The Trillion dollar industry
At the time of writing, the Waikato DHB cyber-attack is ongoing. The government is refusing to pay the ransom as a point of principle, and it looks like every possible tool at their disposal is being used to try to recover the situation.
Should they just pay the ransom? Or should the government go further and make it illegal to pay ransoms in New Zealand? That’s the question that Minister Kris Faafoi is having to assess at the moment. DHB attack: Why Justice Minister Kris Faafoi won’t make it illegal to pay a cyber-ransom – NZ Herald
Cyber crime is big business. We’ve called it organised crime in previous articles and we’re happy to stick with that. These organisations recruit the best and brightest out of the top universities, and give them both the latest tools and time to wreak havoc. Their recruits are paid astronomical sums to work for them, overcoming any moral objections with immorally large pay checks. These paychecks are funded by the proceeds of previous hacks. Every time they are paid, their war chest is strengthened. For example, we recently saw the Colonial Pipeline in the eastern US get hacked for 75 bitcoins (just under US$4M) which went to a criminal group called ‘Darkside”.
So, will cutting off payments stop their attacks by removing the incentive?
These criminals are smart and highly motivated. They seem to have no conscience but plenty of greed. Waikato is not only the hospital being brought down – there was a huge wave of hospital attacks in the US in October, just a few months ago – Several hospitals targeted in new wave of ransomware attacks – CNNPolitics.
I don’t know how Waikato DHB got infected, but the rumour is that it was from phishing attacks onto machines that weren’t fully patched up to date. We don’t know if that is true, but it is a common attack vector. Once a hacker gets into a system, they often hold back and try to dig further looking for more vulnerabilities they can exploit. The more damage they can cause, the more ransom they can demand, so they will often use one vulnerability to find the next, and so on until they finally have enough to bring the house down.
Security is all about layers. There is NO way to prevent attacks, and it is impossible to guarantee that any system is invulnerable. We saw that with the recent Hafnium attack where a vulnerability was exploited before patches were available to block it. But the more layers of security, the harder you make it, and you reduce the scope of any harm.
Today, even if you have the best backups and can recover the system, the hackers then threaten to release the data you hold to media or competitors. In the case of the Waikato DHB, it is being reported that personal data is being released to media by the hackers to increase pressure, even as they fail to stand their systems up.
As to paying the ransom, I suspect your perspective changes when your business, your job or livelihood is threatened. Not an easy decision and hopefully one we can avoid by being paranoid.
The best solution we can recommend is to check your cyber insurance and to apply the best security you can reasonably afford, which should be more than you had last year. Expect it to be more again next year as new tools and new threats emerge. Consider managed security solutions like our KARE Plans.
We don’t know where this will end, or if it will end, but let’s hope so. It is such a drain on our resources and holds us back from investing in tools that make us more productive.
AI’s big stories over summer
A month is a long time in the world of AI, so we thought we’d share some of the AI news highlights. Deepseek The big highlight has to be the emergence of Deepseek. Whether it builds on OpenAi and others, or whether it is entirely new is being wrangled over, but the...
Where do you think AI will take us in 2025? Do your picks match ours?
Artificial Intelligence has been the IT and business topic of 2024. “What’s next, how can we use it, should we be afraid of it” have been the big questions. Now we’re in a new year, and what are the new trends we need to ready for?
TEN things the government says you need to know about your cyber-security defence
Regular readers will be a little tired of hearing us talk about cyber-risk and the threat of hackers. You'll forgive us a little because we see the impact when events happen, and we spend our days protecting our clients to keep them safe. But we're just a tiny cog...
Not loving the new Outlook?
Microsoft have been pushing out a new version of Outlook for a while now. You’ve seen the toggle offering the chance to trial it. It seems to be an acquired taste and we’ve seen a few people revert to the old ‘classic’ version. Microsoft have been encouraging us to...
What do Microsoft’s Upcoming 2025 Security Enhancements for Windows mean for you?
In response to the significant CrowdStrike meltdown last summer, which exposed some critical vulnerabilities in the Windows platform, Microsoft is set to introduce a series of further security updates in 2025. The meltdown, caused by a flawed update, led to widespread...
Webinar Replay: Practical AI – Turning your 365 data into a Copilot AI resource
Webinar - Practical AI - Turning your 365 data into a Copilot AI resource Harness the power of your data to achieve effective AI outcomes.Webinar Recap: Introduction: Scott Fennell welcomed attendees and introduced the webinar's focus on Microsoft Copilot and AI...
The End of an Era: Windows 10 Support is Ending – What You Need to Know.
October 14, 2025 marks the end of support for Windows 10. That’s a bit of a milestone. Windows 10 has been a reliable companion on our PCs at home and work for years. However, as with all good things, this era is coming to an end. So, what does this mean for you if...
Is your MS Teams vulnerable to this new hacker threat?
It has taken a while, but hackers have now figured out that they can target users via Teams chat. There are legitimate reasons to chat with external parties, but, as with all forms of digital communication, you need to be alert.CyberThreat Summary Researchers at...
Why most business IT projects fail – Don’t miss this crucial step.
There is one IT project factor that is overlooked all too often and it is costing businesses more than they realise. Implementing AI tools like Microsoft’s 365 Copilot might seem like a quick win for improving productivity, but without effective change management,...
The Implications of Using ChatGPT (free gen-AI tools): An instructive Case Study from Australia
Recent news from Australia In a recent investigation, the privacy regulator in the state of Victoria has imposed a ban on the use of ChatGPT within a government department. This case highlights the dual nature of Generative AI (GenAI) tools, which offer significant...