according to experts.
- Australian enterprises are increasingly investing in security software as the threats to data continue to multiply.
- Demand for people with the right mix of skills to keep organisations in Australia safe from cyber attack is far in excess of supply.
Cloud supplier Macquarie Telecom was quick to jump on the Petya threat as a reason to dump on-premise IT infrastructure for the cloud.
Its group director, Aidan Tudehope, said in a statement: “Only a wholesale restructuring of the national ICT [information and communication technology] infrastructure may be enough to address escalating and damaging cyber attacks.
“The basic problem is the thousands and thousands of legacy computing and communications systems in businesses and homes. Too many of these systems are not being kept up to date with latest software releases, so will never be secured.”
Tudehope said that although there is no silver bullet for the cyber security problem, one necessary change is to try to get older systems out of the national ICT network by having computing capacity managed by specialists through the cloud.
The Australia government got serious about cyber security in 2016 with the release of the A$230m (US$176m) Cyber Security Strategy, which stressed the need to beef up the nation’s cyber defences and to develop the local cyber industry.
A Cyber security sector competitiveness plan, launched in April 2017, aims to help triple the size of Australia’s cyber security sector by 2026, with revenues jumping from A$2bn to A$6bn.
The government’s increased focus on cyber security appears to be having positive results. In 2016, 71% of respondents to an Australian Cyber Security Centre survey reported having a cyber security incident response plan in place, compared with 60% in 2015.
And the Minter Ellison Perspectives on cyber risk 2017 report also noted that 39% of CIOs had bought some form of cyber insurance in 2016, compared with 24% in 2015.