The incidence of ransomware attacks throughout the globe, with extent of the damage that can run up to about $20-billion at the end of the year, is still increasing. It really has grown over time with a lot more movements from individual computers to going after an entire enterprise have been seen. The malware is now propagating throughout the system and has been on the rise.
This is according to Lauren SeaWright, FBI Intelligence Assistant Legal Attache at the US Embassy, in her keynote speech at the Trend Micro’s Decode 2021, an event which discusses trends, new technologies and recent and anticipated threats across the IT landscape.
The same scenario is happening in the Philippines. About 7,000 Filipino companies experienced infections with ransomware last year. However, while the Philippines may not be immuned to ransomware, and in fact, most susceptible, it was found out that they were able to restore from backups.
Cybercriminals have evolved into “targeted ransomware” where they focus on organizations that are likely to make substantial payments to recover their data. Recent ransomware activities that are increasingly targeting businesses were reported in the Philippines. In August 2021, Accenture’s data was encrypted and stolen when it was attacked by Lockbit 2.0 ransomware, a malware which has been known to hire corporate employees to gain access to a target network in the past. Accenture was able to restore from backup but the group threatens to release its data. This, according to SeaWright, is a new evolution of ransomware which involves more threats to release extortion techniques and tactics to pressure the victims into paying the ransom.
Another example is the insurance firm AXA in the Philippines, Malaysia, Thailand, and Hong “Kong which has been hit with a targeted ransomware attack called Avaddon ransomware in May 2021. The group launched a DDOS attack against the insurer’s websites in these countries, and demanded about 40,000 worth of bitcoin, another evolution of ransomware which were mostly demanding US dollars in the past. “What’s important about this is the interconnection between different companies. It wasn’t just one location as the Philippines or Malaysia but multiple different branches,” said Seawright.
SeaWright identified upcoming trends to watch out for in the ransomware landscape. She said they are seeing ransomware as a service model to take off, where cybercrime is turning into a true marketplace where key services are offered. Another trend they are seeing is that developers would build a piece of malware to be sold to customers. There will also be a profit-sharing model between the person who develops the ransomware and the person who deploys it. She also said they’re seeing spearphishing and RDP which remains to be the most common attack vectors as well as a steady increase in ransom demands. The inclusion of data exfiltration and the explosion in number of variants are also seen. Another trend would be the compromise of managed service providers which has a big impact in the supply chain.
To prevent business disruptions, SeaWright enumerated the following best practices: ensuring hardware and software up to date; requiring multi-factor authentication; enabling strong spam filters; implementing a strong user training program; separate back-ups; ensuring network segmentation of OT networks; and limit user and process account privileges where possible.
