web analytics

Ransomeware screenA ransomware gang attacked Travelex the foreign exchange company on New Year’s Eve.

Ransomware is a kind of online attack where criminals take control of data, usually company data, and demand payment to return it.

There are two main types of ransomware: crypto and locker.
The first encrypts data and files so that users can no longer read anything.

In theory you will get a key to unencrypt the files after you pay a ransom to the crooks. Locker ransomware is similar, but it typical locks down the computer so it can’t be used until the ransom is paid.

Travelex lock-down

After the Travelex attack, the company closed down the websites it operates in 30 countries. It said the move was designed to “contain the virus and protect data”.

That doesn’t quite sound right. After all, it emerged the criminals had been inside the company’s systems for the past six months. By the time of the attack there would little left to contain or protect.

The criminals say they have downloaded many gigabytes of sensitive customer data. This includes dates of birth, credit card information and (British) national insurance numbers.

News reports say the criminal gang asked Travelex to pay US$6 million at first, with the demand ratcheting up over time if it wasn’t paid quickly. It’s not clear if the company paid up.

New Zealand link

There is a New Zealand link. After the attack the company’s branches, which include airport currency exchanges, were still providing services but were using manual processes.

Travelex is also the issuer of Air New Zealand’s OneSmart card. The card makes it easier to deal with money when overseas. It can be loaded with money in as many as eight different foreign currencies before a trip. Users can lock-in exchange rates to avoid fluctuations while they are overseas.

Air New Zealand says the card is not affected by the attack.
The company told the NZ Herald: “OneSmart does not use the Travelex foreign exchange services affected by the attack so Onesmart cardholders are not impacted”.

Ransomware going out of fashion

The Travelex attack happened at a time when ransomware incidents are falling fast. Last year the number of attacks dropped 20 percent as online criminals turned to more lucrative alternatives.

In part the fall in ransomware attacks is because companies are doing a better job at protecting themselves.

The best approach to protection is to have data back-ups so everything ransomed can be recovered quickly. While this sounds simple, it’s something many companies struggle with and criminals know that. Among other matters companies tend to make back-ups without checking the data is recoverable.

Another problem is that a sophisticated ransomware attack can also take control of the back-ups rendering them as unusable as the main data store.

A ransomware attack amounts to a much bigger problem for the victim than the ransom demand. In many countries companies can face fines for not properly and promptly reporting an attack to the authorities.

At the same time, allowing data to be ransomed is often actionable under data protection legislation. At the least a company would need to prove it had taken due care with customer data, that’s hard to do after a ransom attack.

There’s another unpleasant twist to a ransomware attack. While the criminals often release keys after the ransom is paid, that doesn’t always happen. And in at least one reported case, the data was ransomed again by the same gang at a later date. Allowing that to happen is an open and shut case of negligence.

Responding to ransomware

If you are attacked by a ransomware gang, you may need professional help to recover data. Before you get to that stage you need to consider how to respond.

The NZ Police recommend you don’t pay the ransom. That’s understandable and makes sense if there’s a good chance of recovering the data.

Some security experts say that paying the ransom is the smartest course of action. It is often cheaper and, if you don’t have back-ups, quicker than other ways of recovering the data.

I spoke about this story with Lynn Freeman on RNZ Nine-to-Noon.

Telcowatch says Vodafone is New Zealand’s mobile market leader.

There’s not much in it. Vodafone is one percent ahead of Spark on 36 percent.

The two were neck and neck for most of last year.

While the lead is real, it’s not dramatic.

Nor is it the whole picture. The way Telcowatch measures the market means that Spark’s Skinny business is counted separately from its parent company.

Adding that back into Spark’s figure puts the company well ahead of Vodafone with a 41 percent market share.

Telcowatch monthly market share 2018 - 2019

However you crunch the numbers both Spark and Vodafone have a clear lead on 2degrees. The third mobile carrier’s market share is stable at 23 percent. That makes it a little over half the size of Vodafone and Spark.

That’s a respectable showing for the youngest mobile carrier which entered a market that was almost at saturation point. And there is no question 2degrees has reshaped the market.

It probably suits everyone concerned to count Skinny as a seperate business.

Yet Skinny is definitely a Spark brand.

When Skinny started it was more distinct from its parent than it now is.

Today Skinny’s product alignment can be seen as rounding out Spark’s offerings. It’s a no-frills version. In supermarket terms it is PaknSave to Spark’s New World.

The two share the same network infrastructure. Skinny employees may be loyal to the brand, but they are Spark employees. Spark’s management decides Skinny’s strategy.

Skinny remains the smallest of the four brands. In December its market share was 5.6 percent. It has been between roughly five and six percent for the last couple of years.

The most interesting aspect of the recent report from Telcowatch is not the interplay between Spark and Vodafone, but the way Skinny has been growing its market share at the expense of the parent company.

Over the last year Skinny is the best performer in terms of market share growth. It has grown gradually.

It’s not hard to understand why. Despite all the fuss about 5G, the mobile phone market is mature. There’s less differentiation between brands and less of a premium in Spark’s brand when compared to Skinny.

