The average payment for ransomware attacks globally has reached US$850,000, almost tripling from last year, as incidents become more common worldwide, according to Palo Alto Networks, a global cybersecurity company.
"The impact of any large-scale ransomware attack reflects that ransomware operators have grown in sophistication and capability, making them more effective at compromising large organisations," Sean Duca, Palo Alto Networks vice-president and regional chief security officer for Asia-Pacific, told the Bangkok Post.
In 2020, ransomware victims paid an average of $312,493 to their attackers, almost doubling from a year before. The ransom has now reached $850,000.
Ransomware attacks have become more common as they are increasingly easy to perform and are more accessible in the wider cybercrime ecosystem, Mr Duca said.
For example, the ransomware as a service (RaaS) subscription-based model allows cybercriminals to buy ransomware malware services from developers, providing an easy entry ramp to the illegal activity.
Organisations around the world are being held hostage by ransomware, and many are being forced to pay cybercriminals because they are not equipped to combat the threats.
He said the world changed with Covid-19, and ransomware operators took advantage of the pandemic to prey on organisations, particularly in the healthcare sector, which was the largest target for ransomware in 2020.
"These criminals know healthcare organisations needed to continue operating to treat Covid-19 patients and help save lives, so they couldn't afford to have their systems locked out, making them more likely to pay a ransom," said Mr Duca.
Thailand has logged the third largest number of malware attacks in Asean this year at 12% of samples, according to Palo Alto Networks. Indonesia was first with 47%, followed by Singapore at 32%.
As the Thai government promotes technology adoption, it's almost inevitable that incidents will increase, he said.
"It's important organisations and businesses take the necessary steps to protect themselves," said Mr Duca.
According to Palo Alto Networks' "State of Cybersecurity Report in Asean 2020", only 51% of the companies surveyed in Thailand said they were confident about the cybersecurity measures they have in place. That rate is lower than Indonesia (52%), Singapore (75%) and the Philippines (77%).
Some 75% of the companies surveyed in Thailand said they increased cybersecurity spending from 2019 to 2020.
Unit 42, the threat intelligence arm of Palo Alto Networks, observed an increasingly common tactic for ransomware operators where they encrypt and steal data to further coerce a victim into making payment, Mr Duca said. This is known as "double extortion" or "data exfiltration".
Attackers will continue to infiltrate networks using traditional phishing and finding weak credentials, alongside tools native to the targeted environments, he said.
Cybercriminals also appear to be increasing ransom demands.
"As long as attackers keep getting paid, these demands will continue to rise," Mr Duca said. "Most operators make ransom demands in forms of cryptocurrency, generally favouring Bitcoin."
