Ransomware is one of the fastest escalating cybersecurity threats facing businesses in Asia today. If we’ve learned anything from high-profile attacks like WannaCry, REvil, Kaseya, and countless others making headlines and causing chaos to millions of people, it’s that the evolving nature of ransomware continues to prove that no industry, organisation or person is immune to these kinds of attacks.
This is not a new problem, in fact, most businesses know how it goes. Ransomware hackers deploy software that locks the owner of the targeted computer system out of their machines and demands a payment (often cryptocurrency) in return for handing back control and unscrambling data. Unfortunately, despite increasing awareness among the business community in Asia, this threat persists, and can even be seen to be growing, as hackers change tactics looking for new targets to maximise their extortion efforts.
An escalating issue in Singapore
Last year in Singapore, the number of reported ransomware attacks saw a significant spike of 154%, with 89 incidents, compared to 35 in 2019. Affecting businesses in sectors including manufacturing, retail, and healthcare, these attacks accounted for nearly half (43%) of all crime in the city-state in 2020. That’s a worrying statistic, and definitely begs the question – “Why are we seeing such significant escalation in these kinds of attacks?” Put, simply, there are many reasons for this, including the increased availability of ransomware software via the dark web – which means that almost any two-bit criminal can launch a ransomware attack. In our recent Threat Spotlight research, we also highlighted a correlation between the rise of these kinds of attacks and the increasing value of bitcoin cryptocurrency, which is another factor in this equation. However, more than anything, I believe it boils down to innovation.
Innovations making ransomware more dangerous
Ransomware is not a new threat, but in recent years has evolved into a more destructive creature, as criminals have continued to expand their skillsets and refine their tactics. The first documented case of ransomware was the AIDS ransomware attack in 1989, but modern ransomware wasn’t seen in the wild until Trojan.Gpcoder was observed in 2005. Since this time, there have been many variants of the software and many infection methods, but some new practices and technology innovations can be seen to be making ransomware much more dangerous.
- Extortion: Hackers continue to innovate their tactics to extort their victims, most commonly via phishing emails, which are the primary threat vector for ransomware attacks. A kind of social engineering, these attacks are designed to lure in unsuspecting users to reveal sensitive information or click links, which allow hackers to deploy malicious software like ransomware on the victim’s system and network. Once upon a time ransomware attacks would halt your business operations and destroy your critical data. Today, they have levelled up, aiming to steal the data before its encrypted, and threatening to publish it on the dark web if the victim refuses to pay the ransom. Thanks to increasingly strict rules and regulations around how company’s handle personal data, the cost of sensitive information going public or being turned over for further malicious activity is quite often enough to make many victims cough-up a hefty ransom.
- Ransomware gangs: Blackhat hacker groups are not new, but we have seen an increase in the number of veteran ransomware criminals creating their own organisations and putting their collective expertise to work. This was the case with DarkSide, a group specialising in in digital extortion. Ransomware gangs build sophisticated operations with multiple departments, and research their targets before launching attacks to increase their effectiveness.
- Industrial system attacks: Modern logistics and supply-chain processes integrate on-demand connectivity that enables system monitoring, remote control, and other efficiencies that internet of things (IoT) technologies have to offer. This can create gaps in security, which hackers seek to exploit. In 2020, researchers discovered EKANS, a piece of ransomware specifically designed to infect industrial control systems (ICS). As the control of industrial systems is much more valuable to the public than the exposure of data, industrial systems are high value targets for ransomware criminals.
How to stay protected from ransomware
The million-dollar question then, is how do you go about protecting your organisation against these kinds of attacks? Honestly speaking, it all starts with data!
- Don’t fall for Phishing
High up on your checklist should be ensuring that your credentials are properly protected. As hackers use phishing as their primary attack vector for ransomware, ensuring you develop and maintain a culture of awareness around credential security is a must. This means training users on email security and deploying anti-phishing technology to ensure that anything ‘phishy’ is caught and dealt with without hackers gaining access to credentials, which could escalate to a ransomware attack.
- Prioritise web application security
Most organisations have a great number of web applications which they rely on for their daily business operations. Whether you’re using online web forms, file-sharing services or e-commerce sites, attacks like credential stuffing, brute force attacks, or OWASP vulnerabilities can compromise your applications. Once compromised, attackers can introduce ransomware and other nasties into your system and your network – potentially affecting all users accessing the application. It goes without saying then that having a robust solution in place to defend against these attacks should be high up on your priority list.
- Never underestimate the power of backup
Backing up your data is a core part of surviving a ransomware attack unscathed. When ransomware attacks your network it will encrypt your data, while disabling any backup systems and destroying your backup files – sneaky huh? Making sure you have a resilient backup system that replicates data to a cloud that offers unlimited storage and robust search and restore capabilities could save your bacon when an attack hits.
- Don’t pay the ransom!
It might sound easy for me to say (and harder to do) but paying the ransom will only mean more attacks in the future. Hey, it doesn’t even guarantee you will get your data back, as cybercriminals are not known for honouring their promises. Ultimately, it’s incredibly important to assume that ransomware is a ‘when’ not ‘if’ for your business, and remember that a prevention-first approach, is much easier and less costly than remediation after an attack.
Written by James Wong, Regional Director for Southeast Asia and Korea, Barracuda