Ransomware attacks on SMBs drop but became more vicious – Kaspersky

Published April 20, 2021, 6:00 AM

by Emmie V. Abadilla

While ransomware attacks against small and medium-sized businesses  (SMBs) in the Philippines dropped over 15 percent in 2020, the threat has become more targeted and malicious, according to the latest Kaspersky Security Network (KSN) report.

Globally, the Philippines ranked number 50 in terms of ransomware attempts, with over 22,000 attempts blocked, down 5 notches from 2019, when the country ranked 45th, with 26,000 ransomware attempts blocked.

The global cybersecurity firm revealed less than one million ransomware attempts (804,513) were monitored in 2020, less than half of 2019’s over 1.9 million detections among  the six Southeast Asian (SEA) countries.

“The decrease of ransomware detections here should not make us complacent,”  warned Yeo Siang Tiong, Kaspersky’s General Manager for Southeast Asia, pointing out that the threat is evolving fast

“Ransomware groups are now more concerned about quality over quantity. From blindly throwing a line into the ocean and waiting for an insecure user to bite, attackers are now more aggressive and targeted towards their victims,” he underscored.

“A single targeted ransomware group alone managed to breach over 61 companies in the Asia Pacific (APAC) region last year,” he revealed.

“With the accelerated digitalization of businesses in the region, we also predict that the sophistication behind attack methods will only increase and become more sophisticated.”

In the region, only Singapore showed an uptick in the number of ransomware detections.  from 2,275 instances in 2019  to 3,191 in 2020. 

Although Indonesia still ranked fifth globally for the volume of its ransomware detections, its 1,158,837 detections are now down to 439,473. 

Kaspersly observed the trend of decreased ransomware incidents  across other countries in the region, from the Philippines to Vietnam, , Malaysia, and Thailand.

China remained at the top spot in terms of ransomware detections globally both for 2019 and 2020. 

Brazil and the Russian Federation switched places for the second and third spots, with Brazil now being 2nd globally for 2020. 

The overall drop in the number of detections followed to the drop in the number of WannaCry detections, says Fedor Sinitsyn,  Kaspersky security researcher.

The WannaCry  family makes up a significant share of all detected ransomware, despite the fact that it has not been supported by the creators for more than three years and exists as a ‘zombie’.

Significantly, one of the most persistent cyber threats to SMBs in SEA remains to be ransomware, a malware designed to infect computers of organizations and individuals, encrypt the data in it and block access. 

Ransomware attackers then demand a fee from the victims in exchange for enabling the system to work again. 

While ransomware attacks may be declining, Kaspersky warned against the increasing activities of ‘Ransomware 2.0’ or targeted ransomware. 

This cybersecurity “disease” goes beyond kidnapping data. Malicious ransomware groups are now conducting data exfiltration coupled with blackmailing. 

Using “pressure tactic”, cybercriminals threaten to publish publicly the data they hold, increasing the need for the victims to pay the ransom to protect their reputation. 

To protect one’s computer and data from ransomware attacks, do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong

passwords for them.

Promptly install available patches for commercial Virtual Private Network (VPN) solutions providing access for remote employees and acting as gateways in one’s network.

Always keep software updated on all the devices used to prevent ransomware from exploiting vulnerabilities.

Focus defense strategy in detecting lateral movements and data exfiltration to the Internet. 

Pay special attention to the outgoing traffic to detect cybercriminals connections and back up data regularly. 

Make sure you can quickly access data in an emergency when needed. Use the latest Threat

Intelligence information to stay aware of actual TTPs used by threat actors.

Always have a data backup on a separate external hard drive. 

Avoid negotiating with cybercriminals or paying the ransom.