Between 2022 and 2023, SMEs in the Asia Pacific and Japan region experienced a 204% increase in such ransomware attacks: analysis.

In analyzing data between 1 Oct 2021 and 31 May 2023 pertaining to victims of approximately 90 different ransomware groups that had publicised details (timestamps, victims’ names, and victim domains) of their attacks, one content delivery and cloud computing firm has found that the use of Zero Day and One-Day vulnerabilities had led to a 204% increase in total ransomware victims between Q1 2022 and Q1 2023 in the Asia-Pacific and Japan region (APJ).

Based on the analysis, it is observed that ransomware groups have been increasingly targeting the exfiltration of files and made it the primary source of extortion. This new tactic indicates file backup solutions are no longer a sufficient strategy to protect against ransomware.

Other key findings of the analysis:

    • Lockbit was the most prevalent ransomware in each industry in the APJ, accounting for 60% of attacks in manufacturing, 55.8% in business services, 57.7% in construction, 45.8% in retail, and 28.6% in energy. LockBit has been the Ransomware-as-a-Service most subscribed to, and it now dominates the ransomware landscape in APJ, accounting for 51% of attacks from Q3 2021 to Q2 2023 (in the firm’s data) — followed by the ALPHV and CL0P ransomware groups.
    • The CL0P ransomware group aggressively exploited Zero Day vulnerabilities like MOVEit, which contributed to the spike in ransomware victims in APJ in Q1 2023, and the ongoing ransomware events in June this year.
    • The majority of APJ ransomware victims in the data were small- and medium-sized enterprises (SMEs) with reported revenues of up to US$50m.
    • In the data, victims of multiple ransomware attacks were more than six times more likely to experience the second attack within three months of the first attack.
    • Essential infrastructure in APJ has been actively targeted, as the top five critical industries in the region attacked by ransomware and at further risk have been:
      • Manufacturing
      • business services
      • construction
      • retail
      • energy
      • utilities
      • telecommunications
    • In the data, adversaries were shifting the emphasis of their modus operandi from phishing to vulnerability abuse in order to exploit unknown security threats and infiltrate business internal networks to deploy ransomware.

According to Dean Houari, Director of Security Technology and Strategy, Akamai Technologies, Inc. which performed the analysis:

“It’s imperative that both the private and public sectors across APJ strengthen collaboration to help organizations defend against ever-growing ransomware threats. Businesses — especially APJ SMEs –– must work to adopt a zero trust architecture starting with software defined micro-segmentation in order to effectively mitigate ever-evolving cyberattacks.”