Ransomware targeting Asean SMEs drops
But threats have become more targeted and malicious, according to security specialist Kaspersky
published : 4 May 2021 at 04:00
newspaper section: Business
The global cybersecurity company Kaspersky has reported a significant decrease in the number of ransomware attempts it detected and foiled last year among small and medium enterprise (SME) users in Southeast Asia.
The company monitored 804,513 ransomware events in 2020, down 58% from the 2019 total of 1.9 million, according to the latest Kaspersky Security Network (KSN) report.
Among the six Southeast Asian economies surveyed, only Singapore observed an uptick in ransomware detections, to 3,191 from 2,275 the year before.
Although Indonesia still ranked fifth globally for the volume of ransomware detections, the total fell sharply to 439,473 from 1.15 million in 2019. A similar trend was observed elsewhere in the region including Vietnam, the Philippines, Malaysia and Thailand.
But ransomware remains one of the most persistent cyber threats to SMEs. Ransomware is malware designed to infect computers of organisations and individuals, encrypt the data and block access to it. Ransomware attackers then demand a fee from the victims in exchange for enabling the system to work again.
China was in top spot for ransomware detections globally in 2019 and 2020. Meanwhile, Brazil and Russia switched places for second and third spots, with Brazil ranked second globally in 2020.
"I looked at the statistics for individual families [of ransomware], and it follows the overall drop in the number of detections, mainly due to the drop in the number of WannaCry detections," said Fedor Sinitsyn, a security researcher at Kaspersky.
"This family makes up a significant share of all detected ransomware, despite the fact that it has not been supported by the creators for more than three years and exists as a 'zombie'."
Ransomware attacks may be declining but Kaspersky is warning companies of all shapes and sizes against increasing instances of "Ransomware 2.0", or what's known as targeted ransomware.
This cybersecurity "disease" goes beyond kidnapping data. Malicious ransomware groups are now conducting data exfiltration coupled with blackmailing. Using pressure tactics, these cybercriminals threaten to publish the data they hold, further increasing the need for the victims to pay the ransom to protect their valued reputation.
"The decrease of ransomware detections here should not make us complacent. Since last year, we have been underlining the evolution of this threat," said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
"Ransomware groups are now more concerned about quality over quantity. From blindly throwing a line into the ocean and waiting for an insecure user to bite, attackers are now more aggressive and targeted towards their victims.
"A single targeted ransomware group alone managed to breach 61 companies in the Asia Pacific region last year, and with the accelerated digitisation of businesses in the region, we also predict that the sophistication behind attack methods will only increase and become more sophisticated."
There are different ways to protect computers and data from ransomware attacks. Some of Kaspersky's tips include:
- Do not expose remote desktop services to public networks unless absolutely necessary, and always use strong passwords for them
- Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network
- Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities
- Focus your defence strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals' connections
- Back up data regularly. Make sure you can quickly access it in an emergency when needed. Use the latest threat intelligence information to stay aware of actual tactics, techniques and procedures used by threat actors
- Use solutions that help to identify and stop the attack in the early stages, before attackers reach their final goals
- To protect the corporate environment, educate your employees. Dedicated training courses offered by specialists including Kaspersky can help
- Use a reliable endpoint security solution that includes exploit prevention, behaviour detection and a remediation engine that is able to roll back malicious actions
- Always have a data backup on a separate external hard drive
- Avoid negotiating with cybercriminals or paying the ransom.