10M ransomware-related cyber threats detected, blocked in APAC

More than ten million ransomware-related cyber threats have been detected and blocked in Asia Pacific (APAC) from January to May this year, while the total number of similar attacks exceeded 66 million globally, according to Trend Micro, Inc.

India,  Taiwan and Thailand ranked the top three countries in APAC with the most number of threats; Singapore was #12 on the list with 82,083 attacks on record so far, translating to close to 550 threats every day. 

“As Singapore builds the world’s first smart nation, cybersecurity should become a national imperative ingrained in every organization’s DNA. It is critical to be aware of the prevailing threats and ensure that we are equipped with the right defense strategy,” says David Siah, Country General Manager, Trend Micro Singapore. “Regardless if you are an MNC, SME, or a government agency, no one is exempted from ransomware attacks; it is the next biggest threat that is wreaking havoc.”

Trend Micro’s research shows, globally, 64 percent of ransomware-related attacks come from spam emails and messages; 34 percent spread via undermined sites, malvertisements, and landing pages that host exploit kits dispatched by cybercriminals; and the remaining two percent originate from files.

In the first five months of 2016, 50 new ransomware families were added. All of these new families still encrypt files and drop ransom notes. Many of them have expanded their tactics by adding sophisticated routines that compel the victims to make payment as soon as possible. Jigsaw, for instance, threatens to delete an increasing number of files after every hour of non-payment. Some ransomware families (TESLA 4.0, a variant of CRYPTXXX, XORBAT, and POWERWARE) are known to self-destruct after it successfully conducts its routine. This means that traditional file-based detection will be insufficient to defend the integrity of data and information.

Singapore is embattled with several ransomware

In Singapore, several ransomware families are observed to be extraordinarily active compared to the others. CryptoLocker, one of the most infamous ransomware, not only locks the system it infests, but also encrypts certain files found in the hard drive. Cryptowall 4.0 is known to feature improved communication capabilities and updated code that allows exploitation of more vulnerabilities than its previous version. TeslaCrypt targets niche groups of users including gamers, modders, and Steam users, spreads via spam emails and websites, and exploits a vulnerability in Adobe Flash Player. Jigsaw, mentioned above, has also been widely deployed to attack Singapore-based organizations and individuals.

“Trend Micro is continually and actively assessing the ransomware threat landscape so that we can quickly act in accordance by providing the most targeted and advanced support to our customers in Singapore.” said David Siah. “We recommend that organizations start re-evaluating their cyber security strategies and devise a multi-layered approach against ransomware.”

To help users and organizations fight against the dangers of ransomware, Trend Micro leverages its threat expertise to provide self-assessment and free ransomware tools: