Ransomware attacks surge in Southeast Asia with 57,000 cases

Kaspersky has reported that over 57,000 ransomware attacks were detected in Southeast Asia during the first half of 2024, with Indonesia accounting for the highest number of incidents.

The company cited the region's growing digital economy, strategic position as a finance and technology hub, and varying levels of cybersecurity infrastructure as factors contributing to Southeast Asia being a prime target for ransomware attacks. Large organisations and SMEs were identified as frequent targets.

"In general, cybercriminals, including ransomware groups, are eyeing critical infrastructure and vulnerable sectors such as financial, public services, manufacturing and healthcare. Essentially, they are opportunists that are after targets big on cash," said Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

In addition to Indonesia, where 32,803 incidents were blocked, the Philippines experienced 15,208 ransomware attacks, and Thailand saw 4,841 cases. In Malaysia, 3,920 attacks were recorded, followed by Vietnam with 692 and Singapore with 107 incidents.

Hia warned of the severe impact ransomware attacks could have on organisations, saying, "The impact of a ransomware attack can be very devastating, financially and reputationally. Not only do organisations require high levels of resources to address the aftermath, they also face the consequences of operation disruptions and downtime, followed by recovery time. These are not options, especially for critical infrastructure and service providers."

High-profile attacks in the region have targeted institutions such as the Indonesia National Data Centre, Malaysia's public transport operator, and a local health pharmacy chain. Other incidents involved a health insurance provider in the Philippines, a famous restaurant group in Singapore, and major firms in Vietnam, including a brokerage firm and a gasoline service company.

Hia noted the importance of collaborative efforts to combat ransomware, stating, "While there are growing global efforts to combat ransomware such as the No More Ransom initiative, of which Kaspersky is a part for the eighth consecutive year, and some governments in the SEA region have enacted cybersecurity laws while others are working towards the same, it can never be reiterated enough that companies and organisations also have their parts to play to bolster cybersecurity defence."

Kaspersky offered several recommendations to help businesses protect against ransomware attacks. These include regularly updating software to prevent vulnerabilities, installing patches for commercial VPNs, regularly backing up data, avoiding pirated software, and ensuring comprehensive supply chain audits.

Additional recommendations include restricting public exposure of remote management services, monitoring network access rigorously, setting up a security operation centre, utilising threat intelligence, and improving employee cybersecurity literacy. Kaspersky highlighted using resources like the Kaspersky Automated Security Awareness Platform for employee education.

Kaspersky further suggested employing their professional services to optimise IT department workloads and subscribing to managed services for those lacking specialist IT security staff. They also recommend solutions like Kaspersky Small Office Security for very small businesses.