Ransomware back with a vengeance, Singapore a ripe target
By Benjamin Cher June 3, 2016
- Spike in ransomware attacks in Singapore, likely to increase
- Pay the piper, and you end up encouraging more such attacks
RANSOMWARE is on the rise, with reports of hospitals and critical infrastructure being hit by such attacks – and Singapore is on the crosshairs, according to cybersecurity company FireEye Inc.
In a statement, the company said it recorded a dramatic increase in the number of attacks in Singapore, from one in January 2016 to 155 in March. There were 26 recorded attacks in February.
These attacks are on the uptrend because of the greater ease of access and the increasing ways of monetising victims, according to Anthony Ng, FireEye senior director of systems engineering for Asia Pacific and Japan.
“The easy access and anonymous element of these [ransomware] tools allow hackers to conduct attacks and get results,” he told Digital News Asia (DNA) in Singapore.
“These days, their target audience is broad, from consumers to enterprises, and they have increasing means of monetising attacks,” he added.
Attackers are mindful of the markets they hit and will price recovery based on the market. “If it is low enough, the victim will pay – there’s nothing much the authorities can do,” said Ng.
The disk world, the ‘other’ Panama
Ransomware is almost as old as the PC revolution. One of the earliest recorded ransomware incidents was in 1989, according to Trend Micro Inc chief technology officer Raimund Genes (pic).
“It was distributed by floppy disks to over 20,000 attendees at a health congress, and it encrypted their computers,” he told DNA.
“It was a simple encryption so you could divert it, but [the attacker] asked for US$189 to be sent to an account in Panama.
“It was a typical model of ransomware, but back then it was not so sophisticated or scalable,” he added.
Today, there are added complications such as crimeware-as-a-service, where even a layman can buy cybercrime toolkits.
But criminals are turning to ransomware as a quicker way to earn money, according to Genes.
The first examples of ransomware did not encrypt your files, but changed the boot sequence of your computer, something which only tech-savvy users could easily fix.
“Now almost everything is crypto-ransomware, which encrypts all your documents and pictures – sometimes everything, including your master boot record – holding you to ransom until you pay,” he said.
“After you pay, you will get your data back – this is because the bad guys have an interest in showing that the ‘service’ is working.
“If the service doesn’t work – that is, if you pay and don’t get access back – you’ll tell your friends, and this ransomware will get a bad reputation.
“Then the likelihood of your friends paying is lower, so the bad guys have an interest in letting you get access back,” he added.
But Genes still recommended not paying these cybercriminals, as you would only be giving them an incentive to continue such attacks.
“When you pay, you fuel cybercrime and incentivise cybercriminals.
“On the other hand, if you haven’t done the security basics like backups, then you are in trouble,” he conceded.
Targeting and defending
While it seems that ransomware is hitting a broad swathe of users, from consumers to small and medium enterprises (SMEs) and even large companies, there is an emerging trend of targeted attacks.
“Threat actors are going after critical infrastructure like hospitals and utility companies – those are in the news,” said FireEye’s Ng (pic).
“They are going after organisations that can’t live without their data, like hospitals. If you get hit by ransomware, what do you do? You either pay or your patients get affected – and the ransom won’t be as low US$300,” he added.
While the increase in Singapore might seem dramatic, Trend Micro’s Genes remarked that this is not region-specific but global.
“If [someone] in Singapore considers starting a ransomware attack, he will use specific messages to use in Singapore because he is local, but he will buy an international toolkit and infrastructure,” he said.
“His skills would be that he knows the local market and what messages [to lure users] work, and he knows whom to target.
“And that’s the scary part – if for example, out of 100, 10 local users click on the message, and one of them pays a day, it is a good business at US$300 daily,” he added.
Meanwhile, FireEye’s Ng warned that there is no silver bullet to defend against such attacks.
“Not browsing dubious websites or downloading pirated software that may have ransomware bundled in it, those are good practices no matter what,” he said. “Don’t open emails from uncertain sources.”
Businesses, for their part, need to have a good backup strategy as well, beyond just using security solutions, Ng advised.
“Bear in mind that ransomware mutates constantly and your security solutions may not detect them all the time,” he said.
“Make sure the backups are not connected either, as ransomware attacks have been known to look for network storage to delete or encrypt the files there as well,” he added.
But it is consumers and SMEs which lack the resources and education to prevent such attacks that end up being the main victims, according to Trend Micro’s Genes.
“The problem of what I see here in Singapore is SMEs and end-users, like everywhere else, they are the main victims and targets for ransomware,” he said.
“And because SMEs normally don’t have the know-how, if one person in the organisation gets infected, everyone gets infected as well,” he added.
VirLock, the first shapeshifting ransomware
Malaysian companies ripe targets for ransomware: Trend Micro
Fortinet warns of ransomware targeting mobile devices
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.