Two factors probably account for this trend, but we must not let our guard down for even a moment.
Ransomware attacks detected and blocked by cybersecurity provider Kaspersky on computers of small-to-medium sized enterprises (SMEs) in Southeast Asia have dwindled from 1.4M hits in H1 2019 to just half a million in H1 2020, based on their latest figures.
From January to June 2020, all six countries in the region—Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam—yielded fewer detections of ransomware attacks versus the same period last year. Singapore logged the highest reduction of ransomware detections at 89.79%, followed by Malaysia at 87.65% and Indonesia at 68.17%.
Globally, Indonesia and Vietnam landed in fourth and eighth places, respectively, in Kaspersky’s overall ranking of countries with the most detected ransomware attacks in the Q2 2020. China, Brazil, and Russia were the top three in the firm’s worldwide ranking for this period.
Amidst this trend, Kaspersky’s experts observed the rise of targeted ransomware from notorious APT groups. This highlights the need for more sophisticated protection for enterprises of all shapes and sizes.
Two reasons for this trend?
According to the cybersecurity company, the observed decrease in the region is mainly due to two factors. One is the decline of one of the biggest ransomware groups that hit organizations worldwide in 2017. Two, because of upgrades in software systems that have reduced the vulnerability of computer systems, such as the Microsoft Windows operating system that has been the target of this malevolent malware.
Said Fedor Sinitsyn, Senior Malware Analyst, Kaspersky: “The main factor is the gradual decline of the WannaCry ransomware which was one of the top verdicts in our statistics. Most probably, with systems getting patched, this uncontrolled worm gets less targets over time.”
While WannaCry is somehow waning in its assaults, the cybersecurity company says it is not a reason for SMEs to put their guards down. According to Yeo Siang Tiong, GM Southeast Asia, Kaspersky: “Our industry has been unfaltering in our advanced research and resolute reporting of sophisticated attacks and we see its important contribution in the weakening of some ransomware campaigns. But we can never be complacent. Prolific attacks may always fly under our radar and we need to continue to watch out for them.”
The spray-and-pray tactic of ransomware creators may be over, said Yeo, but the rise of the more-dangerous targeted ransomware is notable. The recent headline-grabbing incidents involving Maze ransomware and the recent WastedLocker attack (which allegedly earned US$10 million in one infection) should be a clear reminder for all companies, however small, “that we need to beef up our cybersecurity now more than ever against this costly threat.”
Quality over quantity
Kaspersky recommends that, as in a real-life hostage situation, it is best not to negotiate with cyber attackers. Paying the ransom is not a guarantee that the compromised data will be returned, and yielding encourages this sort of crime.
As humans are the first line of defense, the global firm is offering a three-month free Automated Security Awareness Training. This training program, which can help develop awareness and better habits online, is available until end of September 2020 and works with up to 500 users.