Today, there is so much hacking that it's become routine for people's computers to be hacked. Cyber attacks happen every day. A few days ago, another of our clients went down with a ransomware attack. 

For Australian retailers, a computer hack can threaten your business operations.

The first point I want to make is that, in my experience, most cyber attacks are

1) An inside job, someone you know has access

2) Someone on your system has gone into a site, clicked an email or put some software on your computer.

Here are some steps to recover from a cyber attack.

Assess the Situation

When you suspect a hack, stay calm and assess the situation methodically. The odds are you have some time. The hacker generally needs time to assess what he has broken into and how he can best utilise the asset he has just gotten.

The odds are in retail. He wants to get into the EFTPOS system. It is not easy, but he can make much money if he succeeds.

Then, they want your passwords for sites such as banks, PayPal, and Facebook advertising accounts.

Finally, they may want to lock you out of your system with ransomware. I have spoken about ransomware before, so please check it out.

Possibly, they could steal your data, such as your customer information. If they put this data up on the dark web, you could have a real legal problem if the word gets out that it came from you from the Australian government.

Take Immediate Protective Actions

Log Out of All Devices

Immediately log out of all your devices, including:

• Your main computer
• POS terminals
• Tablets

This step helps prevent further unauthorised access and limits the hacker's ability to cause more damage.

Shut them all down.

Contact us ASAP.

We want to get your data. I hope you have a good backup. We will totally format your system and clean out everything. With a modern hack, you can never know what they have done, so we will clean everything. We will install new software on your computer and restore your data. We will change all passwords, and hopefully, it will be fixed.

If you want to do it yourself, then

Wipe Infected Devices

1. Perform a complete system wipe
2. Reinstall the operating system using a bootable drive
3. Ensure you're starting from a clean slate

Please don't rely on antivirus software, as it may not detect sophisticated malware like info stealers.

A complete system wipe is the safest option.

Identify Your Critical Accounts

Don't use the infected computer for any recovery actions!!!

Make a list of your most important accounts, prioritising those that control access to others:

1. Primary email account (Gmail, Microsoft, etc.)
2. Financial accounts (PayPal, bank accounts, digital wallets)
3. POS system account
4. Supplier portals
5. Business social media accounts

Go on a secure device, e.g., your smartphone, and start changing passwords, such as your bank, email, Facebook, Gmail, etc. Add a unique character, e.g. %, at the end of every password as an emergency fix. So, for example, if your password was flower19, make it flower19%.

Secure Financial Information

If you need to go further, and some of our customers have had to go to the bank:

• To freeze any credit or debit cards used online
• Contact your bank to replace these cards
• Notify your bank about potential fraud exposure

They are excellent about that; they cancel the card immediately and ensure you get an emergency card.

Then, start reviewing recent transactions

Legal Obligations for Australian Retailers

As an Australian retailer, you do have a legal obligation if you get data breached:

• You must notify affected individuals.
• Also, you must notify the Office of the Australian Information Commissioner (OAIC) if a data breach is likely to result in serious harm.
• You get 30 days to determine whether that suspected data breach meets the criteria for notification.
• Failure to comply can result in penalties

Insurance Considerations

After the hack, it's a bit late, but now you should review your current business insurance policy to understand your cyberattack coverage. Consider:

• Cyber liability insurance
• Data breach coverage
• Business interruption insurance

If you don't have it, now is a good time to discuss it with your insurance provider.

Prevent Future Attacks

With your immediate security restored, implementing these preventative measures will help protect your business from future attacks:

• Keep all software and systems updated
• Use a reputable antivirus solution
• Implement strong security
• Regularly take backups, keep them offsite

Remember, cybersecurity is an ongoing procedure.

Need immediate assistance for a cyber attack? Contact our support.

The harsh reality of ransomware. This scene is quite typical to me. A person is working on their computer, and it goes wild. Generally, the computer screens go blank, and a message appears demanding payment in cryptocurrency to regain access to your systems.

People's hearts sink as they realise they have fallen victim to a ransomware attack. Then they call us to ask what they can do.

Pay or not to pay?

It's a problem. The Australian government wanted to make it illegal to pay the ransom, but like so often in Australia, it bogged down into the too-hard basket, so they are amending their ideas.

