SEA Businesses Face 400 Ransomware Attacks Daily, Kaspersky

Organisations in Southeast Asia (SEA) continue to face an alarming surge in ransomware attacks in 2024. Latest findings from Kaspersky show that businesses here faced 400 ransomware attempts on a daily basis last year, on average.

Ransomware, as the name suggests, is malicious software designed to block access to a computer system or encrypt its data until a sum of money (a ransom) is paid. These attacks have been carried out on both individuals and corporations.

Overall, Kaspersky solutions used in businesses in SEA detected and blocked a total of 135,274 ransomware attacks between January to December last year.

“From just a total of 57,000 ransomware attacks in 2024’s first half, ransomware gangs clearly escalated their attacks during the last six months of last year. With ransomware groups leveraging increasingly sophisticated methods, companies in the region are all feeling the pressure as attackers exploit vulnerabilities in the increasingly complex corporate IT and network infrastructure,” comments Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

Businesses in Indonesia faced the greatest number of ransomware attacks (57,554) followed by Vietnam (29,282), and the Philippines (21,629).

Another key finding from Kaspersky shows that Malaysia’s ransomware numbers logged a 153% increase on a year-on-year basis, with 12,643 detections last year as compared to just 4,982 back in 2023.

The notable ransomware incidents in the region last year include attacks against a national data centre, a postal service provider, a government portal for foreign workers, and the retail sector.

“Ransomware groups persist in refining their tactics, exploiting known vulnerabilities and leveraging advanced tools like Meterpreter and Mimikatz to gain unauthorised access. By targeting internet-facing applications, manipulating local accounts, and evading endpoint defences, they demonstrate a sophisticated mastery of network weaknesses. The ongoing threat emphasises the urgent need for robust cybersecurity defences, as adversaries continue to innovate and exploit even the most familiar vulnerabilities,” adds Hia.

To mitigate the risk of ransomware attacks, individuals and organisations should prioritise cybersecurity measures.

• Use robust, properly-configured security solutions like Kaspersky NEXT.
• Implement Managed Detection and Response (MDR) to proactively seek out threats.
• Disable unused services and ports to minimise the attack surface.
• Keep all systems and software up to date with regular updates and patches.
• Conduct regular penetration tests and vulnerability scanning to identify and address vulnerabilities promptly.
• Provide comprehensive cybersecurity training to employees to raise awareness of cyberthreats and best practices for mitigation.
• Establish and maintain regular backups of critical data, and test backup and recovery procedures regularly.
• Use Threat Intelligence to keep track of the latest TTPs used by groups and adjust your detection mechanisms to catch these.

Pay special attention to any “new” software being run and installed on systems within your network (including legitimate software).