This incident illustrates the importance of mandating cybersecurity standards across all external suppliers and ensuring data resilience.
A media monitoring and analytics firm used by the Australian federal government has just been hit by a ransomware attack.
The company, Isentia, has informed customers that they do not know when services can resume. Customers have been experiencing disruptions on the firm’s media portal media articles, topics of interests and journalist contacts are housed.
As sensitive information belonging to the Australian government is held by Isentia, Australia’s key cybersecurity agency (the Australian Cyber Security Centre) has offered their technical advice and assistance.
Since a ransomware attack is involved, valuable data may be inaccessible to the firm for now. According to some news reports, some government departments and related agencies have had to seek alternative sources for media-monitoring and other governance activities.
Do not pay the ransom!
One expert has come out to comment on this tricky incident in which a government has become an indirect victim of ransomware due to lack of control over the cybersecurity of third-part suppliers.
“It’s likely comforting to learn that, according to an IDC survey, almost 1/3 of ANZ organizations hit by ransomware in the past two years paid the ransom. Unfortunately, when payment occurs, those monies are then available to fund yet more innovative attacks, and potentially motivate other criminal activity. This is a situation highlighted by the US Department of the Treasury’s Office of Foreign Assets Control in an advisory recently”, said Tim Mackey, Principal Security Strategist, Synopsys Software Integrity Group.
For businesses seeking to restore operations quickly, payment of the ransom may seem like an acceptable solution. Unfortunately, as the Toll Group found earlier this year, implementing IT improvements following one attack does not preclude another successful attack, said Mackey.
“Defending against any type of malware requires a comprehensive plan that looks at human factors in addition to technologies. Importantly, the underlying threat models should take into account how an attacker might use the data they collect. Isentia customers should look to change any credentials they have provided on the media monitoring portal as well as to revoke any access tokens to the media platforms Isentia was monitoring for them. Doing so could limit ongoing damage if Isentia customer data was exfiltrated during the attack.”