Ransomware attacks: Singapore organisations among most targeted

Study finds that despite this, they tend to prioritise recovery rather than prevention

Ransomware attacks are on the rise and organisations in Singapore are among the most targeted in the world, according to a recent study.

Despite this, businesses here tend to prioritise recovery rather than prevention, said a report published last month by cyber-security technology firm Cybereason.

Ransomware is a type of malware that typically infiltrates a computer system and encrypts the data inside. Criminals then demand a ransom, threatening to leave the data locked up and inaccessible.

Criminals are also increasingly using a "double extortion" tactic, where they not only encrypt the data but also steal it and threaten to leak or sell it online.

Cybereason said Singapore businesses witnessed the greatest volume of such attacks among the countries polled, with 80 per cent of respondents here saying their organisations had been hit by a ransomware attack in the past 24 months. Globally, the average figure was 72 per cent.

The proportion of Singapore organisations that reported at least one attack in the past year rose from 60 per cent in last year's report to 80 per cent this year.

Mr C.K. Chim, Cybereason's field chief security officer for the Asia-Pacific, said the recent ransomware "gold rush" among cyber criminals is due to the fact that it is becoming easier for them to carry out such attacks, while many organisations are now more reliant on digital infrastructure than before.

"(The criminals) often operate in countries with no extradition treaty... This allows them to operate with near impunity," he said.

The developers of such malware are increasingly opting to share their tools with "affiliates", such as those who specialise in gaining unauthorised access to networks, in exchange for a fee or a cut of the ransom.

Two prominent and commonly used types of ransomware, called LockBit 2.0 and Conti, operate under this "ransomware-as-a-service" model.

Mr Chim said factors such as a lack of cyber hygiene and a lack of visibility and detection of cyber criminals are overwhelming the security operations of many companies, including those in Singapore.

According to the study, Singapore respondents had the lowest confidence in their organisations' abilities to manage a ransomware attack. About 64 per cent said they were confident in their organisations' people, while 61 per cent were confident in their policies.

Respondents from Britain had the highest level of confidence in their organisations' people and policies, at 94 per cent and 77 per cent, respectively.

Following an attack, Singapore organisations increased their security budgets by an average of 12 per cent, which was below the global average of 19 per cent.

They were also among the least likely to apportion additional security budget to hiring talent to bolster their defences, with just 41 per cent of respondents here saying their companies would do so, compared with the global average of 51 per cent.

A third of all respondents said their organisations had set up cryptocurrency wallets in anticipation of needing to pay off future ransomware attacks, as the criminals often demand to be paid in Bitcoin.

The survey, conducted in April, polled nearly 1,500 cyber-security professionals from organisations with at least 700 employees in the United States, Britain, Germany, France, Japan, Italy, South Africa, the United Arab Emirates and Singapore. Those in Singapore made up about 7 per cent of the sample, or just over 100 respondents.

The study found that giving in to the criminals and paying the ransom did not guarantee the safe return of stolen data.

Among organisations that chose to pay the ransom to regain access to their systems, about 54 per cent found that system issues persisted after recovery, or that at least some of their data was corrupted after decryption. This figure is also on the rise, increasing from the 46 per cent who said the same last year.

Successfully targeted organisations were also vulnerable to repeat attacks.

Among the organisations that paid the first ransom, nearly 80 per cent were hit with another attack soon after. Of this group, 68 per cent said the second attack took place within a month of the first and came with a higher ransom amount, while about half were hit again by the same attackers.

Organisations may be motivated to pay the ransom in life-or-death situations or national emergencies, among others, Mr Chim noted.

About 28 per cent of all the respondents in the study, including those in the healthcare sector, paid up to avoid the potential injury or loss of life that could result from critical systems being blocked.

"Companies might also feel that paying gives them the fastest possible route to return operations to normal," Mr Chim added.

Some organisations that paid up did so to avoid loss of business revenue and expedite the recovery process. Others said they did so because they were unprepared for such an attack and did not back up their data or did not have the staff needed to adequately respond to the attack.

The Cyber Security Agency of Singapore (CSA) said it does not recommend that victims of ransomware pay the attackers, as this encourages the culprits to continue their criminal activities. Organisations that pay up may also be seen as soft targets that can be attacked again in the future, it added.

"Disrupting their business model and curbing the profits made will go a long way towards tackling the problem," said a CSA spokesman.

The agency added that the vast majority of cyber attacks can be prevented by taking proper precautions. "We encourage business owners to view cyber security as an investment for the future and put in place robust cyber-security measures to ensure that their systems are protected and resilient."


Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on July 19, 2022, with the headline Ransomware attacks: Singapore organisations among most targeted. Subscribe