By Goh Chee Hoh, Managing Director, Trend Micro Malaysia and Nascent Countries,
In just the first four months of 2021, Trend Micro’s Research team detected 113,010 ransomware threats in Malaysia. Ever since the first detected case of ransomware infection in 2005 globally, ransomware has evolved over the years, resulting in what is often termed modern ransomware, which are increasingly targeted and malicious in nature.
The recent attack on enterprise technology firm Kaseya, where hackers demanded US$70 million (RM290.92 milion) worth of bitcoin to return stolen data, is a stark reminder of the sweeping damage and disruption that modern ransomware is capable of.
Traditionally, ransomware attacks were conducted through a “click-on-the-link” that leads to compromised websites or spam emails, typically aimed at a random list of victims to collect moderate pay-out.
Today, threat actors have evolved their strategies to inflict greater damage on a company’s reputation and potentially collect larger pay-outs from high-profile victims, resulting in what is now known as a “double-extortion” strategy in a modern ransomware attack. According to Trend Micro’s research, criminals take these steps to personalize the attacks:
1. Organize alternative access to a victim’s network such as through a supply chain attack
2. Determine the most valuable assets and processes that could potentially yield the highest possible ransom amount for each victim
3. Take control of valuable assets, recovery procedures, and backups
4. Steal and threaten to expose confidential data
In Malaysia, Trend Micro found that the industries that are most targeted by ransomware are government, healthcare, and manufacturing. As these sectors continue play a role in driving economic growth in the country, it’s clear that a multi-layered cybersecurity defence system is necessary for enterprises to defend their networks and protect their business-critical data to keep up with the ever-evolving ransomware landscape.
In order to keep up with the ever-evolving ransomware landscape, among the three most important must-dos for Malaysian organizations are:
- Maintain IT hygiene factors: Security teams should ensure that proactive countermeasures, such as monitoring features, backups, and trainings in security skills, are in place to enable early detection. Alongside that, everyone in an organization should also have the latest security updates and patches installed.
- Work with the right security partners: Start by clearly defining the needs and priorities around enterprise security in an organization. Then, collaborate with a security vendor that aligns with these priorities to create a solid security response playbook to be used on an ongoing basis.
- Have visibility over all security layers: In order for security teams to be able to detect suspicious activity early-on to respond faster to attacks, organizations should utilize tools such as Trend Micro Vision One, which collects and automatically correlates data across email, endpoints, servers, cloud workloads, and networks. By putting the right technologies in place, enterprises can also help reduce the alert fatigue commonly faced by security operations centers (SOCs), with 54% reporting that they are overwhelmed by alerts.
In today’s world of constant attacks, cybersecurity should be top of mind for everyone across the entire organization, and not just be the sole responsibility of the security team. While an organization can eventually recover its data or financial resources post-attack, the loss of trust among customers and partners will be a difficult challenge to remedy. All stakeholders must collaborate, invest in proper resources, and take proactive steps to transform workplace culture and best practices in order to stop pernicious ransomware threats at the door.