Ransomware attacks detected and blocked by Kaspersky on computers of small-medium enterprises (SMEs) in Southeast Asia have dwindled from 1.4M hits in the first half of 2019 compared to just half a million in the first half of 2020, based on the latest figures from the cybersecurity company.
All six countries in the region — Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam were monitored with fewer detections of ransomware attacks from January to June 2020 versus the same period last year. Singapore has logged the highest reduction of ransomware detections at 89.79% followed by Malaysia at 87.65% and Indonesia at 68.17%.
Globally, Indonesia and Vietnam landed in fourth and eighth places, respectively, in Kaspersky’s overall ranking of countries with the most detected ransomware attacks in the second quarter of 2020. China, Brazil, and Russia were the top three in cybersecurity company’s worldwide ranking for this period.
Ransomware is a malicious software that infects one’s computer, locks the computer screen or encrypts important files with a key, and displays messages demanding a fee to be paid in exchange for the promise to have the computer to work again. This class of malware is a criminal money-making scheme that can be installed through deceptive links in an email message, instant messaging, or website, as well as a number of more sophisticated techniques.
Cybersecurity experts from Kaspersky have been forecasting as early as two years ago the decline of ransomware up to this year. Kaspersky projected that ransomware will tail off because of increased public attention. Continuous reporting as well as initiatives such as the No More Ransom project, which was co-founded by Kaspersky, provided resources to assist individuals and businesses to recover their data and devices from ransomware attacks. Resources included free decryption tools.
According to the cybersecurity company, the observed decrease in the region is mainly due to two reasons: one is the decline of one of the biggest ransomware groups that hit organizations worldwide in 2017 and two, because of upgrades in software systems that reduced the vulnerability of computer systems. The Microsoft Windows operating system has been the target of this malevolent malware.
“The main factor that contributed to this decrease is the gradual decline of the WannaCry ransomware which was one of the top verdicts in our statistics. Most probably, with systems getting patched, this uncontrolled worm gets less targets over time,” says Fedor Sinitsyn, Senior Malware Analyst at Kaspersky.
But while WannaCry is somehow waning in its assaults, the cybersecurity company say it is not a reason for SMBs to put their guards down.
“Our industry has been unfaltering in our advanced research and resolute reporting of sophisticated attacks and we see its important contribution in the weakening of some ransomware campaigns. But we can never be complacent. Prolific attacks may always fly under our radar and we need to continue to watch out for them,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
“The spray and pray tactic of ransomware creators may be over but we are also observing the rise of the more dangerous targeted ransomware. It is good news that ransomware detections against SMBs in the region have become lesser in quantity, but the recent headline-grabbing incidents involving Maze ransomware and the recent WastedLocker attack which allegedly earned $10 million in one infection should be a clear reminder for all companies, however small, that we need to beef up our cybersecurity now more than ever against this costly threat,” Yeo adds.
If your organization has become a victim of a ransomware attack, Kaspersky recommends to disconnect the infected computer from any network and the internet and then isolate it. And to never pay the ransom demanded by the cybercriminals.
Kaspersky recommends that as in a real-life hostage situation, it’s best not to negotiate with cyber attackers. Paying the ransom is not a guarantee that the compromised data will be returned and yielding encourages this sort of crime, the cybersecurity company said.
Aside from endpoint protection, Kaspersky also recommends the following steps to avoid falling victim to ransomware:
- Treat email attachments, or messages from people you don’t know, with caution. If in doubt, don’t open it.
- Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong passwords for them.
- Back up data regularly. Make sure you can quickly access it in an emergency when needed.
- Always keep software updated on all the devices you use. To prevent ransomware from exploiting vulnerabilities, use tools that can automatically detect vulnerabilities and download and install patches.
- To protect the corporate environment, educate your employees. Dedicated training courses can help, such as the ones provided in the Kaspersky Automated Security Awareness Platform.
- Carry out regular security audits of your corporate network for anomalies.
- Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines, and ensure that you use a security solution designed for embedded systems