Don’t let your business data be held to ransom

Ransomware threats are a good reminder of why it’s important to back up your business data regularly. David Powell, Chief Security Officer, NAB, suggests steps you can take to avoid your data being held to ransom by cybercriminals.


Ransomware is currently one of the most significant security threats to small businesses in Australia. Criminal gangs spread this malicious software via convincing spam emails to extort payment from the victim.

Ransomware is a type of malicious software (malware) that encrypts (or locks) the files on a computer, making them inaccessible. Once the malware has been downloaded on the victim’s computer, the victim receives a message on their computer screen from the criminal (the ransom note), advising them that their files have been locked, and demanding money in return for unlocking the files.

In 2014, the Australian Competition and Consumer Commission (ACCC) received more than 2500 reports of ransomware with small businesses and consumers reporting losses of nearly a million dollars as a result.

This figure likely represents only a fraction of the total victims of ransomware, as not all victims are willing to report the crime. Cybercriminals usually demand victims pay the ransom in virtual currencies, such as Bitcoin, which is difficult for law enforcement to trace.

“Several people reported losing over $10,000 to these scams, which can have a devastating effect on a small business,” says ACCC Deputy Chair Dr Michael Schaper. “Ransomware can also see your business losing all of its business and financial records, which may be catastrophic.”

The value of your data

Information is the real DNA of every small business, concurs David Powell, Chief Security Officer, NAB and should be protected from cybercriminals.

“To get a real understanding of the value of your information, think about what would happen to your business if the following scenarios occurred – your computer systems were unavailable for a week; you lost all the data stored on all the computers in your company; or your biggest competitor was able to obtain a list of your customers along with sales figures and sales notes.”

Some of the ransomware circulating in Australia include CryptoLocker, CryptoWall and TorrentLocker.

Powell gives the example of a recent scam that started with an email asking recipients to pay a $150 traffic fine to the Australian Federal Police. The bogus fine directs them to click on a link and download a file to view their infringement notice. In downloading the file, the recipient installed TorrentLocker malware onto their computer.

“TorrentLocker then locks all the files on the computer,” says Powell. “Some variants of the malware are so sophisticated they are capable of seeking out files shared with other computers on the same network to lock those too. The victim then sees a ransom note on their screen from the criminal, advising them their files have been locked and demanding thousands of dollars to unlock them. Ransomware attacks are just like any other extortion attempt and police advise that businesses should not comply with the criminals request for money.”

Steps to protect your business from ransomware

Ransomware threats are a good reminder of why it’s so important to back up your business data regularly.

“Backing up data means making a copy on another device,” says Powell. “For example, you might save your important files onto a second hard drive or even on a different encrypted USB drive. It is best practice to back up your data on two different devices.”

There are two basic kinds of backups: a full backup and an incremental backup.

A full backup makes a complete copy of the selected data onto another device. An incremental backup saves just the data that has been added or changed since the last full backup.

“A full backup, augmented by incremental backups, is quicker and takes less storage space,” says Powell. “You might consider a policy of running a full backup on a weekly basis, followed by daily incremental backups.”

Also, remember to disconnect the backup device after you have completed your backup.

“As attackers are known to encrypt or delete backups connected to the computer or network, it’s important to keep backups of business data offsite and off the network,” says Powell.

It’s also important to test your backups frequently by restoring data to a test location.

This helps ensure the backup device and backed-up data are in good shape; identify problems in the restoration process; and provide a level of confidence that your backups will be useful during an actual crisis.

Top tips for securing your business

Don’t do the following:

  • provide banking details to unsolicited emails or phone calls
  • use unsecured Wi-Fi networks for online banking
  • use a third party of untrusted app stores
  • share too much personal information on social media.

For further information

Managing the threat of a cyber attack is a vital part of running any business in this new digital age. If you are looking for more information about how to protect your business from such threats, visit these sites.

The Australian Cybercrime Online Reporting Network (ACORN) is a secure reporting and referral service for cybercrime and online incidents that may be in breach of Australian law. Certain reports will be directed to Australian law enforcement and government agencies for further investigation.