Global cybersecurity company Kaspersky reported a significant decrease in the number of ransomware attempts it has detected and foiled among its small and medium-sized businesses (SMBs) users in the Southeast Asian (SEA) region.
In its latest Kaspersky Security Network (KSN) report, the company revealed less than one million ransomware attempts (804,513) were monitored in 2020, less than half of 2019’s over 1.9 million detections.
Among the six SEA countries, only Singapore observed an uptick in the number of ransomware detections. There was a slight increase from 2,275 instances in 2019 that jumped to 3,191 in 2020.
Although Indonesia still ranked fifth globally for the volume of its ransomware detections, its 1,158,837 detections are now down to 439,473. The trend of decreased ransomware incidents was observed across other countries in the region including Vietnam, the Philippines, Malaysia, and Thailand.
China remains at the top spot in terms of ransomware detections globally both for 2019 and 2020. Meanwhile, Brazil and the Russian Federation switched places for the second and third spots, with Brazil now being 2nd globally for 2020.
“I looked at the statistics for individual families, and it follows the overall drop in the number of detections, mainly due to the drop in the number of WannaCry detections. This family makes up a significant share of all detected ransomware, despite the fact that it has not been supported by the creators for more than three years and exists as a ‘zombie’,” said Fedor Sinitsyn, security researcher at Kaspersky.
One of the most persistent cyber threats to SMBs in the region remains to be ransomware, a malware designed to infect computers of organizations and individuals, encrypt the data in it, and block access to it. Ransomware attackers then will demand a fee from the victims in exchange for enabling the system to work again.
Ransomware attacks may be declining but Kaspersky has been issuing a warning to companies, of all shapes and sizes, against the increasing activities of ‘Ransomware 2.0’ or what’s known as targeted ransomware.
This cybersecurity “disease” goes beyond kidnapping data. Malicious ransomware groups are now conducting data exfiltration coupled with blackmailing. Using “pressure tactic”, these cybercriminals threaten to publish publicly the data they hold, further increasing the need for the victims to pay the ransom to protect their valued reputation.
“The decrease of ransomware detections here should not make us complacent. Since last year, we have been underlining the evolution of this threat. Ransomware groups are now more concerned about quality over quantity. Meaning, from blindly throwing a line into the ocean and waiting for an insecure user to bite, attackers are now more aggressive and targeted towards their victims,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
“A single targeted ransomware group alone managed to breach over 61 companies in the Asia Pacific (APAC) region last year, and with the accelerated digitalization of businesses in the region, we also predict that the sophistication behind attack methods will only increase and become more sophisticated. SMBs and enterprises should seriously look into intelligence-based technologies, both for endpoint protection as well as detection and response,” he adds.
There are different ways to protect your computer and your data from ransomware attacks. Some of Kaspersky’s tips include:
- Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong passwords for them.
- Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.
- Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities
- Focus your defense strategy in detecting lateral movements and data exfiltration to the Internet. Pay a special attention to the outgoing traffic to detect cybercriminals connections. Back up data regularly. Make sure you can quickly access it in an emergency when needed. Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
- Use solutions like Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response service which help to identify and stop the attack on early stages, before attackers reach their final goals.
- To protect the corporate environment, educate your employees. Dedicated training courses can help, such as the ones provided in the Kaspersky Automated Security Awareness Platform.
- Use a reliable endpoint security solution, such as Kaspersky Endpoint Security for Business that is powered by exploit prevention, behavior detection and a remediation engine that is able to roll back malicious actions. KESB also has self-defense mechanisms which can prevent its removal by cybercriminals.
- Always have a data backup on a separate external hard drive.
- Avoid negotiating with cybercriminals or paying the ransom.