Ransomware attacks likely to rise this year, Kaspersky warns

EXTENDED detection and response (XDR) solutions can help protect users against cyberattacks, as attempts to steal data via ransomware are expected to increase this year, cybersecurity company Kaspersky said.

Cybersecurity experts, speaking at a Feb. 28 event held by Kaspersky, recommended XDR solutions for improved visibility, better protection, and faster response time for such attacks.

XDR solutions don’t only deal with known malware, but also the grey area of lesser-known and unknown threats, according to Victor Chu, Kaspersky’s head of systems engineering of Southeast Asia for enterprise cybersecurity.

He added that these solutions correlate data at all layers and across all components of a company’ information technology infrastructure while using analytics to detect and analyze possible threats.

Mr. Chu said ransomware attacks have become more sophisticated. Its current iteration, Ransomware 3.0, inflicts wider financial and reputational damage among companies by also alerting their stakeholders, their customers, and the press about the cyberattack to force these firms to pay the ransom.

“Triple extortion is what targeted attacks are all about,” he said.

He said attackers shame companies and then sell their data to cybercriminals if they do not pay up.

A 2022 study by Kaspersky found that almost all (82.1%) business executives in Southeast Asia opt to pay the ransom demanded by these cybercriminals. Almost half (47.8%) also said they paid the ransom as soon as possible in exchange for immediate access to their business data.

“We highlight ransomware because it’s becoming very entrepreneurial,” said Yeo Siang Tiong, Kaspersky’s general manager for Southeast Asia, noting that ransomware-as-a-service has become prevalent.

He cited as an example a ransomware-as-a-service provider called Lockbit, which employs targeted attacks against enterprises and other organizations. Among its known victims are an IT service provider, a private school in Malaysia, and a food manufacturer in Singapore.

“Malicious actors, like the Lockbit ransomware group, invest considerable time in up-front intelligence gathering to determine who they will target, how they will target them, and the optimal timing of their attack. Modern targeted ransomware groups are set to disrupt more enterprises in Southeast Asia if we are not equipped enough to nip them in the bud,” Mr. Tiong said.

“Lots of organizations are running from behind,” he added, but noted “there is always a solution for everyone.”

A total of 304,904 ransomware attacks targeting businesses in Southeast Asia in 2022 were blocked by Kaspersky’s business solutions, the company said.

Indonesia recorded the highest number of incidents foiled by Kaspersky’s business-to-business solutions (131,779), followed by Thailand (82,438), Vietnam (57,389), the Philippines (21,076), Malaysia (11,750), and Singapore (472). — Patricia B. Mirasol