Editorial Notes

Cyber security faces threat from 'ransomware': Yomiuri Shimbun

The paper says that ransomware, where a ransom is demanded to decrypt stolen information, has spread globally.

In recent years, a huge number of viruses have been created, and attacks have become more sophisticated, says the paper. ST PHOTO: KELVIN CHNG

TOKYO (THE YOMIURI SHIMBUN/ASIA NEWS NETWORK) - There has been a spate of cyber attacks involving the theft of confidential corporate information and attempts to extort money. It is necessary to quickly prepare to respond to such heinous criminal acts.

In early November, information was stolen from game software giant Capcom Co by an unknown party and a ransom was demanded. It is believed the attack came from overseas.

Up to 350,000 items of personal information of the company's customers, shareholders and others may have been hacked.

Capcom said it refused to pay the ransom and has consulted the police. It is feared that the stolen personal information could be used for fraudulent and other illicit purposes. This is a serious situation.

The cyber attack involved "ransomware," malicious software through which an attacker hacks into a computer, steals data and encrypts the original data to make it unusable. A ransom is then demanded to decrypt the information.

Such ransomware attacks spread globally in the past, affecting a large but unspecified number of targets. This time, however, the attackers targeted a specific company. It is called a "double extortion" because companies also risk having the stolen information exposed if the demands are not met.

According to experts, about 20 criminal groups are operating around the world, and ransoms are getting higher and higher. In Japan, the first victims were confirmed this summer.

An overseas survey found that about 30 per cent of targeted Japanese companies paid the ransom. More vigilance is urged.

There is no guarantee that even if victims comply with the demands, attackers will keep their promise and decrypt data or not leak the information.

If Japanese companies give in to the threats, they will be perceived as easy targets, which could lead to more attacks. In principle, it would be a good idea to take a firm stand.

In recent years, a huge number of viruses have been created, and attacks have become more sophisticated. It is difficult to prevent being victimised completely.

Cases involving attacks on employee computers with inadequate safeguards and the central computer systems of companies are on the rise. Amid the novel coronavirus pandemic, telecommuting is spreading, which increases the risk of vulnerabilities being exploited.

It is imperative that companies strengthen measures to prevent their systems from being compromised by, for example, updating the latest version of software and introducing two-step authentication.

Important data should be backed up. It is also important to consider in advance what to do if a hack occurs.

There is a limit to how much a company can do on its own. In the United States, legislation has established an intelligence-sharing system between the public and private sectors for information on attack threats or damage.

In November, the government and the Japan Business Federation (Keidanren) set up a new public-private organisation to strengthen measures against cyber attacks.

It is important for information to be shared between the government ministries and agencies concerned and the business community to improve their response capabilities.

The Yomiuri Shimbun is a member of The Straits Times media partner Asia News Network, an alliance of 24 news media organisations.

Join ST's Telegram channel and get the latest breaking news delivered to you.