Young male frustrated, confused and headache by WannaCry ransomware attack on desktop screen, notebook and smartphone, cyber attack internet security concept

The decline is largely down to a fall in WannaCry ransomware. Source: Shutterstock

Good news, ransomware targeting SMEs is on the decline in SEA

  • Kaspersky reports a decline in ransomware targeting SMEs since last year
  • It’s good news, but the Russian cybersecurity firm warns businesses shouldn’t get complacent

Good news seems like a rarity when it comes to cybersecurity, but Kaspersky’s latest announcement does sound something like it.

The Moscow headquartered cybersecurity leader claims the number of ransomware attacks detected and blocked by its systems on computers belonging to Southeast Asia SMEs has “dwindled” from 1.4 million in the first half of 2019 to just half a million in the first half of 2020.

The findings run counter to an overall spiking trend in attempted cyberattacks amid the pandemic and come in spite of high-profile attacks against firms like Travelex and Garmin.

All six countries in the region — Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam were monitored with fewer detections of ransomware attacks from January to June 2020 versus the same period last year.

Singapore has logged the highest reduction of ransomware detections at 89.79%. followed by Malaysia (87.65%) and Indonesia (68.17%).

Ransomware is malicious software that infects one’s computer, locks the computer screen, or encrypts important files with a key. Usually, a message is displayed demanding a fee in exchange for the promise to have the computer to work again.

This class of malware can be installed through deceptive links in an email message, instant messaging, or website, as well as a number of more sophisticated techniques.

Kaspersky claimed it had forecasted a dip in ransomware up to 2020 as far as two years ago, owing to a decrease in public attention, as well as a rise in decryption tools and basic cybersecurity awareness among workforces.

But the decrease is also down to the decline of the WannaCry ransomware group, previously one of the biggest groups that hit organizations worldwide in 2017 — including, infamously, the British National Healthcare Service.

This decline comes down to upgrades to software systems that have made computer systems, such as the Microsoft operating system, less vulnerable. “Most probably, with systems getting patched, this uncontrolled worm gets less targets over time,” says Fedor Sinitsyn, Senior Malware Analyst at Kaspersky.

A recession of ransomware is certainly good news — it means the threat is less severe. At the same time, there is still huge value for hackers in targeting large companies and smaller enterprises should not get let their vigilance slip.

“Our industry has been unfaltering in our advanced research and resolute reporting of sophisticated attacks and we see its important contribution in the weakening of some ransomware campaigns. But we can never be complacent. Prolific attacks may always fly under our radar and we need to continue to watch out for them,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“The spray and pray tactic of ransomware creators may be over but we are also observing the rise of the more dangerous targeted ransomware. It is good news that ransomware detections against SMBs in the region have become lesser in quantity, but the recent headline-grabbing incidents involving Maze ransomware and the recent WastedLocker attack which allegedly earned $10 million in one infection should be a clear reminder for all companies, however small, that we need to beef up our cybersecurity now more than ever against this costly threat,” Yeo adds.

If your organization has become a victim of a ransomware attack, Kaspersky recommends disconnecting the infected computer from any network and the internet and then isolate it. And never pay the ransom demanded by the cybercriminals.

As in a real-life hostage situation, it’s best not to negotiate with cyber attackers. Paying the ransom is not a guarantee that the compromised data will be returned and yielding encourages this sort of crime, the cybersecurity company said.