Southeast Asian businesses growing more concerned about ransomware attacks

In 2023, Kaspersky cybersecurity solutions detected a staggering 287,413 ransomware incidents targeting businesses in Southeast Asia (SEA). This alarming figure highlights the need for organizations, regardless of size or industry, to strengthen their IT security posture against ransomware attacks, particularly targeted ones.

According to Fedor Sinitsyn, Lead Malware Analyst at Kaspersky, the era of widespread mass attacks by encryptors on both individuals and businesses is gradually fading away. Instead, cybercriminals are shifting towards organized groups that execute targeted hacks involving data theft and encryption, a method known as double extortion. This approach allows threat actors to operate more efficiently, enabling them to demand significantly higher ransom sums.

In 2023, Thailand recorded the highest number of ransomware attacks in the region, with 109,315 incidents blocked by Kaspersky. Indonesia followed closely with 97,226 attacks, while Vietnam experienced 59,837 ransomware incidents. The Philippines reported 15,312 malicious encryptors, and Malaysia saw 4,982 attacks. Singapore, despite its reputation for robust cybersecurity, was not spared, with 741 ransomware incidents detected.

High-profile ransomware incidents in SEA made headlines throughout 2023, affecting a wide range of sectors. In Indonesia, a bank fell victim to a ransomware attack, while a public health insurer in the Philippines was also targeted. In Malaysia, a public train transportation system was compromised, and a famous hotel and casino in Singapore suffered a ransomware attack. The largest media conglomerate in Thailand and an energy company in Vietnam were also targeted.

Yeo Siang Tiong, General Manager for Southeast Asia and Asia Emerging Economies at Kaspersky, emphasizes the importance of cybersecurity technologies that provide absolute anti-ransomware effectiveness in third-party exams. Not all cybersecurity solutions are created equal, and businesses in SEA must invest in solutions that offer complete protection against ransomware attacks.

Kaspersky Endpoint Security for Business, Kaspersky Small Office Security, and Kaspersky Standard have demonstrated complete protection against ransomware in 10 different real-life attack scenarios during regular Advanced Threat Protection assessments held by AV-TEST.

To combat ransomware and assist those affected, Kaspersky, along with Europol, the Dutch National Police, and others, launched the No More Ransom initiative in 2016. This project provides decryption tools, guidelines, and instructions to report cybercrimes, regardless of location. By the end of 2023, Kaspersky marked the seventh anniversary as a key contributor to the No More Ransom initiative, with expanded access to free decryption tools. These tools, targeting 39 ransomware families, have assisted nearly 2 million victims globally, as reported by Europol.

To protect yourself and your business from ransomware attacks, consider the following rules proposed by Kaspersky experts:

1. Secure remote desktop/management services: Limit exposure to public networks, use strong passwords, two-factor authentication, and firewall rules.
2. Install patches promptly: Regularly update commercial VPN solutions and other software to prevent ransomware exploitation.
3. Keep software updated: Ensure all devices have the latest software updates to prevent vulnerability exploitation.
4. Focus on detecting lateral movements and data exfiltration: Monitor outgoing traffic to detect cybercriminals’ connections.
5. Regularly back up data: Implement offline backup strategies and ensure quick access in emergencies.
6. Avoid pirated software and unknown sources: Download software only from trusted sources.
7. Audit supply chain and managed services: Assess and limit access to your environment.
8. Prepare for reputational risk: Develop a plan for data exposure in the event of a ransomware attack.
9. Use advanced security solutions: Implement Kaspersky Endpoint Detection and Response Expert and Kaspersky Managed Detection and Response service to identify and stop attacks early.
10. Educate employees: Provide dedicated training courses, such as those offered by the Kaspersky Automated Security Awareness Platform.
11. Stay informed: Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors. The Kaspersky Threat Intelligence Portal is a single point of access for Kaspersky’s TI, providing cyberattack data and insights gathered by their team for over 26 years.

By following these guidelines and investing in robust cybersecurity solutions, businesses in Southeast Asia can better protect themselves against the growing threat of ransomware attacks.