Ransomware, an online attack that started with phishing emails, is on the rise again. Targeting industries and businesses particularly those that are involved in the immediate response to the COVID-19 pandemic, cybercriminals use this malware for digital extortion by infecting thousands of computers and networks, and demand ransom from owners to release and get back their data.
Attackers are using phishing in targeting their victims. They do this by adding topics and “hot phrases” that are related to COVID-19 into their content, boosting the chances of their infected links or malicious attachments of getting opened. Data from Kaspersky revealed that phishing attempts are increasing as their technology foiled more attacks this year than last year.
The number of phishing attempts against the country’s small and medium businesses (SMBs) blocked by Kaspersky Anti-Phishing System reached 76,478 in the first quarter of 2020. This represented a significant increase of 157.7% compared with the 29,677 attempts that were blocked in the same quarter in 2019. Based on these figures, the Philippines placed fifth in SEA, behind Malaysia’s 132,106, Thailand (144,243), Indonesia (192,591), and Vietnam (244,663).
Operators of ransomware focus on what brings the most financial gain by using a range of techniques to get into the organization. When one tactic fails, they change it to another to get the best result.
Yeo Siang Teong, general manager for Southeast Asia at Kaspersky, said cybercriminals focus on organizations that are likely to make substantial payments in order to recover their data. He also said that ransomware actors are now increasingly targeting businesses instead of individuals.
To defend against ransonware, businesses must ensure that their networks are patched with the latest security updates. Apart from these, Yeo said Kaspersky security experts suggest that organizations should take the following anti-ransomware measures as soon as possible.
- Explain to employees how following simple rules can help a company avoid ransomware incidents. Dedicated training courses can help, such as the ones provided in the Kaspersky Automated Security Awareness Platform;
- Always have fresh back-up copies of your files so you can replace them in case they get lost (e.g. due to malware or a broken device) and store them not only on the physical object but also in cloud storage for greater reliability. Make sure you can quickly access them in an emergency when needed;
- It is essential to install all security updates as soon as they become available. Always update your operating system and software to eliminate recent vulnerabilities;
- We recommend trying the free Kaspersky Anti-Ransomware Tool for Business. Its recently updated version contains an exploit prevention feature to prevent ransomware and other threats from exploiting vulnerabilities in software and applications. It is also helpful for customers that use Windows 7: with the end-support of Windows 7, new vulnerabilities in this system won’t be patched by the developer.
- If a ransomware attack happened and you do not have a backup of your data, we recommend contacting your internet security vendor to see if they have a decryption tool for the ransomware that has attacked you.
- If a corporate device is encrypted, remember that ransomware is a criminal offense. You shouldn’t pay the ransom the attacks demand. If you become a victim, report it to your local law enforcement agency. Try to find a decryptor on the internet first – some of them are available for free at https://www.nomoreransom.org/en/index.html.