GEORGE TOWN, March 18 — Ransomware attacks that are leveraging on the Covid-19 pandemic, is on the rise in Malaysia, according to an American cybersecurity company Palo Alto Networks.
Palo Alto Networks Head of Systems Engineering Malaysia, David Rajoo, said the most commonly targeted sectors by ransomware attackers are manufacturing, construction, wholesale and retail, energy, transportation, utilities and fast-moving consumer goods.
“In many instances, some of these ransomware attacks are leveraging Covid-19, luring employees in through suspicious links, such as information on important matters such as vaccinations and links to video or audio-conferencing tools,” he said in an email interview with Malay Mail.
He said companies are now more vulnerable due to hybrid working practices where employees are working on unsecured personal networks and security teams will have to protect a more distributed workforce.
“This challenge is also further exacerbated as attackers are now studying their victims and networks more closely, moving away from a mass, high-volume approach to more sophisticated and targeted attacks,” he said.
He warned that ransomware attackers are also increasingly moving towards double extortion, which means that ransomware operators not only encrypt data to force a victim into paying a ransom, but they go a step further by extracting the data prior to encrypting.
They will then threaten to post the files on a public or dark web leak site and if the victim does not pay up, the stolen data is posted on the leak sites.
“Based on our findings as of January 2021, one victim from Malaysia so far has had their data published on dark web leak sites as a result of a double extortion attack,” he said.
Similarly, there was one victim each in Singapore and Thailand, bringing the total number for the region to three cases.
David believed that ransomware is likely to continue to be a challenge for Malaysian companies, especially smaller ones that may not have access to cybersecurity resources to manage these threats.
“Ransomware poses a significant threat to companies in Malaysia and Asean, pushing out an ever-increasing volume of malicious emails to businesses and consumers alike,” he said.
He said the Cyber Security Agency of Singapore (CSA) received twice as many reports of ransomware between January and October 2020 as compared to the whole of 2019, while authorities in Thailand reported similar attacks on government hospitals and companies.
“While the impacts of such attacks may vary, the consequences can be devastating, ranging from the leaking of sensitive information, severe damage to a business’s reputation and penalties, to a complete disruption and shut down of operations,” he said.
For example, a major hospital system in the United States was forced to resort to pen and paper when its computer systems failed as a result of a ransomware attack.
He said with more Malaysians moving towards digitalisation, the rate of ransomware will likely increase which could impede Malaysia’s digital economy growth ambitions.
“Businesses, especially SMEs, will need to be well-versed in cyber hygiene best practices, adopt a zero-trust approach with AI-powered tools and have a reliable, thorough back-up and recovery process in place to protect their entire ecosystem,” he said.
According to a report released by Unit 42, the global threat intelligence team at Palo Alto Networks, cyber criminals are demanding more money where the average ransom payment has almost tripled from RM472,982 (USD115,123) in 2019 to RM1.28 million (USD312,493) in 2020.
The report revealed that the highest ransom payment doubled from RM20.5 million (USD5 million) in 2019 to RM41.08 million (USD10 million) in 2020.
The top three countries impacted globally, in which victim organisations had their data published on leak sites, were the United States (151 victims or 47 per cent), Canada (39 victims or 12 per cent) and Germany (26 victims or eight per cent).
The average ransom demands, in bitcoin or Monero cryptocurrency, in 2020 was RM3.48 million (USD847,344) but the costs accrued due to a ransomware incident ranged from RM303,416 (USD73,851) to RM854,054 (USD207,875).
The report found that there are at least 16 different ransomware variants that are threatening to expose data or utilising leak sites.
“The world changed with Covid-19, and ransomware operators took advantage of the pandemic to prey on organisations — particularly the healthcare sector, which was the most targeted vertical for ransomware in 2020,” the report stated.
A ransomware attack consists of the ransomware operator encrypting data and forcing the victim to pay a ransom to unlock it.
In the case of double extortion, ransomware operators steal the data and encrypt it to demand a ransom from victims and if the victim doesn’t pay, the data is released to leak sites or dark web domains.