Businesses in Southeast Asia (SEA) are well within the radar of cybercriminals with 3 in 5 (67%) confirming that they have been victims, according to the latest research by Kaspersky.
Half of those (34%) who have admitted having their data maliciously encrypted by cybercriminals experienced ransomware attacks not once but several times. The remaining respondents (33%) said they have experienced such incidents one-time only.
The most common denominator among ransomware victims in the region is that almost all paid the ransom (82.1%). In fact, 47.8% of the surveyed executives confessed that they paid the ransom as soon as possible for immediate access to their business data, two digits higher than the global average of 38.1%.
“It is concerning to see that only 17.9% of businesses here in SEA victimized by ransomware did not budge on the cybercriminals’ demands,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. “We stand firm that paying the ransom should not be a knee-jerk reaction for enterprises. But, with more than half (67%) of those we surveyed admitted that their organizations would not survive without business data if attacked, we understand the urgency and the desperation to get their data back as soon as possible, by all means.”
Getting back data
The cybersecurity company surveyed 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific, 100 of which were from SEA. Conducted in April 2022, the research titled “How business executives perceive ransomware threat” gathered the answers from those in senior non-IT management (such as CEOs, VP, and Director level) and business owners or partners at companies with 50-1000 employees.
Almost a quarter (23.9%) did try to get their data back through back-ups or decryption but failed and paid ransom within two days while 10.4% took a week of effort before paying up.
When the ransomware victims were asked about the steps they will conduct should they face the same incident, majority (77%) of the business leaders in SEA confirmed that they will still pay the ransom showing a worrying tendency for companies that have already been a victim of ransomware to pay up, encouraging cybercriminals to continue their attacks.
Kaspersky’s study also revealed a key puzzle piece — that the majority (94%) of enterprises in SEA will seek external help if attacked by ransomware. This is higher than the global rate at 89.9%.
Almost a quarter (20%) of which will contact law enforcement, while 29% will reach out to a third party cybersecurity incident investigation and response service provider like Kaspersky. The remaining percent will contact both of these external organizations to know how to respond to a ransomware attack.
“With only 5% of enterprise leaders confirming that they have internal incident response capabilities or they have the regular IT team or service provider to figure out a ransomware attack, it is clear that our enterprises here in SEA need help,” Yeo said. “Enterprises here should really look into acting on concrete steps to upskill or even to build their own security defense team with intelligence-led incident detection and response capabilities.”
Kaspersky, however, puts emphasis on preventing a ransomware attack. The global cybersecurity company encourages businesses to follow these simple and effective recommendations to help protect their organizations against this threat:
- Always keep up-to-date copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device). These should be stored not only on a physical device but also in cloud storage for greater reliability. Make sure you can quickly access your backups in the event of an emergency.
- Install all security updates as soon as they become available. Always update your operating system and software to eliminate recent vulnerabilities.
- Provide security education to your staff. Explain that by following simple rules, employees can help prevent ransomware incidents. Check out dedicated training courses, such as the ones provided in the Kaspersky Automated Security Awareness Platform.
- Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits, and is compatible with already installed security solutions.
- Enterprise companies are recommended to use anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents, as well as have access to the latest threat intelligence. An MDR provider could help to effectively hunt any advanced ransomware attack. All of the above is available within Kaspersky Expert Security.
- If you become a victim, never pay the ransom. It won’t guarantee you get your data back but will encourage criminals to continue their business. Instead, report the incident to your local law enforcement agency and get help from incident response experts such as Kaspersky.