Ransomware: What you need to know

7:57 pm on 18 May 2021

Explainer - Waikato District Health Board appears to have been hit with a ransomware attack, with clinical services across all Waikato public hospitals seriously affected.

The DHB has set up incident management, but there was a full outage of its information services.

So what is ransomware, and why is it bad? RNZ is here to clear it all up.

No caption

Ransomware is essentially a really old crime, extortion - just using computers. Photo: RNZ / Vinay Ranchhod

What is ransomware?

Ransomware is one of the most common - and increasing - types of cybercrime. Over the past year, hospitals, police forces, even oil pipelines have fallen victim.

If you had a courier parcel arrive late last year, it could have been because transport company Toll was hit twice by ransomware.

Basically, someone - a group or an individual - attacks an organisation's computer systems. It could be as simple as someone clicking on one of those dodgy emails we all get, or a much more sophisticated attack.

From there, software is installed, maybe on one computer, or across a whole network, which encrypts files and documents and generally wreaks havoc. The attackers then ask for a ransom so the victim can get their stuff back.

It's a really old crime - extortion - just using computers.

Just last week the Irish Health Service had to shut down its IT system to protect it after an attack.

Ireland's leader, Taoiseach Micheál Martin, said it would "take some days" to assess the impact of the cyber attack - but that they wouldn't be paying any ransom.

In New Zealand, Resident Doctors Association and Association of Professional and Executive Employees (APEX) national secretary Dr Deborah Powell said it was her understanding the Waikato cyberattack was a type of ransomware called "Conti" - which is the same ransomware as the Irish attack.

As well as locking up files and documents, attackers might also steal confidential information, and threaten to release it. Public sector organisations might not pay to unlock their files if they have good back ups and systems. But they might do it to protect confidential information.

In the US, the Washington DC police had a massive leak after they refused to meet the demands of a ransomware crew. AP reports that a review of hundreds of police officer background checks, disciplinary files and intelligence reports that include feeds from other agencies, "including the FBI and Secret Service were released on the dark web".

In another case, a counselling service's entire patient database was exposed to the open internet - not just contact details, but their patient notes - after a data breach. In that case, the attackers asked individuals for their own ransom to stop their information being made public, Wired reports.

So what can people do about it?

Internationally some ransomware crews have been the subject of sanctions.

Last year, the US treasury issued advice that said "demand for ransomware payments has increased during the Covid-19 pandemic as cyber actors target online systems that US persons rely on to continue conducting business. Companies that facilitate ransomware payments... not only encourage future ransomware payment demands but also may risk violating OFAC regulations."

So businesses may be stuck between a rock and a hard place.

Minister of Justice Kris Faafoi told Stuff he was not considering making it an offence to pay a ransom or to facilitate payment of a ransom in the event of a ransomware attack.

It's definitely worth thinking about.

Late last year, the Australian Cyber Security Centre observed an increase in the number of ransomware incidents affecting Australian organisations and individuals.

Cryptocurrency payments analysis firm Chanalysis found that "the total amount [of cryptocurrency paid by ransomware victims increased by 311 percent in 2020." (What cryptocurrency is, and why ransomware attackers use it is an explainer for another day.)

Good computer security practices can help defend organisations, and a big part is understanding the problem - and the devastating effects it can have.

Organisations, for example, could consider rehearsing their ability to respond to ransomware events to help prepare and identify areas where data or systems may be difficult to recover.

CERT has some advice about what businesses can do - which includes updating operating systems and apps regularly, backing up files and antivirus and anti-ransomware software, as well as good password practice for regular users and computer system administrators.

  • Waikato DHB not certain how long before cyber attack fixed
  • Waikato hospitals hit by cyber security incident
  • Surge in ransomware cybercrime during pandemic - global report
  • Cyber attacks set to increase in 2021 - report
  • Cyber crime bust: Computer security consultant says NZ seen as a bit of a backwater