Despite heightened awareness of ransomware and related cyberthreats, ransomware payments have hit a record high. What needs to be done?
The growing interconnectivity of business ecosystems has heightened the risk of ransomware attacks, and businesses in the Asia Pacific region are facing an increasingly complex cyberthreat landscape fueled by geopolitical tensions and AI-driven attacks.
The region is expected to be the fastest-growing economy in 2024. Despite challenges like regulatory environments, global economic conditions, and talent shortages, the region is well-positioned for growth – with APAC tech spending projected to reach US $876B in 2027.
While investment and spending in the region continues to rise, so does the number of companies targeted by ransomware. According to ExtraHop’s Global Ransomware Trends Report, ransomware payments surpassed a staggering US$1 billion in payouts last year. IDC found that 59.6% of businesses in the region experienced ransomware attacks in 2023.
It certainly means that organizations in Asia Pacific need to do something – and do it fast. CybersecAsia discussed the issues with Daniel Chu, Vice President of Systems Engineering, APJ, ExtraHop.
Can you elaborate on the trends in ransomware payments in the region, including why the average payment in Singapore is higher than the global average?
Chu: Cybercriminals are employing sophisticated tactics like double extortion and Ransomware-as-a-Service (RaaS), enabling even less experienced attackers to execute highly advanced assaults.
These emerging threats are increasingly targeting critical sectors like healthcare, supply chains, and essential infrastructure. Moreover, attackers are leveraging data theft and social media pressure to intensify attacks and extend their impact.
As a result, the Asia Pacific region is seeing a surge in ransomware payments, with 59.6% of enterprises being victims of ransomware attacks in 2023.
A vital hub for finance, technology and other related sectors in the region, Singapore is a particularly attractive target for various cyberthreats. It is not only one of the top 10 richest countries, but it also holds immense valuable data and Intellectual Property (IP), which cybercriminals often seek to extort and monetize for financial gain. This is fueled by the fact that many organizations rely on digital infrastructure or use outdated and vulnerable network protocols – making it easier for criminals to carry out such attacks.
In 2023, Singapore had the highest proportion of organizations that consistently paid ransoms (27%), with an average payment of US$3.3 million per company, surpassing the global average of US$2.5 million.
Companies often resort to paying ransoms for various reasons, including a lack of business and operational resilience to withstand a ransomware attack. In such cases, paying the ransom may appear to be the fastest solution to recover data. In fact, 95.7% of companies in Singapore paid ransom after ransomware attacks last year.
Two broad trends are apparent from these attacks. The first is a demonstrated shift towards exfiltration-only data extortion, where ransomware groups steal data without encrypting files or systems, resulting in faster and stealthier attacks. Then, there is the use of additional pressure tactics, such as harassing the victim’s clients or threatening to report the victim to authorities for the data breach if the ransom isn’t paid.
However, research indicates that paying does not ensure data recovery, and ransomware victims are six times more likely to be targeted again within three months.
How do ransomware attacks impact different industries, and which sectors are most vulnerable?
Chu: The ExtraHop Global Ransomware Trends Report 2024 found that the manufacturing, construction, utilities, retail, and telecom industries noted ransomware as a top risk to their organizations. Conversely, industries like travel and leisure, healthcare, transportation, and government are less inclined to view ransomware as their primary threat.
As such, over the past year, the industries which did not prioritize the threat of ransomware – like agriculture, healthcare, and government – were the most vulnerable and reported some of the highest numbers of ransomware incidents. In contrast, the industries mentioned initially with a greater awareness of ransomware threats, experienced fewer attacks.
In the face of increasing geopolitical tensions in 2023, the government sector saw the highest percentage of organizations paying over US$25 million in ransom, in total. It also ranked among those with the highest average ransom payouts, at just over US$3.8 million.
What measures can organizations in the region take to mitigate the risk of ransomware attacks, and how effective are these strategies?
Chu: Organizations in the region can mitigate ransomware risks through several key strategies:
- Understanding and Protecting Sensitive Data: Identifying where sensitive data resides within the network allows organizations to prioritize its protection. This helps in securing high-value assets, making it harder for ransomware to compromise critical information.
- Adopting an Attacker’s Mindset: By familiarizing themselves with common ransomware tactics, organizations can better anticipate and defend against potential attacks. This proactive approach enhances the ability to detect and respond to threats early.
- Evaluating the Attack Surface: For an effective cybersecurity strategy, businesses should leverage both EDR and NDR to offer the visibility needed to defend against ransomware attacks and protect critical assets. Continuous monitoring of real-time network activity ensures early detection of anomalies, enabling swift response and minimizing disruption.
- Implementing Resiliency Plans: Simulating ransomware attacks to test an organization’s preparedness ensures that business continuity can be maintained even in the event of a successful breach. This approach reduces downtime and financial loss, making it a critical aspect of risk mitigation.
By integrating these strategies, organizations can significantly enhance their defenses against ransomware, reducing both the likelihood and impact of an attack.
How can collaboration between the public and private sectors in the region help enhance cybersecurity and reduce the incidence of ransomware attacks?
Chu: Cybersecurity leaders across the region agree that collaboration and breaking down silos among organizations and sectors are crucial to addressing the complex, ever-changing cybersecurity landscape and preserving digital infrastructure.
Government agencies need active cooperation from businesses, academia, and the public to effectively combat cyberthreats. In today’s fast-changing cyber landscape, collaboration between the public and private sectors is crucial. Private companies enhance governments efforts by providing critical intelligence, operational capabilities, and technical expertise.
Through the sharing of information and resources, these partnerships bolster collective abilities to protect digital infrastructure and effectively combat evolving cyber threats and ransomware attacks.
