Q1 2020: Over 200k Ransomware Attempts Blocked Against SMBs in SEA

29 May 2020 – Three years after the headline-grabbing Wannacry ransomware wreaked havoc thousands of IT systems around the globe, data from Kaspersky for Southeast Asia (SEA) prove the threat is still present particularly against small and medium businesses (SMBs) in the region.

Ransomware is a type of cyberware that is designed to extort money from an individual or a company. Often, ransomware will demand a payment in order to undo changes that the Trojan has made to the victim’s computer. These changes can include encrypting data that is stored on the victim’s disk – so the victim can no longer access the information, and blocking normal access to the victim’s system.
For the first three months of 2020, a total of 269,204 ransomware attempts were foiled by global cybersecurity company’s solutions for businesses with 20-250 employees in the region. This is based on the detection verdicts of Kaspersky products received from users who consented to provide statistical data.

“Overall, we have observed a significant decline in ransomware attacks we are blocking against SMBs in SEA. The first quarter numbers are 69% lower compared with the same period in 2019, which is definitely a good sign. However, companies should never be complacent. Cybercriminals may show less activity but their precision has undoubtedly been improved and our telemetry showed they are more focused on targeting businesses and organisations now,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

ransomware stages

To install the ransomware into a victim’s system, cybercriminals usually use a phishing email, a website infected with a malicious program, or un-updated software. Once the Trojan has been installed, it will either encrypt information that’s stored on the victim’s computer or block the computer from running normally – while also leaving a ransom message that demands the payment of a fee, in order to decrypt the files or restore the system. In most cases, the ransom message will appear when the user restarts their computer after the infection has taken effect.

Per country statistics during the first quarter of 2020 showed all territories in Southeast Asia logged a decrease in ransomware detected compared with the same period last year. However, globally, one-in-three of ransomware blocked by Kaspersky in 2019 was targeted towards corporate users. This shows that cybercriminals are increasingly targeting businesses and enterprises as opposed to individual users.
Indonesia remains among the top 10 countries in terms of share of SMB users almost infected with this threat. The five nations with the highest percent of attempts in Q1 2020 include the Russian Federation, Brazil, China, Bangladesh, and Egypt. Wannacry remains the most popular ransomware globally.

Number of ransomware attempts against SMBs blocked by Kaspersky solutions and the country’s ranking based on the share of users almost infected with this malware

Number of ransomware attempts against SMBs blocked by Kaspersky solutions and the country’s ranking based on the share of users almost infected with this malware

“We can safely say that the companies are now highly aware of this danger after the Wannacry incident three years ago. The current pandemic situation which forced employees to work remotely, however, blur the line between enterprise and personal security, therefore increasing the surface of attack cybercriminals can exploit. Adding in the financial strain on this sector, we are offering SMBs in the region our solution and services for free to help them seal their confidential data and assets against this costly threat,” adds Yeo.

The global cybersecurity company has launched a 20-30 minutes free online course zeroing in on how companies can secure their current remote working environment. It is accessible through this link.

Aside from this training, Kaspersky also offers small and medium enterprises in SEA six months free licenses for Kaspersky Security for Microsoft Office 365. This tool is an advanced, all-in-one threat protection for Microsoft Office 365’s communication and collaboration services. It curbs the spread of malicious threats including ransomware, viruses, Trojans, phishing, among others.

As ransomware is a threat businesses should not overlook, Kaspersky experts share simple tricks on how to fend off this online menace:

  • Equip your employees with high-level of awareness in terms of social engineering tricks. It is advisable to employ a training which features level-by-level learning such as Kaspersky Automated Security Awareness Training.
  • Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases.
  • Use a security solution that has specialized technologies to protect your data from ransomware such as Kaspersky Endpoint Security for Business. Corporate grade endpoint security suites also have patch management and exploit prevention capabilities that would be helpful against these threats.
  • Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on the physical object but also in cloud storage for greater reliability.
  • Remember that ransomware is a criminal offence. You shouldn’t pay. If you become a victim, report it to your local law enforcement agency. Try to find a decryptor on the internet first – some of them are available for free here: https://noransom.kaspersky.com
  • Businesses can enhance their preferred third-party security solution with free Kaspersky Anti-Ransomware Tool.

Author: Terry KS

Share This Post On