Ransomware attacks detected and blocked by Kaspersky on computers of small-medium enterprises (SMEs) in Southeast Asia (SEA) have dwindled from 1.4 million hits in the first half of 2019 compared to just half a million in the first half of 2020, based on the latest figures from the cybersecurity company.
All six countries in the region — Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam — were monitored with fewer detections of ransomware attacks from January to June 2020 compared to the same period last year. Singapore has logged the highest reduction of ransomware detections at 89.79% followed by Malaysia at 87.65% and Indonesia at 68.17%.
Globally, Indonesia and Vietnam landed in fourth and eighth places, respectively, in Kaspersky’s overall ranking of countries with the most detected ransomware attacks in the second quarter of 2020. China, Brazil, and Russia were the top three in the cybersecurity company’s worldwide ranking for this period.
Ransomware is malicious software that infects one’s computer, locks the computer screen or encrypts important files with a key, and displays messages demanding a fee to be paid in exchange for the promise to have the computer to work again. This class of malware is a criminal money-making scheme that can be installed through deceptive links in an email message, instant messaging, or website, as well as a number of more sophisticated techniques.
Cybersecurity experts from Kaspersky have been forecasting as early as two years ago the decline of ransomware up to this year. Kaspersky projected that ransomware will tail off because of increased public attention. Continuous reporting as well as initiatives such as the No More Ransom project, which was co-founded by Kaspersky, provided resources to assist individuals and businesses to recover their data and devices from ransomware attacks. Resources included free decryption tools.
According to the cybersecurity company, the observed decrease in the region is mainly due to two reasons: one is the decline of one of the biggest ransomware groups that hit organizations worldwide in 2017, and two, because of upgrades in software systems that reduced the vulnerability of computer systems. The Microsoft Windows operating system has been the target of this malware.
“The main factor that contributed to this decrease is the gradual decline of the WannaCry ransomware which was one of the top verdicts in our statistics. Most probably, with systems getting patched, this uncontrolled worm gets fewer targets over time,” said Fedor Sinitsyn, Senior Malware Analyst at Kaspersky.
But while WannaCry is somehow waning in its assaults, the cybersecurity company said it is not a reason for SMBs to put their guards down.
“Our industry has been unfaltering in our advanced research and resolute reporting of sophisticated attacks and we see its important contribution in the weakening of some ransomware campaigns. But we can never be complacent. Prolific attacks may always fly under our radar and we need to continue to watch out for them,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
“The spray and pray tactic of ransomware creators may be over but we are also observing the rise of the more dangerous targeted ransomware. It is good news that ransomware detections against SMBs in the region have become lesser in quantity, but the recent headline-grabbing incidents involving Maze ransomware and the recent WastedLocker attack which allegedly earned $10 million in one infection should be a clear reminder for all companies, however small, that we need to beef up our cybersecurity now more than ever against this costly threat,” Yeo added.
For organizations that became a victim of a ransomware attack, Kaspersky recommends to disconnect the infected computer from any network and the internet and then isolate it. And never pay the ransom demanded by the cybercriminals.
Kaspersky recommends that as in a real-life hostage situation, it is best not to negotiate with cyber attackers. Paying the ransom is not a guarantee that the compromised data will be returned and yielding encourages this sort of crime, the cybersecurity company said.
As humans are the first line of defense, the global cybersecurity company is also offering a three-month free Automated Security Awareness Training. This training program which can help develop awareness and better habits online is available until the end of September 2020 and works with up to 500 users. Interested business owners can find out more about this by visiting this link: http://www.k-asap.com.