Malware attacks and ransoms are becoming even more of a concerning trend lately.

The latest high profile attack was on Florida-based Kaseya, which was delivered a ransom demand of US$70 million by a purported hacker group from Russia calling itself REvil.

Although the ransom has not been paid, what made this attack particularly troubling is that Kaseya provides managed services to smaller clients that might not be so well resourced with tech departments of their own.

The company admitted that up to 2,000 of its client’s computers might have been compromised in the attack.

But how do these threat actors gain access, and who are they?

‘Ransomware as a Service (RaaS)’

According to experts, REvil actors can target a network via a number of potential entry point.

They could use a previously compromised login credentials to gain remote access, or a malicious email attachment that a user downloads.

In recent attacks however, REvil was able to bypass the network’s security by targeting the very systems used to protect customers from malicious software, such as system update files.

The hacker’s ‘success’ has given rise to a new industry and criminal networks that essentially take a percentage of the ransom price in return for what’s called Ransomware as a Service (RaaS).

Essentially, RaaS is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks, who then earn a percentage of each successful ransom payment.

This year alone, REvil has been able to extort millions of dollars from its nefarious activities, with the last ransom of US$11 million being paid to the group by the world’s largest meat processing company, JBS.

The group has now grown to become a big operation, and is said to be working out of an unknown base in Russia.

Notable cyber attacks in Australia

The most recent high-profile cyber attack to hit our shores was one committed on ASX-listed aged care provider, Regis (ASX:REG).

In August last year, Regis announced that it had lost data to an overseas actor which had also started leaking it.

Regis said it was hit using the Windows Maze ransomware, but had apparently refused to pay the undisclosed ransom demanded.

In January this year, corporate regulator ASIC said its systems were breached by an external actor who stole data containing attachments to Australian credit licence applications.

No ransom demand was made in that incident.

Following the attacks, the Australian government set up a website and advised companies not to pay the ransoms, explaining there was no guarantee that paying it will fix devices or prevent future attacks from the same group.

Speaking in parliament this year, Home Affairs Minister Karen Andrews said she was considering forcing businesses to report ransomware attacks.

“Many businesses who have been subject to a ransomware attack are not necessarily forthcoming in providing that information,” Andrews said.

“That could be for a number of reasons – they’re concerned about the implications of it being well known that they have been subject to attack, that some of the data has been lost, and that they’re unable to recover that data.”

ASX-listed cyber security stocks

To address these attacks, the Morrison government has announced the nation’s largest ever investment in cyber security – promising $1.35 billion in funding over the next decade to enhance our cyber security capabilities, and assistance provided to Australian companies.

Although each of these ASX-listed companies has a different focus and tech capabilities, they are all set to benefit from the new government funding:

Senetas (ASX:SEN)

The company’s subsidiary Votiro owns the software tools that protect against malware and ransomware attacks.

Founded in Israel, Votiro has developed the technology that has the ability to proactively eliminate all known and unknown threats hidden in files.

According to Senetas, Votiro’s secure file gateway is the only SaaS-based file security solution that ensures all files coming into an enterprise are safe from malware threats and particularly ransomware.


Senetas share price today:

Tesserent (ASX:TNT)

Tesserent is a pure-play cyber-security stock, providing “Internet Security-as-a-Service” for a customer’s computer infrastructure.

It’s currently the largest provider of cybersecurity services to the Australian Federal government.

The company provides a one-stop shop for a full, end-to-end cybersecurity solution which includes cyber strategy consulting and digital forensics.


Tesserent share price today:

archTIS (ASX:AR9)

This data-centric security technology company will prevent malicious and accidental loss of information for its clients.

archTIS products include Kojensi, a multi-government certified platform for the secure access, sharing and collaboration of sensitive and classified information.


archTIS share price today:

Whitehawk (ASX:WHK)

Whitehawk is the first global online cyber security exchange marketplace.

The company offers an online tool that enables small and midsize businesses to take immediate action against cybercrime, fraud, and disruption.


Whitehawk share price today:

Hubify (ASX:HUB)

Hubify specialises in business connectivity across mobile, data, voice, cloud solutions, and of course, cyber security.

Its other offerings include managed networks, global wi-fi, and hosted voice.


Hubify share price today:

At Stockhead, we tell it like it is. While archTIS is a Stockhead advertiser, it did not sponsor this article.