You should notify the Australian Cyber Security Centre (ACSC). One advantage of doing that is that if some of your data does get out because of the attack, it may protect you from some privacy laws. The other point is that if you decide to pay for ransomware, it strengthens your case with the ATO for a valid education.

Both benefits are dubious here. Ransomware software rarely means the people who gave you the ransomware get your data. I have never heard of any of my clients who paid the ransomware getting knocked back by the ATO. The ATO might knock it back, but I am still waiting to hear about such a case.

Putting aside the legality of paying it, I wish to point out why you should not pay the ransom, why it isn't the solution, and discuss better ways to protect your business.

You Might Not Get Your Data Back

Consider the people you are dealing with. What guarantees do you have that you'll recover your data once you pay? The odds are you will not get your data back.

I have seen people pay the ransom and get little or nothing back.

Ransomware attacks often damage your data.

After an attack, you see that most of the data on the hard disk is damaged. They are trying to encrypt locked files on the computer. A computer locks these files regularly because using them damages them, but ransomware software does not care. It needs to act quickly, so these files are damaged. So, a fix is unlikely to get all your information back.

Ransomware attackers are not honest people.

They know hacks can often break their attacks, making them hard to collect. A typical scenario makes it seem like they can retrieve your data but cannot. They also know you need a remedy after paying to enforce their promises.

Ransomware attacks often leave a persistence mechanism

Commonly, ransomware leaves something behind, like a backdoor, a hidden method for gaining access to a compromised system, or a reinfection mechanism that activates after a specific time has elapsed.

For this reason, if we are fixing a computer, we take the data, do a complete wipe and then reinstall everything on the computer.

Studies of people who have paid

Several studies have been done on people who paid the ransomware. They confirm our observations. Only very few victims who pay get all their data back.

Here is one study: 8% of those who paid got their data completed back. On average, those who pay only recover about 65% of their data. A staggering 29% of businesses recover less than half their data after paying.

These statistics paint a grim picture. Even if you decide to pay, there's a good chance you'll still have significant data loss.

Once Bitten, Twice Shy? Not for Cybercriminals

If you think paying will make the problem go away, think again. Cybercriminals are persistent; if you pay, they know you are a sucker, and so they often target you again. It worked once; they think it may work again.

78% of organisations that paid a ransom were hit again, often by the same attackers. Less than half (47%) of businesses that paid got their data back uncorrupted. /

Paying the ransom is like leaving your shop unlocked after a break-in – practically inviting them back for more.

The Hidden Costs of Ransomware

Paying the ransom isn't just about the money you hand over. There are other significant costs to consider:

Downtime

Every minute your systems are down, you're not serving customers, which can lead to substantial revenue loss.

Reputation damage

Trust me, you look terrible to your suppliers, customers, and the public. That is why so many people try to hide that they were attacked. It is a PR disaster.

Protecting Your Retail Business from Ransomware

Now that we've seen why paying isn't the answer, let's discuss how to keep your business safe. Prevention is always better than cure, especially when it comes to cybersecurity.

Ransomware prevention

Keep your POS computers updated.

Ensure you're running the latest version of your software. Those updates aren't just for show – they often include critical security patches that can protect you from the latest threats.

Be wary

Do not open suspicious emails and links. Stay vigilant. Be careful what you allow on your computer.

Use a virus scanner

I know it slows down your computers, but they often do work.

Back up your data

Regular backups are like a safety net for your business. If you get hit, you can restore your data without paying a cent to criminals. Ensure your backups are stored securely, preferably off-site or in the cloud, which means we can make a data recovery.

What to Do If You're Hit

If the worst happens and you find yourself staring at a ransomware demand, don't panic. Here's what to do:

Disconnect infected devices

Stop the spread by immediately switching off the computer. Pull the plug.

Contact us immediately

We can run over your options with you. Remember, as long as you have your data, in the worst case, we can send over a new computer with a system on there. Put your data on that computer, and you're back in business.

That computer needs to be wiped clean

We do it as a matter of course. Everything on it needs to be wiped clean.

The Bigger Picture

Ransomware attacks are more than just an individual business problem—they're a significant issue for us all. By protecting your business, you're safeguarding your interests and contributing to our overall cybersecurity.