Malaysian companies ripe targets for ransomware: Trend Micro
By Lum Ka Kay November 6, 2015
- 73% surge in ransomware attacks among Malaysian companies
- Solutions providers struggling, best measure is still data backups
A TOTAL of 311 companies and 165 individual or home users in Malaysia were the victims of ransomware in the third quarter of 2015, according to Trend Micro Inc.
Ransomware attacks against companies surged approximately 73% from the second quarter, while individual or home users suffered an increase of 51% in such attacks.
Ransomware is a type of malware which locks up the data on its victim’s computer by encrypting it. The attacker then demands payment of some sort to release the decryption key.
“Based on these figures from our user base, businesses are the biggest victim of all, compared with individual and home users,” Trend Micro manager of technical sales Law Chee Wan told a media briefing in Kuala Lumpur on Nov 5.
He said that crypto ransomware is also an increasing threat in Malaysia. The newer variant of ransomware includes CryptoLocker, CryptoDefense and CryptoWall.
The infection rates from them may be quite low, but the numbers indicate that crypto ransomware is posing an increasing threat to Malaysian businesses, especially small and medium enterprises (SMEs), according to Law.
Saying that the cybercriminals behind crypto ransomware were becoming more sophisticated, Law also pointed out that the bitcoin cryptocurrency is the most preferable payment choice.
“Bitcoin makes it more difficult for the authorities to trace the attackers because it gives them greater anonymity,” he said.
Law said users can also be infected when they unknowingly download ransomware from compromised websites, or from spam emails or other types of malware. They are usually directed to the false sites by phishing emails.
“Many ransomware websites are exceptionally like legitimate websites, making it difficult for users to determine the website’s legitimacy,” said Law.
“Most of these ransomware websites even have their own support page to guide victims on how to make their ransom payment,” he said, adding that the attackers will usually require the victims to send the transfer ID (identification) of the bitcoin transaction as proof of payment.
Once the transaction is completed and proven, the attacker will send the victim instructions on how to decrypt the encrypted files.
According to Law (pic above), there are several challenges when it comes to dealing with ransomware, which security solutions providers are struggling with.
“[Ransomware] campaigns are executed with multiple techniques to evade detection across varying protection layers,” he said.
Users should constantly update their security software when there is an update available, he noted.
“Up-to-date security software adds an extra layer of protection – update it regularly so it can protect you against the latest ransomwares variants,” he added.
But the best security measure against ransomware attacks is the good old practice of backing up data regularly.
“Practice the 3-2-1 rule – three backup copies of your data on two different media, and one of those copies placed in a secured separate location,” Law said.
Trend Micro recently published an analysis on data breaches titled Follow the Data: Dissecting Data Breaches and Debunking the Myths. The full report is available here.
Public sector increasingly targeted: Trend Micro Q2 2015 roundup
165% surge in new ransomware in Q1 2015: McAfee Labs
Understanding crimeware exploit kits, fighting Angler
Know thine enemy: Old dogs still sporting old tricks