Ransomware continues to pummel organisations in Southeast Asia

Due to the growing digital economy, geographical location and resources as regional hubs for finance and technology, and varying levels of cybersecurity infrastructure, the region remains a hotspot for ransomware attacks. Large organisations and SMEs continue to be targeted by cybercriminals.

“In general, cybercriminals, including ransomware groups are eyeing critical infrastructure and vulnerable sectors such as financial, public services, manufacturing and healthcare. Essentially, they are opportunists that are after targets big on cash,” says Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

Ransomware targeting businesses in SEA was highest in Indonesia with 32,803 incidents blocked by Kaspersky. Following behind is the Philippines with 15,208 ransomware attacks and Thailand with 4,841 cases. Malaysia came fourth with 3,920 malicious attacks, followed by Vietnam with 692, and Singapore with 107.

“The impact of a ransomware attack can be very devastating, financially and reputationally. Not only do organisations require high levels of resources to address the aftermath, but they also face the consequences of operation disruptions and downtime, followed by recovery time. These are not options, especially for critical infrastructure and service providers,” adds Hia. 

Recent high-profile incidents that include Indonesia National Data Centre, a Malaysia public transport operator and local health pharmacy chain, a Philippines health insurance provider, a Singapore famous restaurant group, and a major brokerage firm and gasoline service company in Vietnam are evidence of the malicious threat that is persistently attacking businesses in the region. 

“While there are growing global efforts to combat ransomware such No More Ransom initiative, of which Kaspersky is a part for the eighth consecutive year, and some governments in the SEA region have enacted cybersecurity laws[1][2] while others are working towards the same, it can never be reiterated enough that companies and organisations also have their parts to play to bolster cybersecurity defence,” adds Hia.

[1] Malaysia Cybersecurity Act 2024

[2] Singapore Cybersecurity Act 2018 

To protect your business from ransomware attacks, Kaspersky’s experts recommend the following: 

1.    Always keep software updated on all the devices to prevent attackers from exploiting vulnerabilities and infiltrating the organisation’s network. 

2.    Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.

3.    Back up data regularly and ensure they can be accessed quickly when needed or in an emergency.

4.    Avoid downloading and installing pirated software or software from unknown/unverified sources.

5.    Assess and audit your supply chain and managed services access to your environment. Kaspersky offers compromise assessment services.

6.    Do not expose remote desktop/management services (such as RDP, MSSQL, etc.) to public networks unless necessary and always use strong passwords, two-factor authentication and firewall rules for them.

7.    Monitor access and activity by having visibility over the network to spot any unusual activity, and controlling user access on an as-needed, and as-required basis to minimise risks of unauthorised access and data leak. 

8.    Set up a security operation centre (SOC) using an SIEM (security information and event management) tool like Kaspersky Unified Monitoring and Analysis Platform, a unified console for monitoring and analysing information security incidents, and solutions such as Kaspersky Next XDR Expert, a robust cybersecurity solution that defends against sophisticated cyber threats.

9.    Use the latest Threat Intelligence information to have in-depth visibility into cyber threats targeting your organisation and provide your InfoSec professionals with the most comprehensive and up-to-date information regarding potential malicious actors and their TTPs.

10.    Educate employees and improve their cybersecurity literacy through tools such as Kaspersky Automated Security Awareness Platform - Employees should be aware of the risks of cybersecurity threats and how to protect themselves and their organisations from them.

11.    Employ Kaspersky Professional Services to optimise the workload of your heavily challenged IT department. Kaspersky experts assess the state of your current IT security, then deploy and configure Kaspersky software quickly and properly to ensure hassle-free ongoing performance.

12.    If your company does not have a dedicated IT security function and only has generalist IT admins who may lack the specialist skills required for expert-level detection and response solutions, consider subscribing to a managed service such as Kaspersky MDR. This would instantly boost your security capabilities by an order of magnitude while allowing you to focus on building in-house expertise.

13.    For the protection of very small businesses, use solutions intended to help you manage your cybersecurity even without having an IT administrator on board. Kaspersky Small Office Security provides you with hands-off security due to 'install and forget' protection and saves the budget which is crucial, particularly in the early stages of business development.