There is, however, a considerable price difference. Slowly, but surely, customers are waking up to this. You can buy what amounts to the same mobile experience for less money. The big surprise is that more people have yet to realise this.

In March, New Zealand’s government will auction 16 10MHz blocks of spectrum in the 3.5GHz band.

It’s an unusual spectrum auction. Most past spectrum auctions in New Zealand have been for 20-year licences. This time, the licences are for two years.

The reason for this is that the industry is pressuring government to release the spectrum they need for 5G mobile services.

Treaty claims

At the same time, the government has yet to reach a Treaty of Waitangi settlement with iwi over spectrum. Selling short-term licences buys time to complete negotiations.

Each of the 16 10MHz blocks has a reserve price of $250,000. Bidders need to deposit $500,000 to take part in the auction.

If everything sells at the reserve price, the government will raise $4 million. Prices can go higher. The last time spectrum was auctioned prices went much higher.

No single bidder will be able to buy more than four blocks in the first auction round. This is less than the 80MHz to 100MHz recommended for full 5G services by the GSMA, an international mobile operator trade association.

The rights are not tradable, are nationwide and buyers must use them for 5G mobile services.

More spectrum later

Licence terms start later this year and finish at the end of October 2022. The government will hold a further, long-term auction for the spectrum that year. The government says it expects to free up more spectrum later.

Bidders in the March auction will have to return existing 3.5GHz management rights to the government.

This affects Vodafone more than any other carrier. It is possible Vodafone’s existing 3.5MHz holding will fall. Returning existing spectrum will help flatten the playing field. There will be a refund for returned management rights.

Radio Spectrum Management, part of the Ministry of Business, Innovation and Employment, will use a simplified version’s of a combinatorial clock auction. In effect, this starts with the seller offering blocks at the reserve price. If the demand for blocks is greater than the supply, it increases the price.

Beyond the three mobile carriers

New Zealand has three existing mobile networks. There are 16 spectrum blocks on sale and each bidder can buy four in the first auction round. That means the government expects a fourth buyer to enter the auction.

This is a departure. The earlier auction for 700 MHz band spectrum was tailored to cater for the three mobile carriers; Spark, Vodafone and 2degrees.

The obvious candidate is Dense Air. The company owns 70 MHz of 2.5 GHz spectrum. At the moment Dense Air acts as a wholesaler to the mobile carriers. Spark’s tiny South Island fixed wireless broadband 5G project uses Dense Air spectrum.

Other parties may be interested in the spectrum. Few of New Zealand’s Wisps1 could afford the $500,000 deposit or the $250,000 per block asking price. Yet if they were to act collectively a bit might be possible.

If the government doesn’t sell all 16 lots in the first auction round, it may offer them to existing bidders.

Given that the amount of spectrum being auctioned is not enough for carriers to offer a full blown 5G service, it looks as if will be some time before New Zealand gets all the benefits of the technology. There’s enough bandwidth for fast data speeds, but, as things stand, maybe not enough for carriers to deliver the gigabit plus speeds 5G hype has promised.


  1. Wisps are small, local wireless internet service providers. They cover rural and remote gaps in markets not served or poorly served by bigger telcos. ↩︎

IDC thinks the PC market ended 2019 on an ‘impressive’ note. Gartner’s press release talks of the “First sign of growth for worldwide PC shipments after seven consecutive years of decline“.

The numbers don’t lie. Both research companies noted a small uptick in PC sales. Yet it isn’t time to break out the champagne.

First, the uptick isn’t that great. IDC clocks fourth quarter growth at 4.8 percent year-on-year. Gartner puts the number at 2.3 percent.

These are by no means strong numbers. Gartner’s growth figure for the calendar year is only 0.6 percent. They are best thought of as ‘less awful’.

We have, after all, seen seven straight years of falling PC sales. In 2011 Gartner recorded total sales of 352 million units. The number for 2019 was 262 million. That’s a 25 percent drop in eight year. Last year’s growth is small in comparison.

IDC’s numbers of the same period fell from 371 to 266 million. That’s a fall of 28 percent.

 

There’s another reason the reported increase in sales is less reason to celebrate.

Many of the extra sales in late 2019 come because Microsoft’s support for Windows 7 is about to end. Many users need to upgrade their hardware to move to Windows 10. Sure, it isn’t always essential, but upgrading to new hardware simplifies the change.

There was also a shortage of Intel processor chips late last year. Deliveries have only recently recovered.

In other words, special factors account for all the increase in PC sales. And let’s face it, low single digit growth is unimpressive at the best of times.

Almost all the increase in sales is for business models. Interest in consumer PCs continues to decline.

Another trend the sales reports have picked up is the increased dominance of the top PC brands. Lenovo, HP and Dell all added market share at the expense of other brands. Between them they account for around two-thirds of all units sold.

Meanwhile Apple’s unit sales headed in the opposite direction. After years of picking up market share at the expense of the Windows PC brands, Mac sales fell a little. Apple’s share of the total market has fallen from 7.9 percent to 7.5 percent.